Simplify Logo

Full-Time

Principal Software Engineer

Governance, Risk, and Compliance

Vanta

Vanta

1,001-5,000 employees

Automates SOC 2 compliance checks via SaaS

Compensation Overview

$321k - $378k/yr

Remote in USA

Remote

Category
Software Engineering (1)
Required Skills
React.js
Node.js
TypeScript
Terraform
Requirements
  • Have played significant technical leadership roles for bigger organizations and complex projects; typically a decade or more of cross-organization leadership experience in addition to overall years of experience
  • Experience communicating with and working closely with a large set of cross-functional stakeholders
  • Self-starter with a mix of previous startup experience and experience working at scale in an environment that prioritizes a bias for action
  • Experience building architectural changes whose impact spans multiple years, or deep expertise in technology
  • Interest in learning about security or prior experience in the security space
  • Experience working at rapidly scaling startups and large companies with environments that prioritize a bias for action
Responsibilities
  • Identify and solve complex, high-impact problems, leading projects with multiple cross-functional stakeholders, engineering leaders and engineers to deliver significant impact to the business
  • Set technical direction impacting the entire engineering team, from critical systems and core product abstractions to developer productivity and maintaining a high bar for quality across engineering
  • Design, develop, and own new product functionality and/or infrastructure leveraging modern frameworks and tooling (TypeScript, React, Node.js)
  • Work on deeply ambiguous problem areas and tackle larger, long-term challenges for the company
  • Design, develop, and own new product functionality and infrastructure leveraging modern frameworks and tooling (TypeScript, Terraform, Node.js)
  • Make effective tradeoffs that consider business priorities, user experience, and a sustainable technical foundation
  • Act as a cultural beacon, setting an example for effective, collaborative engineering and mentoring junior team members
Desired Qualifications
  • Interest in learning about security or prior experience in the security space
Vanta

Vanta

View
Website

Vanta provides a SaaS platform that helps small to mid-sized organizations obtain and maintain SOC 2 certification through automated checks and continuous monitoring. The product integrates with a company’s systems to run checks, track control effectiveness, and generate ready evidence, reports, and submission-ready documentation. It differentiates itself by offering ongoing compliance instead of one-off audits, with scalable checks and automated workflows tailored to SMEs and tech companies. The goal is to make SOC 2 faster, cheaper, and easier to sustain so organizations can focus on their core business while keeping strong security controls.

Company Size

1,001-5,000

Company Stage

Series D

Total Funding

$500.1M

Headquarters

San Francisco, California

Founded

2018

Simplify Jobs

Simplify's Take

What believers are saying

  • Vanta tripled ARR to $300M since 2024, serving 16,000 customers including Atlassian and Snowflake.
  • LiteLLM switched to Vanta from Delve in April 2026 for reliable re-certification post-malware incident.
  • Partnership with Automat-it integrates Vanta into AWS Compliance Guard for HIPAA and PCI startups.

What critics are saying

  • Delve fraud erodes trust in automated compliance, driving 25% customer churn within 12 months.
  • Enterprise vendors like CrowdStrike bundle compliance tools, compressing Vanta margins by 2028.
  • API changes in AWS or Okta integrations break evidence collection, causing non-compliance by 2027.

What makes Vanta unique

  • Vanta's Agentic Trust Platform unifies compliance, risk, and proof with 1,400+ automated tests.
  • Vanta AI Agent automates questionnaires and vendor reviews 50% faster than manual processes.
  • Native Trust Center reflects live compliance posture, eliminating stale documentation issues.

Help us improve and share your feedback! Did you find this helpful?

Benefits

100% Benefits Coverage

Flexible & Remote Work

Paid Parental Leave

Unlimited PTO

Health & Wellness

401(k)

Growth & Insights and Company News

Headcount

6 month growth

-2%

1 year growth

-1%

2 year growth

-2%
Vanta
Apr 29th, 2026
Vanta crosses $300M in ARR as growth accelerates

Vanta reached $300M ARR just 9 months after hitting $200M, with growth rate increasing each of the past four quarters. 16,000 companies now use the platform.

Epium Limited
Apr 1st, 2026
LiteLLM drops Delve after security compliance dispute.

