Security GRC Engineer

Cursor5 months ago

Location

SF / NY

Type

Full Time

Salary

USD 140,000 – 200,000

Level

Mid

Role

Security Engineer

Posted

Oct 9, 2025

Full TimeMid

The role

Summary

Cursor, a fast-growing AI coding platform, is seeking a Security GRC Engineer to design and scale their governance, risk, and compliance program. This role combines technical automation with strategic program development, working with frameworks like SOC 2 and ISO 27001 to build customer trust and enable business growth.

What you'll do

GRC Program Development: Design, implement, and scale governance, risk, and compliance programs aligned with SOC 2, ISO 27001, ISO 27701, and ISO/IEC 42001 standards

Compliance Automation: Lead automation of compliance workflows, evidence gathering, and continuous control testing to reduce manual overhead

Security Tool Development: Build self-serve tools and automation to streamline customer security diligence and enable GTM teams

Monitoring and Alerting: Optimize compliance monitoring systems, implement alerting mechanisms, and provide guidance on security finding remediation

Risk Assessment and Documentation: Generate security program KPIs, maintain platforms for documenting risks and controls, and conduct security assessments

Cross-functional Collaboration: Partner with engineering, GTM teams, auditors, and business stakeholders to define and implement security requirements

Policy and Training Management: Maintain corporate security policies, map them to compliance frameworks, and drive company-wide security awareness programs

Vendor and Product Security Reviews: Conduct security compliance reviews for new products, features, and third-party vendor integrations

Customer Security Support: Support sales and customer success teams by providing scalable solutions to address customer security concerns

Audit and Regulatory Management: Lead interactions with external auditors and regulators to ensure successful compliance assessments

What we look for

Technical

GRC Framework ExpertiseHands-on experience with SOC 2, ISO 27001, ISO 27701, and ISO/IEC 42001 compliance frameworks

Automation and ScriptingStrong technical skills in Python, JavaScript, or similar languages for building compliance automation tools

Cloud SecurityExperience with cloud security services (AWS, GCP, Azure) and infrastructure security controls

Security Tools IntegrationProficiency with GRC platforms like Vanta, Drata, or similar compliance automation tools

API DevelopmentAbility to build and integrate APIs for compliance data collection and reporting

Database ManagementExperience with SQL and NoSQL databases for compliance data storage and analysis

Education

Bachelor's DegreeBachelor's degree in Computer Science, Information Security, Engineering, or related technical field

Security CertificationsProfessional certifications such as CISSP, CISA, CISM, or cloud security certifications preferred

Experience

GRC Experience3-5 years of experience in governance, risk, and compliance roles with technical implementation focus

Software Engineering BackgroundPrior experience in software engineering or DevOps with understanding of SDLC security integration

Enterprise SecurityExperience working with enterprise customers on security requirements and compliance frameworks

Cross-functional CollaborationProven track record of working effectively with engineering, product, sales, and executive teams

Skills

Required skills

GRC FrameworksDeep knowledge of SOC 2, ISO 27001, ISO 27701, and ISO/IEC 42001 standards and implementation

Programming and AutomationProficiency in Python, JavaScript, or Go for building compliance automation and monitoring tools

Cloud SecurityUnderstanding of cloud security architectures, controls, and compliance in AWS/GCP/Azure environments

Risk AssessmentAbility to conduct comprehensive security risk assessments and develop mitigation strategies

Project ManagementStrong organizational skills to manage multiple compliance initiatives and audit cycles simultaneously

Communication SkillsExcellent written and verbal communication for interfacing with auditors, customers, and internal stakeholders

Nice to have

AI/ML SecurityUnderstanding of AI/ML security considerations and emerging standards like ISO/IEC 42001

DevSecOpsExperience integrating security controls into CI/CD pipelines and development workflows

Privacy RegulationsKnowledge of GDPR, CCPA, and other privacy regulations affecting software companies

Security ArchitectureExperience designing security architectures for SaaS platforms and developer tools

Vendor Risk ManagementExperience with third-party risk assessment and vendor security evaluation processes

Incident ResponseUnderstanding of security incident response procedures and compliance reporting requirements

Compensation & benefits

Salary

USD 140,000 – 200,000 (annual)

Stock options

Available

Benefits

Equity Package

Competitive equity package in a fast-growing AI company with significant upside potential

Health Insurance

Comprehensive health, dental, and vision insurance coverage for employees and families

Office Perks

Beautiful in-person offices in North Beach San Francisco and Manhattan NYC with well-stocked libraries

Learning and Development

Budget for conferences, certifications, and professional development in security and compliance

Flexible PTO

Generous paid time off policy to maintain work-life balance

Equipment

High-end laptop and equipment stipend for optimal productivity

Team Culture

Work with a talent-dense team in a flat organization structure with spirited debate and creative freedom

Interview process

1
Application Review — Initial review of resume, cover letter, and portfolio focusing on GRC experience and technical skills
2
Recruiter Screen — 30-minute phone call with recruiting team to discuss background, motivation, and basic fit
3
Hiring Manager Interview — 45-minute video call with engineering leadership focusing on GRC program experience and strategic thinking
4
Technical Deep Dive — 60-minute technical interview covering compliance automation, security architecture, and framework implementation
5
Cross-functional Panel — Panel interview with engineering, product, and business stakeholders to assess collaboration and communication skills
6
Final Round — On-site visit (SF or NYC) including team lunch, office tour, and final interviews with senior leadership
7
Reference and Background Check — Professional reference checks and background verification including security clearance if applicable