Who We Are

DISCO is a legal tech software company. Our objective is to own the legal tech market and become the leader in legal as Salesforce has done in the sales technology space. Given the massive growth of data over the last 20 years, poorly built legal technology products have severely decreased lawyers ability to practice the law.

Our fundamental mission is to provide a unified technology platform for the practice of law. Great technology can solve problems of scale in data, in laws, and in business operations that have distracted lawyers from doing what they went to law school to do. DISCO is fixing the law by automating the parts of the practice that can be automated so that great lawyers can focus on tasks that really do require human legal judgment.

Your Impact

At DISCO, our cloud infrastructure and system control plane are the backbone that enables us to deliver cutting-edge solutions to our clients. As a Compliance Engineer on our growing DevOps team, you will be driving the implementation of our compliance requirements, as established by the Security and governance, risk, and compliance (GRC) stakeholders.

Your expertise will deliver enhancements to our system's reliability, scalability, security, and the overall success of our cloud-based solution development. By automating away the "audit burden" from our engineers your work will help shape our future cloud strategy while providing ironclad assurance to our partners within the business.

What you’ll Do

• Evidence Automation & Audit Stewardship: Serve as the Engineering technical contact for annual SOX, SOC2 Type II, and ISO-27001 audits while automating evidence collection into "Continuous Compliance" workflows with minimal disruption to engineering velocity.
• Infrastructure Governance: Work with DevOps Engineers to implement "Compliance as Code," establishing automated guardrails and performing internal reviews of infrastructure configurations.
• Access & Identity Management: Manage the technical lifecycle of user access, enforce Segregation of Duties (SoD), and review deprovisioning workflows to ensure compliance with security policies.
• Stakeholder Management: Support GRC teams by providing technical expertise during sales cycles, responding to RFPs, and maintaining the Security Trust Center and compliance documentation.

Who You Are

• Technical Compliance Expertise: A minimum of 5 years in a technical compliance, security, or DevOps-adjacent role, preferably within a SaaS environment.
• Framework Fluency: Strong understanding of key compliance frameworks, including SOX 404, ISO-27001, SOC2, and IT general controls (ITGC).
• DevOps & Cloud Proficiency: 2-4 years of hands-on experience in DevOps or Platform Engineering, specifically working with AWS, cloud-native applications, and automating deployment/scaling of containerized applications using Infrastructure as Code.
• Automation Focus: A desire and/or experience in leveraging compliance automation platforms (e.g., Anecdotes) to build and maintain automated evidence-gathering tools.
• Collaboration & Engineering Mindset: An engineering background with a preference for collaborative work, including mentoring others and partnering with cross-functional engineering teams to build and maintain highly performant systems.

Even Better If You Have…

• Exposure to and understanding of security and compliance frameworks such as FedRAMP, NIST 800-53, or CSRF.
• Experience building and managing PaaS (Platform as a Service) for internal development teams.
• Experience with Cloud Networking (VLAN, routing).
• Experience with other cloud platforms, specifically Azure and GCP.
• Familiarity with Windows Server and Administration (Active Directory, Group Policy Objects).
• Experience with ASP.NET Deployments (WebDeploy).
• General experience with Software Development and any tech stack.

Tech Stack

• Cloud Provider - AWS: EC2, Lambda, Aurora, Redshift, DynamoDB, ECS, EKS, SQS, SNS, Kinesis, S3, CloudFront, CloudFormation, KMS, CodePipeline, etc.
• CI/CD: Terraform, Docker, Jenkins, CodeDeploy, GitHub, Artifactory, HashiCorp Consul
• Observability: ELK Stack, OpenTelemetry, DataDog, New Relic, Sentry.io
• Programming Languages: Python, Bash, Kotlin

Authorization to Work in the U.S.: Candidates must be legally authorized to work in the United States without sponsorship now or in the future. DISCO is not currently sponsoring visas, including, but not limited to, H-1B, TN, or EAD, and we are not accepting visa transfers.

Perks of DISCO

• Open, inclusive, and fun environment
• Benefits, including medical, dental and vision insurance, as well as 401(k)
• Competitive salary plus RSUs
• Flexible PTO
• Opportunity to be a part of a company that is revolutionizing the legal industry
• Growth opportunities throughout the company