We make it easy to secure your cloud transformation. Get fast, secure, and direct access to apps without appliances.
Security Compliance Architect
Location
California
Posted
56 days ago
Salary
$143.5K - $205K / year
Seniority
Lead
Job Description
Security Compliance Architect
Zscaler
• Lead the design and implementation of security compliance architecture for cloud environments subject to FedRAMP and DoD IL5 requirements • Interpret and operationalize control requirements from frameworks such as NIST SP 800-53, FedRAMP, and the DoD Cloud Computing SRG • Partner with engineering and infrastructure teams to build compliant, scalable, and secure solutions • Drive audit readiness and serve as a compliance architect SME for assessors, auditors, customers, and internal stakeholders • Conduct gap assessments, identify control deficiencies, and partner with cross-functional teams to design and implement automation solutions for compliance operations
Job Requirements
- Foundational understanding of AI/ML technologies and experience leveraging, securing, or positioning AI-driven solutions to optimize outcomes within your functional domain
- 8+ years of experience in security compliance, security architecture, GRC, cloud security, or related fields
- Demonstrated experience with FedRAMP compliance programs, authorization support, and DoD IL5 requirements
- Deep familiarity with NIST SP 800-53 and applying security controls in cloud environments such as AWS, Azure, and/or Google Cloud
- Strong documentation, program management, and cross-functional collaboration skills with experience automating compliance activities.
Benefits
- Various health plans
- Time off plans for vacation and sick time
- Parental leave options
- Retirement options
- Education reimbursement
- In-office perks, and more!
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior Information Security Specialist
SmartRecruiters IncSmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters, an SAP company, delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald's, rely on SmartRecruiters to build winning teams. At SmartRecruiters, we are a values-driven, globally focused tech company with a bold vision for the future of work. We commit and dig deep, embracing challenges with grit, curiosity, and a drive for excellence. We foster a collaborative and inclusive work environment, where trust and determination bring us together. Because together, we will win. Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture - we take pride in creating a place where everyone can thrive.
Role Description SmartRecruiters is looking for a Senior Information Security Specialist to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters' applications, systems, and processes remain compliant with industry standards and regulatory requirements, including: - ISO 27001 - ISO 22301 - ISO 42001 - SOC 2 Type II - Cyber Essentials - GDPR - EU AI Act The successful candidate will combine strong GRC expertise with a technical, engineering mindset. Responsibilities include: - Driving compliance programmes across multiple frameworks. - Assessing security architectures and supporting forensic investigations. - Building automation to replace manual processes. - Providing hands-on guidance to engineering and security teams. - Identifying opportunities to engineer scalable, repeatable solutions. Qualifications - 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation. - Demonstrated compliance or auditing experience with at least one major framework. - Hands-on experience with incident response, including participation in security incident investigations. - Solid understanding of controls auditing principles and evidence management. - Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures. - Knowledge of risk management methodologies and experience conducting or supporting risk assessments. - Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision. - Strong understanding of technology, cloud-based products, and SaaS environments. - Experience working across business units and geographical boundaries. - Experience with ISO 27001. - Excellent written and verbal communication skills in English. Requirements - Experience with ISO 9001, 27017, and 27018. - Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing. - Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks. - Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements. - Experience with enterprise risk management frameworks and tools. - Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles. Benefits - Remote-friendly culture. - Competitive salaries. - Strong internal mobility ensuring meaningful growth opportunities. Company Description SmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald's, rely on SmartRecruiters to build winning teams. Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture.
Role Description Our client is seeking a motivated Junior Identity Security Metrics Consultant & Databricks Analyst to support enterprise identity security initiatives and data analytics efforts across modern identity and cloud platforms. The ideal candidate will assist in generating “metrics-that-matter” within identity ecosystems such as Okta and Ping while leveraging Databricks to extract, analyze, and report on operational and security-related data. This role requires a blend of identity security knowledge, analytical thinking, and data storytelling capabilities. The candidate will work closely with technical and business stakeholders to develop meaningful security metrics, support identity-related implementations, and create executive-level reporting that enhances visibility into authentication, access management, and enterprise security posture. The position demands strong communication skills, attention to detail, and the ability to collaborate across multiple functional teams in support of mission-critical identity and analytics initiatives. Responsibilities - Support identity security initiatives by developing and maintaining meaningful security metrics and reporting capabilities across enterprise identity platforms such as Okta and Ping. - Extract, analyze, and generate reports from Databricks environments to support operational insights, security initiatives, and data-driven decision-making. - Assist with leveraging artificial intelligence and machine learning (AI/ML) capabilities to improve fraud detection, identity authentication processes, and enterprise data quality initiatives. - Prepare presentations, dashboards, and executive briefings that effectively communicate trends, risks, and insights through storytelling with data. - Provide support for technical implementations related to identity and access management tools, including configuration, reporting, and data integration activities. - Validate data accuracy and integrity across identity systems and analytics platforms while identifying