Vantor is forging the new frontier of spatial intelligence, helping decision makers and operators navigate what’s happening now and shape what’s coming next. Vantor is a place for problem solvers, changemakers, and go-getters—where people are working together to help our customers see the world differently, and in doing so, be seen differently. Come be part of a mission, not just a job, where you can: Shape your own future, build the next big thing, and change the world.
To be eligible for this position, you must be a U.S. Person, defined as a U.S. citizen, permanent resident, Asylee, or Refugee.
Note on Cleared Roles: If this position requires an active U.S. Government security clearance, applicants who do not currently hold the required clearance will not be eligible for consideration. Employment for cleared roles is contingent upon verification of clearance status.
Export Control/ITAR: Certain roles may be subject to U.S. export control laws, requiring U.S. person status as defined by 8 U.S.C. 1324b(a)(3).
Please review the job details below.
We are hiring for an Application Security Compliance Engineer to join our team. This position will serve as the integration of assurance functions between Governance, Risk, and Compliance (GRC) with other business units. Primarily to ensure that secure coding practices, DevSecOps pipelines, and application development activities meet regulatory and contractual compliance requirements (e.g., NIST 800-171, CMMC, ISO 27001).
This role is compliance-first but technically fluent, leveraging automation, existing security tools, and AI to transform manual compliance validation into measurable, auditable, and enforceable controls. The individual will partner closely with software developers, DevOps engineers, and security architects to embed compliance into the SDLC and CI/CD pipelines.
Responsibilities:
- Compliance Alignment and Automation of GRC Functions
- Ensure that application security tools, pipelines, and coding practices provide evidence for compliance frameworks (e.g., NIST 800-171, CMMC, ISO 27001).
- Build and replace manual GRC evidence collection with automated tool integrations (e.g., SAST/DAST, libraries, dependency scanners, audit logging and CVEs).
- Implement AI-driven workflows to identify, monitor, and remediate compliance gaps in real time.
- Application Security & Secure Coding Compliance
- Support engineering teams in adopting secure coding practices and ensure compliance checkpoints are integrated into code reviews and CI/CD pipelines.
- Assist in the design and enforcement of technical standards such as encryption, authentication, logging, and vulnerability remediation.
- Develop training material and lead awareness sessions for engineering teams on compliance-driven secure coding requirements.
- Metrics, Reporting, and Audit Readiness
- Establish and maintain compliance goals in automation
- Generate compliance reports for audits, customer assessments, and internal security reviews.
- Act as a technical compliance subject-matter expert during assessments, customer due diligence, and third-party audits.
- Build audit-ready dashboards and reports for GRC and external assessors.
Minimum Requirements:
- Must be U.S. citizen and be willing and able to obtain a US Government security clearance.
- 8+ years of experience in application security, DevSecOps, or compliance engineering.
- Experience implementing and writing control implementation language with compliance frameworks such as NIST 800 Series
- Hands-on experience with secure coding tools and DevSecOps practices (e.g., SAST, DAST, container security, SBOMs, logging, monitoring).
- Hands-on experience supporting AWS automation, IAM, and supporting Jenkins pipelines
- Strong understanding of CI/CD pipelines and their role in compliance enforcement.
- Ability to translate compliance language into technical requirements for engineers.
Preferred Qualifications:
- IAT Level III, certified
- Experience working directly in a GRC function or as part of an audit engagement.
- Knowledge of regulatory standards impacting defense, aerospace, or critical infrastructure.
- Familiarity with AI-driven automation tools for compliance and application security.
- Strong communication skills to interface between auditors, compliance managers, and engineers.
#LI-MG1
Pay Transparency: In support of pay transparency at Vantor, we disclose salary ranges on all U.S. job postings. The successful candidate’s starting pay will fall within the salary range provided below and is determined based on job-related factors, including, but not limited to, the experience, qualifications, knowledge, skills, geographic work location, and market conditions. Candidates with the minimum necessary experience, qualifications, knowledge, and skillsets for the position should not expect to receive the upper end of the pay range.
● The base pay for this position within Colorado is: $124,000.00 - $206,000.00 annually.● The base pay for this position within New Jersey is: $124,000.00 - $206,000.00 annually.● The base pay for this position within Delaware is: $124,000.00 - $206,000.00 annually. ● The base pay for this position within the Washington, DC metropolitan area is: $137,000.00 - $228,000.00 annually.● The base pay for this position within California is: $143,000.00 - $209,000.00 annually.For all other states, we use geographic cost of labor as an input to develop market-driven ranges for our roles, and as such, each location where we hire may have a different range.
Benefits: Vantor offers a competitive total rewards package that goes beyond the standard, including a robust 401(k) with company match, mental health resources, and unique perks like student loan repayment assistance, adoption reimbursement and pet insurance to support all aspects of your life. You can find more information on our benefits at: https://www.Vantor.com/careers
Additionally, this position is incentive eligible with a target based on contribution, company performance, and/or individual results achieved; the specific incentive plan and target amount will be determined based on the role and breadth of contributions.The application window is three days from the date the job is posted and will remain posted until a qualified candidate has been identified for hire. If the job is reposted regardless of reason, it will remain posted three days from the date the job is reposted and will remain reposted until a qualified candidate has been identified for hire.
The date of posting can be found on Vantor's Career page at the top of each job posting.
To apply, submit your application via Vantor's Career page.
EEO Policy: Vantor is an equal opportunity employer committed to an inclusive workplace. We believe in fostering an environment where all team members feel respected, valued, and encouraged to share their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability, protected veteran status, age, or any other characteristic protected by law.
Similar Jobs
What We Do
Vantor is forging the new frontier of spatial intelligence to unlock a more autonomous, interoperable world. We empower decision makers and operators with the clarity they need to navigate what’s happening now and shape what’s coming next. Our AI-powered spatial intelligence platform fuses data from the world’s highest-resolution satellites with real-time sensor feeds from space, air, and ground to create the most accurate living digital replica of Earth.
Why Work With Us
Vantor is a place for problem solvers, changemakers, and go-getters—where people are working together to help our customers see the world differently, and in doing so, be seen differently. Come be part of a mission, not just a job, where you can: Shape your own future, build the next big thing, and change the world.
Gallery
Vantor Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
