Security & Compliance Engineer

At Nutrient, we’re transforming how the world works with documents. Our tools turn static files into intelligent, integrated workflows that power mission-critical software for some of the world’s most innovative companies. From construction to legal tech, our customers use Nutrient to build faster, scale smarter, and replace outdated paper-based processes with secure, scalable document technology.

Our platform is trusted by thousands of organizations across 80+ countries including Fortune 500 firms, governments, and industry pioneers—and supports nearly a billion end users globally.

We’re looking for a highly self-driven Security & Compliance Engineer who uses AI tools as a natural part of how they work. This is a broad, high-ownership role with two equally important sides: product security — vulnerability response, automation, and supply chain assurance — and compliance, where there’s a growing and ongoing need to build evidence workflows, respond to enterprise due diligence, and keep our posture current with an evolving regulatory landscape.

A lot of this work will be solo, so the ability to self-manage, prioritize, and drive outcomes without hand-holding is essential.

We’re not looking for a unicorn with deep expertise in every domain — we’re looking for someone who learns fast, ships clean automation, and is genuinely excited about using AI to multiply their own capacity. You’ll be joining a lean, async-first team where your work will be directly visible, and where the expectation is measurable outcomes over activity.

• Own the vulnerability response loop end-to-end — intake, triage, dedupe, owner routing, remediation tracking, and closure — including supporting customer-facing security response workflows
• Build and operate compliance workflows — evidence management, security questionnaire response libraries, audit coordination, and keeping our posture aligned with frameworks like SOC 2, ISO 27001, GDPR, DORA, and the EU AI Act
• Build and maintain security automation across CI/CD and collaboration tooling (Buildkite, Jira, Slack) to route findings, reduce noise, track SLAs, and surface clear dashboards and reporting
• Deliver a rotating queue of enterprise capability projects — SBOM/SCA workflows, SAST rollout with AI-assisted triage, infrastructure security posture improvements, and enterprise due diligence support
• Use agentic AI and AI-assisted development as a core part of your workflow — with appropriate validation, testing, and guardrails — to accelerate delivery and stay at the cutting edge
• Treat everything you ship as a product — runbooks, metrics, and maintainability so systems don’t become knowledge sinks and others can step in

• AI nativity — you use AI tools to accelerate your work as a matter of course, know how to validate outputs and build reliable agentic loops, and stay current with how the tooling is evolving
• Speed of learning — you pick up new domains, languages, and systems quickly and are comfortable operating across a broad, polyglot environment without needing to be an expert in everything upfront
• Strong self-management — you can own a queue of work independently, communicate progress clearly in writing, and drive outcomes without relying on meetings or close oversight
• Software engineering fundamentals — experience shipping and maintaining automation, integrating systems via APIs (Jira, Slack, etc.), and working with CI/CD pipelines (Buildkite a plus; Git Hub Actions, Git Lab CI also fine)
• Some security or compliance background — we’re intentionally broad here. Relevant experience could span vulnerability management, application security, cloud/infra security, compliance workflows, or audit coordination. Depth in one area is fine; curiosity across all of them matters more
• Bonus: SBOM/SCA familiarity (Cyclone
  
  DX, SPDX, Syft), SAST tooling experience, IaC/CSPM exposure, or hands‑on experience with compliance frameworks and EU regulatory requirements

At Nutrient, we’re not just hiring for skills — we’re hiring for mindset. The people who thrive here are:

• Collaborators :
  You collaborate openly, listen actively, and…