ob Description: GRC Software Engineer

Location: Remote (Continental US, excluding CA, CO, NY, WA) Reports to: GRC Engineering Manager

About WellHive

WellHive is a FedRAMP High-authorized healthcare SaaS company specializing in Care Navigation solutions. We operate critical scheduling infrastructure for 130+ VA healthcare facilities and provide analytics platforms for federal healthcare organizations. We're building out our compliance engineering capabilities to support FedRAMP High authorization and multi-framework expansion.

The Role

We're building a new GRC Engineering team to automate compliance at scale. As a GRC Software Engineer, you'll be a full-stack engineer building systems that collect evidence, store and manage compliance data, validate controls, and provide visibility into our compliance posture. You'll own entire features end-to-end—from designing data pipelines and storage systems to building APIs and user interfaces.

This is a software engineering role where compliance is the domain. You'll work on challenging technical problems like automated evidence collection from AWS infrastructure, OSCAL-formatted compliance artifacts, control mapping across multiple frameworks, audit-ready data storage, continuous control validation, and self-service compliance tooling for engineering teams.

What You'll Do

Build End-to-End Systems

• Develop evidence collection pipelines from AWS services, application logs, CI/CD systems, and operational tools

• Design and implement data storage systems that meet audit retention and queryability requirements

• Build control-to-evidence mapping databases that support multiple compliance frameworks

• Create APIs and integrations between GRC platforms and operational systems

• Develop web interfaces, dashboards, and self-service tools for compliance workflows

Own the Full Stack

• Design data models and schemas for compliance evidence and control mappings

• Build ETL/ELT pipelines that collect, transform, validate, and store compliance data

• Implement automated control testing frameworks with continuous validation

• Create reporting systems and artifact generation for audit and assessment purposes

• Develop infrastructure-as-code for compliance monitoring and evidence collection

Enable Continuous Compliance

• Build real-time dashboards and alerting for compliance posture visibility

• Implement OSCAL-compliant data outputs and machine-readable compliance artifacts

• Create data quality monitoring and validation for evidence integrity

• Develop tools that let engineering teams understand and check compliance requirements

• Build versioning and audit trails into compliance data systems

Collaborate & Improve

• Partner with security, platform, and product engineering teams to understand requirements

• Work with the GRC team lead to make build vs. buy decisions

• Contribute to technical architecture and system design discussions

• Document systems and create runbooks for operational handoff

What You'll Bring

Required

• 3+ years as a software engineer, full-stack engineer, or similar technical role

• Strong coding skills in Typescript, Python, Go, or similar languages

• Experience building both backend systems (APIs, data pipelines, storage) and frontend interfaces

• Solid understanding of databases, data modeling, and SQL

• Working knowledge of AWS services and cloud architecture

• Familiarity with infrastructure-as-code (Terraform, CloudFormation, or similar)

• Basic understanding of security controls and compliance concepts

• Strong problem-solving skills and ability to own projects end-to-end

• US citizenship or permanent residency required

Strongly Preferred

• Experience building data pipelines or ETL workflows

• Prior work in security engineering, DevSecOps, or compliance automation

• Familiarity with FedRAMP, NIST SP 800-53, or other compliance frameworks

• Background working in regulated industries (healthcare, government, finance)

• Experience with data governance, audit trails, or evidence management systems

• Knowledge of OSCAL or other compliance-as-code formats

• Experience building internal tools or developer platforms

What Makes You Stand Out

• You've built systems for security, compliance, or audit use cases

• You're comfortable with both data engineering and application development

• You can translate compliance requirements into technical specifications

• You understand the balance between engineering pragmatism and audit requirements

• You enjoy building tools that solve real problems and make other people's jobs easier

• You're comfortable working across the stack from data models to user interfaces

Why This Role Matters

You'll be joining a team that's building compliance automation infrastructure from the ground up. Your work will directly reduce operational burden, increase compliance accuracy, and position WellHive to scale across multiple frameworks and markets. You'll own meaningful technical problems and have significant influence on how compliance engineering works at WellHive. If you enjoy building systems that have clear impact beyond your immediate codebase, this role offers real ownership and visibility.

Other Details

• Work hours overlapping with Eastern time zone

• High-speed internet connection required

What We Offer

• Competitive compensation targeting mid-high market rates

• Remote-first culture with flexible work arrangements

• Opportunity to work on greenfield projects with significant ownership

• Exposure to federal compliance and security engineering practices

• Work on problems that span the full technical stack