Plaid
Security Engineer, GRC
San Francisco HQ (Remote)$156k–$213.6kfulltimemidAdded today
About this role
Build GRC Engineering at Plaid by transforming manual compliance work into scalable, automated systems that provide continuous evidence collection and real-time risk visibility. Own the technical architecture for governance, risk management, and audit automation across the security organization.
What you'll do
- Design and build the engineering foundation for GRC — codified controls, policies, and framework mappings as structured, version-controlled data fed by live pipelines
- Architect continuous controls monitoring to automate evidence collection, testing, and drift detection across cloud and internal systems
- Create dashboards and data-driven reporting to surface risk posture and control metrics to leadership in real time
- Conduct security and technology risk assessments using data to inform mitigation decisions and reduce manual overhead
- Automate operational toil including evidence pulls, access reviews, vendor questionnaires, and risk-register maintenance
- Embed compliance checks into CI/CD as policy-as-code and explore AI-driven workflows for continuous compliance
What they're looking for
- Systems design and architecture for large-scale automation
- Cloud infrastructure and monitoring (AWS, GCP, or similar)
- Data pipeline design and ETL
- Scripting and automation (Python, Go, or similar)
- Compliance frameworks (SOC 2, ISO, NIST, FedRAMP)
- Security and risk assessment methodologies
- SQL and data analytics
- Internal tools and platform engineering
Opens the official application on the employer’s site. No login required.
Plaid
Plaid builds infrastructure that connects users to their financial data and enables secure financial transactions through APIs and integrated experiences. The company is hiring Full Stack Software Engineers, Backend Engineers, Security Engineers, and Sales Engineers to develop and support its platform for millions of users.
- Website
- plaid.com
Likely interview questions
- Walk us through how you'd design a system to collect and normalize control evidence across multiple compliance frameworks (SOC 2, ISO, NIST) from a single source of truth.
- Describe a time you automated a manual, recurring security or compliance process — what was the biggest challenge and how did you overcome it?