inconsistencies, reporting gaps, or data anomalies. - Work collaboratively with cross-functional teams, project stakeholders, and leadership to support identity security modernization efforts and analytics initiatives. - Maintain documentation, reports, and operational procedures related to identity metrics, analytics processes, implementation activities, and reporting standards. Qualifications - 1+ years of experience supporting identity security, data analytics, Databricks analysis, or related technical consulting initiatives in enterprise environments. - Experience supporting identity and access management (IAM) tools and platforms such as Okta, Ping, SailPoint, or similar enterprise identity technologies. - Hands-on experience using Databricks or similar analytics platforms for data extraction, reporting, dashboard creation, and operational analysis. - Familiarity with artificial intelligence and machine learning (AI/ML) concepts related to fraud detection, authentication analysis, anomaly detection, and enterprise data quality improvement. - Experience supporting technical implementations, integrations, reporting activities, or platform configuration related to identity security or analytics environments. - Ability to develop executive briefings, dashboards, presentations, and data-driven reporting materials for technical and non-technical stakeholders. - Strong verbal and written communication skills with the ability to collaborate effectively across multiple functional groups, leadership teams, and project stakeholders. - Bachelor’s degree in Computer Science, Engineering, Management Information Systems, Cybersecurity, Data Analytics, or an equivalent technical field. - Must be eligible to obtain and maintain a DoD Secret clearance. Preferred Qualifications - Familiarity with enterprise cloud environments, identity governance, authentication systems, or security operations processes. Benefits - Medical, Dental, and Vision Insurance - Holidays - Paid Time Off (PTO) - Life Insurance - Short Term Disability - Long Term Disability - 401(k) Plans - Career Development - Certifications - Training and Development
• Conduct comprehensive security assessments and risk analyses of systems, networks, infrastructure, and applications to identify vulnerabilities and drive improvements across both on-premises and cloud postures. • Lead the design, development, and implementation of security controls, tool integrations, security log onboarding, incident response plans, and automation for compliance checks, alerts, and reporting. • Own and manage the administration of core security platforms and technologies, including EDR, SIEM, DLP, vulnerability management, firewalls, and web application firewalls. • Perform technical security assessments, penetration testing, code audits, and offensive/defensive security exercises to continuously evaluate, strengthen, and validate detection and response capabilities. • Utilize AI tools and methodologies to improve productivity, automate threat detection, vulnerability scanning, and alerting, proactively identifying and mitigating emerging threats. • Provide expert guidance and mentorship to internal teams on SIEM, Incident Response, WAF, and evidence requirements for frameworks such as ISO27001, SOC2, PCI DSS, and NIST. • Continuously monitor security events, lead security investigations, and coordinate incident response activities during active security breaches. • Stay current with emerging technologies (including AI, machine learning, and IoT risks), trends, threat intelligence, security certifications, and compliance regulations. • Proactively advocate for process improvement and security innovation across the organization. • Prepare and deliver documentation and dashboards for stakeholders and customers, conveying actionable insights from security-related activities and findings.
Role Description Lead Cloud Infrastructure & SRE: - AWS (ECS, EKS, networking, VPCs, IAM) - Databases (PostgreSQL, Kafka, DynamoDB) - IaC standards, SLOs, error budgets, DR/BCP, and a sustainable on-call program Own CI/CD & Developer Experience: - GitLab CI across ~150 repos: build speed, reliability, test signal, release safety, environments, and paved roads for new services Drive Observability & Cloud Cost: - High signal logging/metrics/tracing/alerting stack - SLO instrumentation - Cloud cost attribution by team/service - FinOps practice Lead Application & Cloud Security end-to-end: - Secure SDLC, SAST/DAST/SCA - Vuln triage and SLAs - Secrets hygiene, IAM, CSPM Partner with IT to support compliance program, customer security questionnaires, and pen-test remediation. Own Vendor & Tooling Portfolio: - Build-vs-buy decisions - Vendor selection, POCs and lifecycle across observability, CI/CD, security, and incident management Grow and Develop the Team: - Hire, onboard, and mentor engineers - Actively participate in recruiting; interview candidates, provide calibrated feedback, and raise the bar - Conduct regular 1:1s, provide actionable feedback, and support career development for each team member - Build a culture of urgency, ownership, customer empathy, and continuous improvement Qualifications - 7+ years of infrastructure or SRE engineering experience - At least 3 years managing platform, infra, or SRE teams in a product-focused SaaS environment - Production AWS ownership — you've run HA workloads on AWS at scale - Infrastructure as code - you've built and scaled IaC practices using Terraform - CI/CD fluency — you've built or owned pipelines in GitLab CI, GitHub Actions, Jenkins, or similar - Observability ownership - you've built or evolved an observability stack - Incident command - you've run customer-facing major incidents - Application security - you've embedded security into the SDLC - Cloud security posture - you own IAM, secrets management, network segmentation, and CSPM - Compliance partnership - you've worked alongside IT on compliance programs - Deeply hands-on - you've kept your technical edge as your teams have grown - Bias for action - you default to doing, not delegating - Active AI adoption - you use AI-assisted tools as part of your daily workflow Preferred - B2B SaaS experience with Salesforce coupling — managed packages, org provisioning, integration patterns - CPQ, billing, or revenue domain — high-stakes correctness, audit-relevant data - Experience standing up a Platform Engineering practice or internal developer platform Tech Stack - Salesforce Platform: Apex, Lightning Web Components (LWC), SOQL, Flows, managed packages - Backend: Java (Spring Boot), Node.js, REST APIs, GraphQL - Frontend: React 16, TypeScript, Material-UI, Webpack - Database: PostgreSQL (AWS RDS), Salesforce SOQL/SOSL - Infrastructure: AWS (Lambda, SQS, S3), Kafka, Docker, GitLab CI/CD - AI Tooling: Claude Code, Windsurf, Copilot (used daily across engineering) - Collaboration: Jira, Slack, Gem, Fellow, Confluence