LiteLLM drops Delve after security compliance dispute. LiteLLM is replacing Delve and redoing its security certifications after a malware incident and escalating allegations around Delve's compliance practices. The company plans to use Vanta and an independent third-party auditor to verify its controls. LiteLLM, makers of a popular Artificial Intelligence gateway used by millions of developers, said it is severing ties with compliance startup Delve and will redo its security certifications with another provider and auditor. The move follows a damaging week in which LiteLLM's open source version was hit by credential-stealing malware. Before that incident, LiteLLM had obtained two security compliance certifications by hiring Artificial Intelligence compliance startup Delve. Those certifications are meant to confirm that a company has procedures in place to reduce the likelihood of security incidents. The reversal now raises fresh questions about the reliability of the earlier compliance work and about how LiteLLM intends to validate its controls going forward. Delve has been accused of misleading customers about their actual compliance status by allegedly generating fake data and relying on auditors that rubber-stamped reports. Delve's founder has denied those allegations and offered free re-tests and audits to all customers. The dispute intensified after an anonymous whistleblower renewed the claims and released alleged supporting receipts over the weekend. On Monday, LiteLLM CTO Ishaan Jaffer posted on X that his company will be using Delve competitor Vanta to re-certify and will find its own, independent third-party auditor to verify its compliance controls. The decision signals a clear break from Delve as LiteLLM responds to both the fallout from the malware incident and the broader controversy surrounding Delve's certification process. 52. Impact score. April 1, 2026 OpenAI says GPT-5 produces fewer false claims than earlier models, especially when it can browse the web. The gains look smaller without web access, underscoring how much reliability still depends on live sourcing. April 1, 2026 ARC-AGI-3 introduces interactive, instruction-free environments designed to test whether frontier Artificial Intelligence systems can adapt to genuinely novel situations. Early results show top models performing near zero, highlighting a sharp gap between pattern recognition and open-ended exploration. April 1, 2026 NVIDIA is reportedly running into manufacturing problems with Rubin Ultra as its planned package pushes beyond current TSMC capabilities. The issue centers on CoWoS-L packaging for a much larger multi-die, high-bandwidth memory design. April 1, 2026 Intel's Binary Optimization Tool is changing how executable applications run on Arrow Lake Refresh systems, with measurable gains in some workloads. Primate Labs found that the tool cuts instruction counts and aggressively shifts execution from scalar code to vector instructions, prompting Geekbench to label BOT-enhanced results. April 1, 2026 Medical chatbots from major tech companies are arriving quickly as questions grow about how little outside testing they receive before public release. A judge has also temporarily halted the Pentagon's effort to label Anthropic a supply chain risk, exposing a dispute escalated outside normal government channels.

Daily News N Blog
Mar 30th, 2026
Popular AI gateway startup LiteLLM ditches controversial startup Delve.

Popular AI gateway startup LiteLLM ditches controversial startup Delve. LiteLLM, makers of popular AI gateway used by millions of developers, has publicly announced that it is ditching compliance startup Delve and will redo its security certifications with another company and auditor. The announcement comes after LiteLLM's open source version fell victim to some horrific credential-stealing malware last week. Prior to the incident, LiteLLM had obtained two security compliance certifications by hiring AI compliance startup Delve. Such certifications are intended to verify that a company has procedures in place to minimize potential incidents. Delve has been accused of misleading its customers about their true compliance by allegedly generating fake data and using auditors that rubber-stamped their reports. Delve's founder has denied those allegations and offered free re-tests and audits to all of its customers. That denial encouraged the anonymous Delve whistleblower to double down, including releasing alleged receipts over the weekend. On Monday, LiteLLM CTO Ishaan Jaffer posted on X that his company will be using Delve competitor Vanta to re-certify and will find its own, independent third-party auditor to verify its compliance controls. After such a harsh week, LiteLLM is voting with its feet.

Business Wire
Mar 19th, 2026
Vanta launches AI agents to automate compliance and eliminate audit chaos for CISOs

Vanta, a trust management platform, has announced new AI agents and enterprise controls designed to automate compliance and security workflows. The suite includes context-aware agents for compliance, third-party risk management and customer trust, alongside privacy automation features for data governance. The company's agents operate as 24/7 GRC engineers, coordinating tasks, collecting evidence and surfacing material risks whilst keeping humans in decision-making roles. New enterprise capabilities include adaptive business unit scoping and a standardised control framework to reduce redundancy across multi-framework programmes. Vanta's privacy automation integrates data governance into broader compliance systems, centralising Record of Processing Activities management, data inventories and Data Protection Impact Assessments. The platform serves over 15,000 businesses, including Atlassian, Duolingo and Ramp.

Enactia
Mar 19th, 2026
Best GRC tool Cyprus: powering 2026 digital transformation.

Best GRC tool Cyprus: powering 2026 digital transformation. Cyprus is undergoing a "Digital Metamorphosis." As banks in Nicosia and shipping giants in Limassol move to the cloud, the risk landscape has shifted. A 2026 GRC tool must do more than store files; it must be the engine of your digital growth. * NIS2 and DORA Readiness: With the full enforcement of the NIS2 Directive and DORA, Cypriot critical entities and financial firms must prove operational resilience. * The M&A Wave: Following the 2025 consolidation in retail and banking, 2026 is the year of integration. Enactia helps merged entities unify their risk posture across legacy systems. * Fintech & Forex: For the massive CIF (Cyprus Investment Firm) sector, CySEC compliance and AML/KYC risk management are now automated within Enactia. The Enactia Edge: As a Nicosia-founded company, Enactia Ltd provide on-the-ground support that global competitors like Vanta or Drata cannot match. Its platform is the preferred choice for Cyprus firms transitioning from manual spreadsheets to automated governance. FAQ: GRC tools in Cyprus. * Why does a Cyprus company need a GRC tool? To centralize ISO 27001, GDPR, and local CySEC/FCA requirements into a single "Source of Truth." * Can Enactia host data in Cyprus? Yes. Enactia Ltd understand the local need for data sovereignty and offer hosting options that satisfy Cypriot regulators. * Does Enactia support local frameworks? Yes, including specific templates for the Cyprus Digital Strategy and local cybersecurity standards.