Vantor is forging the new frontier of spatial intelligence, helping decision makers and operators navigate what’s happening now and shape what’s coming next. Vantor is a place for problem solvers, changemakers, and go-getters—where people are working together to help our customers see the world differently, and in doing so, be seen differently. Come be part of a mission, not just a job, where you can: Shape your own future, build the next big thing, and change the world.
To be eligible for this position, you must be a U.S. Person, defined as a U.S. citizen, permanent resident, Asylee, or Refugee.
Note on Cleared Roles: If this position requires an active U.S. Government security clearance, applicants who do not currently hold the required clearance will not be eligible for consideration. Employment for cleared roles is contingent upon verification of clearance status.
Export Control/ITAR: Certain roles may be subject to U.S. export control laws, requiring U.S. person status as defined by 8 U.S.C. 1324b(a)(3).
Please review the job details below.
We are hiring for an Application Security Compliance Engineer to join our team. This position will serve as the integration of assurance functions between Governance, Risk, and Compliance (GRC) with other business units. Primarily to ensure that secure coding practices, DevSecOps pipelines, and application development activities meet regulatory and contractual compliance requirements (e.g., NIST 800-171, CMMC, ISO 27001).
This role is compliance-first but technically fluent, leveraging automation, existing security tools, and AI to transform manual compliance validation into measurable, auditable, and enforceable controls. The individual will partner closely with software developers, DevOps engineers, and security architects to embed compliance into the SDLC and CI/CD pipelines.
Responsibilities:
- Compliance Alignment and Automation of GRC Functions
- Ensure that application security tools, pipelines, and coding practices provide evidence for compliance frameworks (e.g., NIST 800-171, CMMC, ISO 27001).
- Build and replace manual GRC evidence collection with automated tool integrations (e.g., SAST/DAST, libraries, dependency scanners, audit logging and CVEs).
- Implement AI-driven workflows to identify, monitor, and remediate compliance gaps in real time.
- Application Security & Secure Coding Compliance
- Support engineering teams in adopting secure coding practices and ensure compliance checkpoints are integrated into code reviews and CI/CD pipelines.
- Assist in the design and enforcement of technical standards such as encryption, authentication, logging, and vulnerability remediation.
- Develop training material and lead awareness sessions for engineering teams on compliance-driven secure coding requirements.
- Metrics, Reporting, and Audit Readiness
- Establish and maintain compliance goals in automation
- Generate compliance reports for audits, customer assessments, and internal security reviews.
- Act as a technical compliance subject-matter expert during assessments, customer due diligence, and third-party audits.
- Build audit-ready dashboards and reports for GRC and external assessors.
Minimum Requirements:
- Must be U.S. citizen and be willing and able to obtain a US Government security clearance.
- 8+ years of experience in application security, DevSecOps, or compliance engineering.
- Experience implementing and writing control implementation language with compliance frameworks such as NIST 800 Series
- Hands-on experience with secure coding tools and DevSecOps practices (e.g., SAST, DAST, container security, SBOMs, logging, monitoring).
- Hands-on experience supporting AWS automation, IAM, and supporting Jenkins pipelines
- Strong understanding of CI/CD pipelines and their role in compliance enforcement.
- Ability to translate compliance language into technical requirements for engineers.
Preferred Qualifications:
- IAT Level III, certified
- Experience working directly in a GRC function or as part of an audit engagement.
- Knowledge of regulatory standards impacting defense, aerospace, or critical infrastructure.
- Familiarity with AI-driven automation tools for compliance and application security.
- Strong communication skills to interface between auditors, compliance managers, and engineers.
#LI-MG1
Pay Transparency: In support of pay transparency at Vantor, we disclose salary ranges on all U.S. job postings. The successful candidate’s starting pay will fall within the salary range provided below and is determined based on job-related factors, including, but not limited to, the experience, qualifications, knowledge, skills, geographic work location, and market conditions. Candidates with the minimum necessary experience, qualifications, knowledge, and skillsets for the position should not expect to receive the upper end of the pay range.
● The base pay for this position within Colorado is: $124,000.00 - $206,000.00 annually.● The base pay for this position within New Jersey is: $124,000.00 - $206,000.00 annually.● The base pay for this position within Delaware is: $124,000.00 - $206,000.00 annually. ● The base pay for this position within the Washington, DC metropolitan area is: $137,000.00 - $228,000.00 annually.● The base pay for this position within California is: $143,000.00 - $209,000.00 annually.For all other states, we use geographic cost of labor as an input to develop market-driven ranges for our roles, and as such, each location where we hire may have a different range.
Benefits: Vantor offers a competitive total rewards package that goes beyond the standard, including a robust 401(k) with company match, mental health resources, and unique perks like student loan repayment assistance, adoption reimbursement and pet insurance to support all aspects of your life. You can find more information on our benefits at: https://www.Vantor.com/careers
Additionally, this position is incentive eligible with a target based on contribution, company performance, and/or individual results achieved; the specific incentive plan and target amount will be determined based on the role and breadth of contributions.The application window is three days from the date the job is posted and will remain posted until a qualified candidate has been identified for hire. If the job is reposted regardless of reason, it will remain posted three days from the date the job is reposted and will remain reposted until a qualified candidate has been identified for hire.
The date of posting can be found on Vantor's Career page at the top of each job posting.
To apply, submit your application via Vantor's Career page.
EEO Policy: Vantor is an equal opportunity employer committed to an inclusive workplace. We believe in fostering an environment where all team members feel respected, valued, and encouraged to share their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability, protected veteran status, age, or any other characteristic protected by law.
Top Skills
Vantor Westminster, Colorado, USA Office
1300 W 120th Ave, Westminster, CO, United States, 80234
Vantor Colorado Springs, Colorado, USA Office
1975 Research Parkway, Suite 315 , Colorado Springs, CO, United States, 80920
Vantor Denver, Colorado, USA Office
Denver, CO, United States
Vantor Longmont, Colorado, USA Office
1601 Dry Creek Drive, Longmont, CO, United States, 80503
Similar Jobs at Vantor
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
