Skip to content
VCF Compliance Engineer
| Company | Broadcom Limited |
|---|
| Location | Vandenberg AFB, CA, USA |
|---|
| Salary | $141000 – $225000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s, Master’s |
|---|
| Experience Level | Expert or higher |
|---|
Requirements
- Bachelors and 12+ years of related experience, or a Masters degree and 10+ years of related experience
- Strong knowledge of compliance frameworks: ISO 27001, NIST 800-53, SOC 2, PCI DSS, etc.
- Familiarity with information security fundamentals, including risk management, access control, encryption, and secure software development lifecycle (SDLC)
- Experience with control design, implementation, and gap analysis
- Understanding of cloud security controls and standards (AWS, Azure, GCP)
- Strong analytical and problem-solving skills with attention to detail
- Excellent communication and stakeholder management skills.
Responsibilities
- Interpret and map technical security controls to industry-recognized compliance frameworks (ISO 27001, SOC 2, NIST 800-53, PCI DSS, DORA etc.)
- Collaborate with engineering, DevOps, and security teams to ensure implementation of security controls aligns with compliance requirements
- Support audit readiness and coordinate internal and external security assessments and compliance audits
- Develop and maintain security policies, standards, and procedures in alignment with best practices and regulatory requirements
- Monitor and assess regulatory changes, translating them into actionable tasks and updated compliance objectives
- Evaluate and integrate automated compliance tools (e.g., GRC platforms, CSPM solutions) to streamline evidence collection and control monitoring
- Support risk assessments, vendor risk management, and third-party due diligence processes
- Educate and promote security and compliance awareness across the organization
- Generate compliance documentation and reports for leadership, customer collateral, and auditors.
Preferred Qualifications
- Security or compliance certifications: CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Auditor, CRISC, CISA, etc.
- Experience supporting SOC 2 Type 2, ISO 27001 certification, or PCI DSS initiatives
- Hands-on experience conducting risk assessments and managing corrective action plans
- Familiarity with privacy regulations such as GDPR and CCPA
- Understanding of DevOps security and CI/CD pipeline integrations for compliance.
