• Perform vulnerability testing and reporting • Perform various cybersecurity functions • Support the organization’s cybersecurity, compliance, and consulting practice in delivering various IS027K, HITRUST, HIPAA, and NIST Compliant governance and security services. • Assist in performing Risk Assessments to ensure compliance with IS027K, HITRUST, PCI DSS, HIPAA, and NIST. • Assist in writing and updating IS027K, HITRUST, PCI DSS, HIPAA, and NIST Compliant Policies and Procedures. • Interpretation of industry or regulatory requirements and apply them to business operations • Create or choose an approach or procedure from a variety of complex options for addressing a work task. • Interface with clients, analysts, and project managers to clarify requirements and documentation. • Review literature and documentation and compares such to current practices relevant to the solution of assigned projects. • Work with various Quality Assurance standards to review detailed documents, policies, procedures, and related materials. • Assist other team members with their assignments as required. • Orchestrate the planning of various reports, preparation of audit and compliance programs, performing testing procedures, drafting respective reports for presentation, and assessing management action plans. • Develop status and analysis reports and presentations for regular review. • Create other highly detailed documentation for internal and external use.

• Provide The Center for Food Safety and Applied Nutrition (CFSAN) IT System Lifecycle Development and Management Support Services on behalf of the Food and Drug Association (FDA). • The FDA is seeking Small Business (SB) sources to determine the availability and capability of small business manufacturers or small businesses capable of IT System Lifecycle Development and Management Support Services. • The Single Award Blanket Purchase Agreement (BPA) will be awarded by the FDA contracting manager. • The Center for Food Safety and Applied Nutrition (CFSAN) is the branch of the United States Food and Drug Administration that regulates food, dietary supplements, cosmetics, drugs, biologics, medical devices, and radiological products. • The scope of this contract is to provide the full range of technical and management services necessary to develop, maintain, and enhance CFSAN systems.

GC AI is the fastest-growing and most trusted legal AI platform for in-house legal teams. We're building the future of legal work, and we're doing it fast. You'll join at a pivotal moment—when decisions matter, impact is immediate, and the runway to shape your career is wide open. We’re a high-performing team where you'll have real ownership and influence from day one. More than 1,300 companies use GC AI to drive their business forward, including 150+ public companies, 25+ unicorns, and brands such as News Corp, Miro, Bass Pro Shops, Snyk, Skims, Liquid Death, Vercel, Zscaler, and TIME. We've 10x'd revenue in 12 months, raised a $60 million Series B ($555 million valuation), and are growing faster than ever. We are backed by incredible investors, including Scale Venture Partners, Northzone, Sound Ventures, and Guillermo Rauch, CEO of Vercel. If you thrive when the stakes are high and the path isn't paved, you'll love it here. Our six guiding principles are: 1% better every day, customer obsession, ship today, find a way, care deeply, and own it completely. Come shape the future of legal work with us. Location We are hiring for this role to be based in the United States or Canada. This is a remote role unless you fall within the following parameters. If you live within approximately 50 miles of our San Mateo, CA or Provo, UT office, the position follows a hybrid schedule with in-office days on Mondays, Wednesdays, and Fridays. About The Role Help harden, simplify, and operationalize a TypeScript-based production system used by security-conscious, legal/regulatory, and enterprise customers. This is not a feature-churn role – though you may contribute directly to product experiences. The core need centers on security, auditability, infrastructure correctness, and customer trust, with occasional forward-deployed and sales-adjacent work when deep technical context is required. A major component of this role will be to collaborate to form and evangelize engineering direction and culture with respect to security needs. If you’re comfortable owning security surfaces end-to-end—code, cloud, and customer conversations—this role will suit you. We’re an AI-forward environment and (responsibly) use AI tools like Cursor and Claude Code for our work. What You'll Do - Help unify logging, security events and other auditability functionality within our platform. - Work with legal and sales to help communicate security posture, functionality, and compliance. - Work with DevOps and other engineering functions to promote and maintain strong security positions, clear auditability, tight network boundaries, and alignment with security, compliance, and customer needs. What You Bring - Strong experience with TypeScript across backend and frontend. - Production experience with Google Cloud Platform (IAM, service accounts, project isolation). - Experience with infrastructure as code (Terraform, Pulumi, or similar). - Practical experience designing or implementing: - Audit logs and SIEM experience - Access controls / complex roles, organizations, and permissioning - Security-relevant telemetry - Ability to reason about real risk vs. checklist compliance. Nice to Have - Experience acting as a technical lead either on a team or a vertical, strong soft skills. - Familiarity with security questionnaires, vendor risk reviews, SOC 2, and audits. - Prior work in regulated or compliance-heavy environments. - Comfort working directly with customers or sales in technical contexts. A Note On Pace We’re building something new in a once-in-a-generation shift in technology and the legal industry, so we move at a relentless pace. We expect urgency, ownership, and good judgment even when things aren’t perfectly clear. If you need structure and consensus to do your best work, this isn’t the right place for you. If you thrive in ambiguity and growth, work with intensity, and want real responsibility, keep reading. We’re excited to meet you. Compensation GC AI's compensation package includes a competitive base salary benchmarked against real-time market data, as well as meaningful equity and excellent benefits for all full-time roles. Our US-based compensation range for this role is $165,000 – $350,000. This range spans four levels, from mid-level to Principal. Final compensation will vary based on leveling, market conditions, geographic location, and candidate qualifications, including relevant knowledge, skills, and experience assessed during the interview process. These compensation bands are just the starting point. After someone joins and proves they’re an exceptional performer, we adjust quickly to ensure their compensation aligns with their impact. Equal Opportunity Employment GC AI is an equal opportunity employer that supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class. GC AI is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. #LI-GCAI Fraud Notice to GC AI Applicants To protect yourself against phishing and recruitment fraud, please note that GC AI only accepts job applications through our official careers page at https://gc.ai/careers and through sponsored jobs on LinkedIn. All legitimate communication from our team regarding job opportunities will come from a GC AI team member with a @gc.ai or @getgc.ai email address. GC AI will never: - Refer you to external websites to apply - Conduct interviews over email, chat platforms, or messaging apps - Ask you to provide payment or purchase equipment - Request personal or financial information such as your mailing address, social security number, credit card numbers, or banking information during the application process Examples of fraudulent email addresses: - info.gcai.careers.com@gmail.com - info.gc.aicareers.online.com@gmail.com - Any email address ending in @gmail.com, @yahoo.com, or other free email services If you are contacted by someone claiming to be from GC AI via an unofficial channel or from a suspicious email address, please do not share any information. Mark the communication as "phishing" or "spam" and do not respond.

