GRC Engineer

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

ID.me is seeking a GRC Engineer to design, build, and operate AI agents that automate the compliance lifecycle across FedRAMP, ISO 27001, SOC 2, and Kantara accreditation programs.

This role is a technologist that focuses on solving GRC domain problems with automation and AI.. You will write code and build tooling to scale GRC capabilities and reduce the compliance burden.. You will own engineering AI capabilities while also have the skillset to dive into compliance issues as another set up hands..

The primary initial challenge is automated evidence collection. You will develop programmatic methods to extract evidence from source systems, feed it into evaluation agents, and enable continuous monitoring to replace traditional annual snapshots with ongoing automated assurance.

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance

Core Responsibilities

• Own the full development lifecycle for AI agents designed to automate evidence collection, evaluation, and continuous monitoring.
• Serve as the technical lead for LogicGate and our GRC SaaS integrations, ensuring the platform scales with our data needs.
• Develop programmatic methods to extract evidence from source systems (AWS, GCP, GitHub) and feed it into evaluation agents to replace traditional annual audits.
• Act as a high-bandwidth teammate capable of picking up slack in "traditional" GRC areas: policy authoring, change management, and manual controls enforcement.
• Support the team's deep-dive efforts into FedRAMP, ISO 27001, and SOC 2, translating domain expertise into automated agent logic.
• Build and maintain integration layers (MCP servers, APIs) that allow GRC tools to interact seamlessly with our internal ecosystem (Jira, BigQuery).
• Contribute towards preparing compliance documentation, control evidence, and control owners for internal and external audits

Basic Qualifications

• 5+ years of software engineering experience.
• Experience building AI/ML-powered applications or agentic systems.
• Proficiency in Python (or another language) and experience with API integrations/data processing.
• Familiarity with at least one compliance framework (FedRAMP, ISO 27001, SOC 2, or NIST).
• Experience with Git, CI/CD, and deploying production-grade services.

Preferred Qualifications

• Experience with the Anthropic Claude API, Model Context Protocol (MCP), or Claude Agent SDK.
• Experience extracting data from cloud infrastructure (AWS, GCP) or security tooling (SIEM, vulnerability scanners).
• Familiarity with GRC platforms (LogicGate, ServiceNow) or compliance data models.
• Experience with OSCAL (Open Security Controls Assessment Language).
• Background in highly regulated environments (FinTech, GovCloud, Healthcare).

#LI-JS1

ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.