Compliance Engineer

DISCO is a legal tech software company. Our objective is to own the legal tech market and become the leader in legal as Salesforce has done in the sales technology space. Given the massive growth of data over the last 20 years, poorly built legal technology products have severely decreased lawyers ability to practice the law.

Our fundamental mission is to provide a unified technology platform for the practice of law. Great technology can solve problems of scale in data, in laws, and in business operations that have distracted lawyers from doing what they went to law school to do. DISCO is fixing the law by automating the parts of the practice that can be automated so that great lawyers can focus on tasks that really do require human legal judgment.

At DISCO, our cloud infrastructure and system control plane are the backbone that enables us to deliver cutting-edge solutions to our clients. As a Compliance Engineer on our growing DevOps team, you will be driving the implementation of our compliance requirements, as established by the Security and governance, risk, and compliance (GRC) stakeholders. 

• →Evidence Automation & Audit Stewardship: Serve as the Engineering technical contact for annual SOX, SOC2 Type II, and ISO-27001 audits while automating evidence collection into "Continuous Compliance" workflows with minimal disruption to engineering velocity.
• →Infrastructure Governance: Work with DevOps Engineers to implement "Compliance as Code," establishing automated guardrails and performing internal reviews of infrastructure configurations.
• →Access & Identity Management: Manage the technical lifecycle of user access, enforce Segregation of Duties (SoD), and review deprovisioning workflows to ensure compliance with security policies.
• →Stakeholder Management: Support GRC teams by providing technical expertise during sales cycles, responding to RFPs, and maintaining the Security Trust Center and compliance documentation.

• Technical Compliance Expertise: A minimum of 5 years in a technical compliance, security, or DevOps-adjacent role, preferably within a SaaS environment.
• Framework Fluency: Strong understanding of key compliance frameworks, including SOX 404, ISO-27001, SOC2, and IT general controls (ITGC).
• DevOps & Cloud Proficiency: 2-4 years of hands-on experience in DevOps or Platform Engineering, specifically working with AWS, cloud-native applications, and automating deployment/scaling of containerized applications using Infrastructure as Code.
• Automation Focus: A desire and/or experience in leveraging compliance automation platforms (e.g., Anecdotes) to build and maintain automated evidence-gathering tools.
• Collaboration & Engineering Mindset: An engineering background with a preference for collaborative work, including mentoring others and partnering with cross-functional engineering teams to build and maintain highly performant systems.

• Exposure to and understanding of security and compliance frameworks such as FedRAMP, NIST 800-53, or CSRF.
• Experience building and managing PaaS (Platform as a Service) for internal development teams.
• Experience with Cloud Networking (VLAN, routing).
• Experience with other cloud platforms, specifically Azure and GCP.
• Familiarity with Windows Server and Administration (Active Directory, Group Policy Objects).
• Experience with ASP.NET Deployments (WebDeploy).
• General experience with Software Development and any tech stack.

• Cloud Provider - AWS: EC2, Lambda, Aurora, Redshift, DynamoDB, ECS, EKS, SQS, SNS, Kinesis, S3, CloudFront, CloudFormation, KMS, CodePipeline, etc.
• CI/CD: Terraform, Docker, Jenkins, CodeDeploy, GitHub, Artifactory, HashiCorp Consul
• Observability: ELK Stack, OpenTelemetry, DataDog, New Relic, Sentry.io
• Programming Languages: Python, Bash, Kotlin

Authorization to Work in the U.S.: Candidates must be legally authorized to work in the United States without sponsorship now or in the future. DISCO is not currently sponsoring visas, including, but not limited to, H-1B, TN, or EAD, and we are not accepting visa transfers.

DISCO provides a cloud-native, artificial intelligence-powered legal solution that simplifies ediscovery, legal document review and case management for enterprises, law firms, legal services providers and governments. Our scalable, integrated solution enables legal departments to easily collect, process and review enterprise data that is relevant or potentially relevant to legal matters. 

At DISCO, we believe AI is a core enabler of how work gets done. All employees are expected to proactively adopt and responsibly use AI tools to drive efficiency, improve outcomes, and continuously evolve how they operate in their role.

Are you ready to help us fulfill our mission to use technology to strengthen the rule of law? Join us! 

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.