Security GRC Engineer

About Us

We’re a combat-tested group of engineers, operators, and entrepreneurs who believe America’s edge depends on autonomous airpower that’s trusted and deployable today, not in 2040. Backed by tier-one investors, we’ve secured the runway - financial, regulatory, and literal - to move at startup speed while tackling a national-security mission that matters. We’ve structured the company for radical ownership: no silos, no “systems integrator” overhead, just tightly knit mission-focused IPTs that live and breathe the hardware and code they ship.

If you thrive where hard-tech ambition meets national-security urgency, you’ll build faster here than anywhere else. Let’s get after it.

Culture That Ships

Strong Core Values, Startup Execution. Integrity, Service Before Self, Excellence, Honor, Courage, Commitment—powered by a bias for action and a “figure it out” mindset.

Self-Starters Only. You’ll have clear objectives, a blank sheet of paper, and the trust (plus capital) to move fast. Bureaucracy stays out of your way.

One Team, No Tourists. Whether you’re tuning a control law at 2 a.m. or heat-treating a Ti-6Al-4V spar, everyone sweats the details. We celebrate wins together and own failures together.

What’s In It for You

Mission With a Pulse. Every line of code, bracket, or test you deliver expands the toolbox of the warfighter on Day 1 of a conflict.

Resources Without Red Tape. VC speed + DoD customer pull: access to test ranges, flight hours, and operator feedback while retaining startup agility.

Career-Defining Upside. Significant equity, best-in-class benefits, and the chance to see your product deliver in months, not decades.

About the Role

We’re looking for someone to take ownership of compliance and certification efforts this year and beyond. The most imminent need is CMMC L2, where work is already underway. In the future, you’ll own and maintain the certification process and expand into commercial frameworks like ISO27001. This role requires operating independently and moving fast in ambiguous environments, but we know that compliance is not simple and has lengthy timelines. Compliance frameworks bring requirements, your job is to bring streamlined approaches to those requirements that enable developers and users to do their job in ways that protect the company and their sanity.

What You’ll Do

• Define and build a GRC function alongside the Head of Security. This is primarily an IC role with significant latitude to define the program's direction and scope.
• Own and drive CMMC Level 2 certification end-to-end with support from leadership. This work is underway, you won’t be starting from zero.
• Identify and close gaps across the 110 NIST SP 800-171 practices; coordinate remediation with engineering, IT, and operations teams.
• Take ownership over and maintain necessary compliance evidence, to include a System Security Plan and related policies and procedures.
• Manage relationships with C3PAOs, external auditors, and DoD program offices.
• Alongside the greater security team, partner with engineering and program teams to embed compliance requirements early in development and procurement cycles.
• Keep leadership informed with clear, honest reporting on compliance posture and timeline risk.
• Automate evidence collection, control monitoring, and audit readiness workflows across cloud and SaaS environments.
• Stand up the compliance program infrastructure (policies, procedures, control mappings) for SOC 2 Type 2 and ISO 27001 in the future, using efficiencies from CMMC efforts to kick start the process.

What You’ll Bring

• 5+ years of experience in GRC, security compliance, or a directly relevant information security role.
• Demonstrated track record of strong written and verbal communication skills, adaptable to multi-disciplinary teams and seniorities.
• Hands-on CMMC or NIST SP 800-171 experience - you have done the work, not just consulted on it.
• Strong understanding of CUI handling, boundary scoping, and evidence collection in a defense contractor environment.
• Experience automating compliance workflows using GRC platforms (e.g., Drata, Vanta, IntelliGRC) and/or scripting.
• Demonstrated ability to work without a compliance team around you (yet): self-directed, organized, and clear with stakeholders.
• Familiarity with commercial compliance frameworks like ISO27001 and SOC 2 Type 2 and how CMMC can be used to jump start those processes.
• U.S. citizenship required

Bonus Points

• Strong experience with Microsoft cloud environments and tooling
• Prior leadership of a compliance team or ownership of a compliance program
• Prior scripting/coding experience to aid in automation
• CCP/CCA training or certification
• Current clearance (Secret or higher)
• Startup experience is a plus

Why You’ll Love Working Here (Compensation and Benefits)

Base Salary: $140,000 to $180,000 USD

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Atropos's total compensation package. Additionally, Atropos offers top-tier benefits for full-time employees, including:

• Platinum Healthcare Benefits: Atropos offers comprehensive medical, dental, and vision plans with 100% employer-paid premiums and little to no cost to you
• Basic Life/AD&D and long-term disability insurance 100% covered by Atropos, plus the option to purchase additional life insurance for you and your dependents
• Unlimited PTO, with minimum of 15 days enforced
• 20 weeks of paid Caregiver & Wellness Leave to care for a family member, bond with your baby, or tend to your own medical condition
• Family Planning & Parenting Support: Fertility (eg, IVF, preservation), adoption, and gestational carrier coverage with additional benefits and resources to provide support from planning to parenting
• Mental Health Resources: We provide free mental health resources 24/7 including therapy, life coaching, and more. Additional work-life services, such as free legal and financial support, available to you as well
• Tuition and professional development reimbursement for STEM, MBA, and licenses
• In-Office Daily Lunch catered 
• Company-funded child care stipend 
• Company-funded commuter benefits available based on your region.
• Relocation assistance (depending on role eligibility).
• 401(k) retirement savings plan - both a traditional and Roth 401(k). 6% employer matching contribution

The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process.

Atropos is an equal-opportunity employer committed to creating a diverse and inclusive workplace. The Atropos team is made up of incredibly talented and unique individuals. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process. If you are someone who is interested in disrupting the way the Department of Defense buys and operates unmanned weapon systems, please apply!