Overview:OverviewSeeking a hands-on
GRC Engineer with strong backend engineering expertise and experience building secure, scalable, compliance-driven systems. Ideal candidate combines
software development + cloud engineering + compliance frameworks (not audit-only).
Key Responsibilities- Design and develop backend services (Python) with REST APIs
- Build and maintain microservices-based architectures
- Implement secure, scalable systems aligned with compliance standards
- Develop compliance automation, governance workflows, and audit-ready platforms
- Integrate security controls into CI/CD pipelines (DevSecOps)
- Work with cross-functional teams across security, compliance, and engineering
Must-Have Skills- Strong hands-on Python backend development (REST API)
- Experience with microservices architecture
- Expertise in Docker, Kubernetes, AWS (preferred)
- Strong understanding of GRC/compliance frameworks:
- SOC 2, ISO 27001, NIST, FedRAMP
- Experience building:
- Compliance automation systems
- Risk/control platforms
- Governance workflows
- Strong security implementation knowledge:
- RBAC, OAuth2, JWT
- Encryption, IAM
- Audit logging, secure coding practices
- Experience with CI/CD + DevSecOps integration
- Strong database skills:
- SQL/NoSQL (PostgreSQL, MongoDB, Oracle)
- Builder mindset (hands-on engineering; not just audit/policy)
Core Technical Stack (From Screening Notes)- Node.js, React.js
- Database schema design
- JSON handling
Good to Have- Node.js / FastAPI / Flask experience
- Real-time compliance or governance platforms
- Experience in regulated industries (banking, fintech, healthcare)
- Infrastructure as Code (Terraform, CloudFormation)
- Monitoring/observability tools:
- Prometheus, Grafana, Datadog, CloudWatch
- Exposure to GenAI / AI-driven compliance automation
- Data governance, lineage, audit traceability
- Agile, DevSecOps, secure SDLC practices
- Strong communication with compliance/security stakeholders
Important Screening Criteria- Must be a technical GRC Engineer (developer-first profile)
- Not suitable for:
- Pure GRC consultants
- Audit-only profiles
- SOC analysts without engineering experience
