Security & Compliance Engineer

Are you the kind of security professional who likes turning findings into fixes? Do you enjoy working across AWS, Linux, and compliance-driven environments to keep systems secure and practical? If so, you may be the perfect fit for Grant Street Group!

Grant Street Group is a growing company providing SaaS products in areas such as electronic payments, auctions, and tax collection. We’re looking for a hands-on Security & Compliance Engineer to help maintain and improve the operational security of our linux based systems and services across hybrid AWS and on-prem environments. This role focuses on vulnerability management, security log management, control monitoring, remediation tracking, audit support, and cross-team coordination.

What you’ll do

• Support the day-to-day security posture of systems and services across cloud and on-prem environments.

• Review vulnerability findings from scanners, penetration tests, and other assessments, and help drive remediation to closure.

• Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, monitoring, and incident readiness.

• Support compliance and assessment activities related to GovRAMP/FedRAMP, PCI DSS, internal reviews, and third-party examinations.

• Use AWS security tooling effectively, support day-to-day security processes, and help translate security and compliance requirements into practical, durable operational outcomes

• Maintain documentation, procedures, and other operational artifacts so they stay aligned with the environment and current control expectations.

What makes you a great fit?

• 3+ years of experience in security engineering, security operations, infrastructure security, or security compliance.

• Hands-on experience working in Linux-based production environments and securing Linux systems.

• Experience securing AWS environments and using services such as IAM, CloudTrail, GuardDuty, Security Hub, Config, Inspector, and KMS.

• Working knowledge of vulnerability management, configuration management, logging, monitoring, access control, and incident response practices.

• Scripting experience in Python, Bash, PowerShell, or similar for automation, security operations, and reporting tasks.

• Strong written and verbal communication skills, with the ability to move issues from discovery through remediation across multiple teams.

Experience with any of the following is a plus

• Experience supporting regulated or highly audited environments.

• Familiarity with GovRAMP, FedRAMP, PCI DSS, SOC examinations, or similar frameworks.

• Experience reviewing scanner output, penetration test findings, or security monitoring alerts and helping drive remediation.

• Familiarity with POA&M tracking, exception handling, and remediation coordination.

• Experience working across both cloud and legacy infrastructure.

• Comfort using AI tools responsibly to support workflows such as triage, investigation, scripting, documentation, and reporting.

• Experience with security data lakes, OCSF schema management, or security data transformation pipelines.

There is minimal travel: typically 2-3 weeks per year for on-site meetings. 

We reward teamwork, professional excellence, and individual responsibility. Using the best collaboration tools available, we offer a technology-rich work environment that makes it possible for us to support the needs of our employees.