GC AI is the fastest-growing and most trusted legal AI platform for in-house legal teams. We're building the future of legal work, and we're doing it fast. You'll join at a pivotal moment—when decisions matter, impact is immediate, and the runway to shape your career is wide open. We’re a high-performing team where you'll have real ownership and influence from day one. More than 1,300 companies use GC AI to drive their business forward, including 150+ public companies, 25+ unicorns, and brands such as News Corp, Miro, Bass Pro Shops, Snyk, Skims, Liquid Death, Vercel, Zscaler, and TIME. We've 10x'd revenue in 12 months, raised a $60 million Series B ($555 million valuation), and are growing faster than ever. We are backed by incredible investors, including Scale Venture Partners, Northzone, Sound Ventures, and Guillermo Rauch, CEO of Vercel. If you thrive when the stakes are high and the path isn't paved, you'll love it here. Our six guiding principles are: 1% better every day, customer obsession, ship today, find a way, care deeply, and own it completely. Come shape the future of legal work with us. Location We are hiring for this role to be based in the United States or Canada. This is a remote role unless you fall within the following parameters. If you live within approximately 50 miles of our San Mateo, CA or Provo, UT office, the position follows a hybrid schedule with in-office days on Mondays, Wednesdays, and Fridays. About The Role Help harden, simplify, and operationalize a TypeScript-based production system used by security-conscious, legal/regulatory, and enterprise customers. This is not a feature-churn role – though you may contribute directly to product experiences. The core need centers on security, auditability, infrastructure correctness, and customer trust, with occasional forward-deployed and sales-adjacent work when deep technical context is required. A major component of this role will be to collaborate to form and evangelize engineering direction and culture with respect to security needs. If you’re comfortable owning security surfaces end-to-end—code, cloud, and customer conversations—this role will suit you. We’re an AI-forward environment and (responsibly) use AI tools like Cursor and Claude Code for our work. What You'll Do - Help unify logging, security events and other auditability functionality within our platform. - Work with legal and sales to help communicate security posture, functionality, and compliance. - Work with DevOps and other engineering functions to promote and maintain strong security positions, clear auditability, tight network boundaries, and alignment with security, compliance, and customer needs. What You Bring - Strong experience with TypeScript across backend and frontend. - Production experience with Google Cloud Platform (IAM, service accounts, project isolation). - Experience with infrastructure as code (Terraform, Pulumi, or similar). - Practical experience designing or implementing: - Audit logs and SIEM experience - Access controls / complex roles, organizations, and permissioning - Security-relevant telemetry - Ability to reason about real risk vs. checklist compliance. Nice to Have - Experience acting as a technical lead either on a team or a vertical, strong soft skills. - Familiarity with security questionnaires, vendor risk reviews, SOC 2, and audits. - Prior work in regulated or compliance-heavy environments. - Comfort working directly with customers or sales in technical contexts. A Note On Pace We’re building something new in a once-in-a-generation shift in technology and the legal industry, so we move at a relentless pace. We expect urgency, ownership, and good judgment even when things aren’t perfectly clear. If you need structure and consensus to do your best work, this isn’t the right place for you. If you thrive in ambiguity and growth, work with intensity, and want real responsibility, keep reading. We’re excited to meet you. Compensation GC AI's compensation package includes a competitive base salary benchmarked against real-time market data, as well as meaningful equity and excellent benefits for all full-time roles. Our US-based compensation range for this role is $165,000 – $350,000. This range spans four levels, from mid-level to Principal. Final compensation will vary based on leveling, market conditions, geographic location, and candidate qualifications, including relevant knowledge, skills, and experience assessed during the interview process. These compensation bands are just the starting point. After someone joins and proves they’re an exceptional performer, we adjust quickly to ensure their compensation aligns with their impact. Equal Opportunity Employment GC AI is an equal opportunity employer that supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class. GC AI is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. #LI-GCAI Fraud Notice to GC AI Applicants To protect yourself against phishing and recruitment fraud, please note that GC AI only accepts job applications through our official careers page at https://gc.ai/careers and through sponsored jobs on LinkedIn. All legitimate communication from our team regarding job opportunities will come from a GC AI team member with a @gc.ai or @getgc.ai email address. GC AI will never: - Refer you to external websites to apply - Conduct interviews over email, chat platforms, or messaging apps - Ask you to provide payment or purchase equipment - Request personal or financial information such as your mailing address, social security number, credit card numbers, or banking information during the application process Examples of fraudulent email addresses: - info.gcai.careers.com@gmail.com - info.gc.aicareers.online.com@gmail.com - Any email address ending in @gmail.com, @yahoo.com, or other free email services If you are contacted by someone claiming to be from GC AI via an unofficial channel or from a suspicious email address, please do not share any information. Mark the communication as "phishing" or "spam" and do not respond.