Compliance Automation Engineer

About Vercel

Vercel empowers developers with the tools and cloud infrastructure to build, scale, and secure a faster, more personalized web. As the driving force behind v0, Next.js, and AI SDK, Vercel supports leading companies like Ramp, Supreme, PayPal, and Under Armour in developing for the AI-native web. Our mission is to enable the world to ship the best products by fostering an environment where everyone can excel. Whether you're building on our platform, assisting customers, or shaping our brand, you can truly ship things here.

About the Role: Compliance Automation Engineer

We are seeking a Compliance Automation Engineer to join Vercel's Governance, Risk, and Compliance (GRC) team. This pivotal role offers the chance to significantly enhance our global compliance posture and reinforce our dedication to managing enterprise risk. You will be instrumental in ensuring adherence to security requirements and cultivating a culture where security is everyone’s responsibility. Reporting to the Head of GRC, you will contribute to shaping the future of our GRC program and further embed data governance principles and compliance requirements across the business.

For candidates within a pre-determined commuting distance of our SF, NY, London, or Berlin offices, the role involves in-office anchor days on Monday, Tuesday, and Friday. If you are located beyond this distance, the position is fully remote. Please consult our recruiting team for specific location details.

Getting Started

We prioritize your integration into the team from day one. Our team will guide you through our product, policies, processes, team structure, and roadmap, ensuring a smooth transition. We're excited for you to learn, grow, and contribute immediately. While we trust you bring valuable experience and knowledge to uplift the team, we don’t expect you to have all the answers on your first day.

What You Will Do

• Design and automate control testing and evidence collection to minimize manual effort and enhance accuracy.
• Build and maintain scripts and APIs across various infrastructure, endpoints, and SaaS platforms (e.g., AWS, GitHub, Okta) that integrate with compliance tooling.
• Support regular internal and external audits, including SOC 2, ISO 27001, and PCI DSS, by ensuring robust control monitoring.
• Champion security, compliance, and data governance strategies and processes, covering data deletion, retention, storage, and more.
• Utilize AI/ML tools to boost efficiency and improve outcomes for GRC processes and the overall compliance posture.
• Define technical control requirements and collaborate with internal partners to embed compliance checks into CI/CD pipelines and infrastructure deployment workflows.

About You

• Proven experience in scripting or automation, specifically within security, infrastructure, or GRC contexts.
• In-depth knowledge of audit processes, evidence requirements, and remediation actions for key security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS).
• Proficiency in writing scripts and basic code for automating audit and evidence gathering tasks.
• Ability to develop API endpoints and command-line tools, work with structured data (JSON, CSV, YAML), and extract compliance-relevant information from security, IT, and GRC systems.
• Experience owning projects, building collaborative relationships with both technical and non-technical teams, and successfully driving initiatives to completion.

Bonus If You Have

• Familiarity with data governance, compliance, or software development tools and systems (e.g., Drata, Satori, Github).
• Experience with frontend cloud, AI/ML systems, and open-source development.
• Experience with FedRAMP or NIST frameworks, such as 800-53, 800-171, RMF.
• Security certifications (e.g., CISA, CISSP).

Benefits

• Competitive compensation package, including equity.
• Inclusive Healthcare Package.
• Opportunities for learning and growth, including mentorship and attendance at industry events to expand your network and skills.
• Flexible Time Off.
• Provision of necessary work gear and a WFH budget to equip your home office.

The San Francisco, CA base pay range for this role is $128,000.00 - $222,000.00. Actual salary will be determined based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process.

Vercel is dedicated to fostering and empowering an inclusive community. We do not discriminate based on race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. We encourage all qualified individuals to apply for our positions, even if they don't meet every single requirement listed.

Key skills/competency

• Compliance Automation
• GRC
• Security Frameworks
• Scripting (Python)
• API Development
• Audit Support
• Data Governance
• Cloud Platforms (AWS)
• CI/CD Integration
• Risk Management