Home › Companies › Cursor › GRC Security Engineer, Federal & Public Sector
GRC Security Engineer, Federal & Public Sector
Cursor · San Francisco · On Site · Deleted · Ashby
Job facts
| Field | Value |
|---|---|
| Company | Cursor |
| Title | GRC Security Engineer, Federal & Public Sector |
| Normalized title | - |
| Department / team | Engineering / Engineering, Security |
| Location | San Francisco, CA, United States |
| Work model | On Site |
| Employment type | Full Time |
| Salary | - |
| Status | deleted |
| ATS provider | Ashby |
| Posted / first seen | — / 2026-05-29 |
| Changed / last seen | 2026-06-06 / 2026-06-03 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Cursor. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Ashby. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in San Francisco. | Open |
| Department jobs | Active postings in Engineering. | Open |
| Work model jobs | Active On Site postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Cursor |
| Source | a1be9bce-7d19-4f33-8899-8faf8c351d4d |
| ATS provider | Ashby |
Description
Our mission is to automate coding. The first step in our journey is to build the best tool for professional programmers, using a combination of inventive research, design, and engineering. Our organization is very flat, and our team is small and talent dense. We particularly like people who are truth-seeking, passionate, and creative. We enjoy spirited debate, crazy ideas, and shipping code.
About the role
Cursor is investing in serving federal and other regulated-market customers, and we're building the GRC foundation to get there. Federal compliance — FedRAMP and adjacent authorizations — is a key path, and we're looking for a senior GRC engineer to lead the technical execution.
This is a hands-on GRC engineering role. We treat compliance as code. You'll write code, ship infrastructure changes, generate machine-readable artifacts, and design evidence collection pipelines that keep compliance honest without dragging engineers into screenshot purgatory. You'll partner closely with our security engineering, infrastructure, and legal teams.
We're in-person with cozy offices in North Beach, San Francisco and Manhattan, New York, complete with well-stocked libraries. SF is preferred for this role since you'll be partnering closely with the GRC and security leadership team in person.
What you'll do
Help us evaluate and shape our federal and regulated-market compliance strategy — FedRAMP, impact levels, and international equivalents — and lead the technical execution
Own the technical heavy lifting on any authorization we pursue: control implementation, SSP authorship, 3PAO engagement, POA&M management, and continuous monitoring
Build compliance-as-code: automated evidence collection, machine-readable artifacts, and continuous control monitoring tied into our existing security telemetry
Author honest, defensible control narratives across the major NIST 800-53 families
Influence and drive international compliance strategy as we expand
Support the broader security team on security and trust enablement as needed
You may be a fit if
You have direct, hands-on experience with FedRAMP authorization — as a CSP team member who took a service through ATO, or as a senior assessor at a 3PAO
You read NIST SP 800-53 Rev. 5 like a developer reads RFCs — you can argue control intent, not just recite it
You write code (Go, Python, or comparable) and have automated something in compliance that other people would have done with screenshots
You know what OSCAL is, why it matters, and ideally have generated or consumed it in production
You've worked in or alongside AWS GovCloud, Azure Government, or DoD IL4/5 environments
You have working knowledge of FIPS 140-3, FedRAMP 20x / KSIs, CMMC, and how DoD impact levels map onto FedRAMP baselines
Bonus: dual-perspective experience — you've been an operator who has taken organizations through FedRAMP authorization multiple times and spent time on the 3PAO assessor side. OSCAL tooling or GRC engineering tooling contributions and public writing or speaking on GRC engineering are also a plus
#LI-DNI
Full job record
| Job ID | 2b20bce2497c912c27f15a07c5270f92dccd2fff |
| Org ID | 6f3c9660-c42e-4e5a-8352-8b96453d18e3 |
| Source ID | a1be9bce-7d19-4f33-8899-8faf8c351d4d |
| Board ID | a1be9bce-7d19-4f33-8899-8faf8c351d4d |
| Provider | ashby |
| Provider Job Key | 94ae671e-345a-48de-9b7a-2aad693351e1 |
| Title | GRC Security Engineer, Federal & Public Sector |
| Normalized Title | — |
| Status | deleted |
| Active | no |
| Location Text | San Francisco |
| Department | Engineering |
| Team | Engineering, Security |
| Employment Type | full_time |
| Workplace Type | on_site |
| Remote Policy | — |
| Country | United States |
| Region | CA |
| City | San Francisco |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://jobs.ashbyhq.com/cursor/94ae671e-345a-48de-9b7a-2aad693351e1 |
| Apply URL | https://jobs.ashbyhq.com/cursor/94ae671e-345a-48de-9b7a-2aad693351e1/application |
| First Seen At | 2026-05-29 06:36:51Z |
| Last Seen At | 2026-06-03 13:56:44Z |
| Last Checked At | 2026-06-06 09:26:17Z |
| Last Changed At | 2026-06-06 09:26:17Z |
| Inactive At | 2026-06-06 09:26:17Z |
| Source Posted At | — |
| Source Updated At | — |
| Raw Payload Uri | s3://bluework-jobs-prod-raw-590183727216/raw/provider=ashby/board=cursor/date=2026-06-03/2026-06-03T13-55-49-134Z-b8b0785145aa794a28e8c569ce8bf22a9f299d67087e83c33a13f7ae82df687d.json |
Event Fields
{
"content_hash": "d900b7be1a8a238fa36cad62872cd6f9a07bc4ccfff05f394128a3cf75bec1bd",
"source_hash": "015d566b2eaa3768fa59f6096d4c65a7f3f7deae6422b5e84cfe68cad93bc0f7",
"last_changed_at": "2026-06-06T09:26:17.866Z",
"active_status": "deleted"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "San Francisco",
"city": "San Francisco",
"region": "CA",
"country": "United States",
"is_remote": false,
"confidence": 0.75
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-03T13:56:43.927Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "San Francisco",
"city": "San Francisco",
"region": "CA",
"country": "United States",
"is_remote": false,
"confidence": 0.75
},
"countries": [
"United States"
]
},
"remote_policy": null,
"salary_period": null,
"workplace_type": "on_site",
"salary_currency": null
}Extensions
{}Native Structured
{
"id": "94ae671e-345a-48de-9b7a-2aad693351e1",
"team": "Engineering, Security",
"title": "GRC Security Engineer, Federal & Public Sector",
"jobUrl": "https://jobs.ashbyhq.com/cursor/94ae671e-345a-48de-9b7a-2aad693351e1",
"address": null,
"applyUrl": "https://jobs.ashbyhq.com/cursor/94ae671e-345a-48de-9b7a-2aad693351e1/application",
"isListed": true,
"isRemote": false,
"location": "San Francisco",
"updatedAt": null,
"apiVersion": "ashby-non-user-graphql-v1",
"department": "Engineering",
"publishedAt": null,
"workplaceType": "OnSite",
"employmentType": "FullTime",
"secondaryLocations": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/2b20bce2497c912c27f15a07c5270f92dccd2fff?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/6f3c9660-c42e-4e5a-8352-8b96453d18e3JSONGET https://api.bluedoor.sh/job-postings/v1/sources/a1be9bce-7d19-4f33-8899-8faf8c351d4dJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/2b20bce2497c912c27f15a07c5270f92dccd2fff/eventsJSON