Sr Security and Compliance Engineer

Broadcom seeks an experienced program manager with software engineering skills to lead security compliance and audit activities for its Enterprise Security Group (ESG) cybersecurity products. This strategic role involves driving various certifications (FIPS 140-3, Common Criteria, STIG development, country-specific), formal risk assessments for ESG’s SaaS products, internal security assessments during product release cycles, and customer audits across multiple product lines.

This requires close collaboration engineering, ProdSec, InfoSec, and SaaS Operations teams to manage these certification and audit processes. This requires leading cross-functional initiatives and serving as a vital liaison between technical and non-technical stakeholders to ensure comprehensive and effective compliance.

The ideal candidate will facilitate interactions with third-party testing labs, auditors, advisors, and assessors, work with Sales and Support teams to respond to customer queries related to supplier risk assessments, and contribute to product standards, processes, and security domain documentation. A key focus will be on identifying opportunities for process improvement and standardization across the organization, with an emphasis on automation.

Responsibilities

• Translate ESG business objectives into actionable GRC strategies, leveraging deep product and team process understanding to create clear compliance strategies.
• Facilitate and complete all product certification activities, including financial stewardship and contract reviews as needed.
• Achieve and maintain certifications, proactively identifying and mitigating risks for continuous compliance.
• Support the ESG Product Security (ProdSec) team in security compliance activities (risk assessment, secure software development), providing expert guidance to enhance overall security posture.
• Author and maintain required certification documents.
• Communicate and translate certification requirements (ISO, SSAE 18, NIST, etc.) to engineering teams, providing expert guidance.
• Maintain current understanding of regulations; interpret and communicate changes and their implications to stakeholders.
• Track milestones, proactively manage risks, and drive solutions to completion.
• Drive completion of any customer supplier risk requests by leveraging existing information and resources.
• Monitor schedule deviations and develop corrective actions.
• Coordinate cross-timezone team activities, including occasional off-hours interaction.
• Lead the identification, evaluation, and implementation of automation tools and processes for security compliance activities, including evidence collection, control validation, and reporting.
• Develop and implement technical strategies for efficient and accurate evidence gathering, ensuring data integrity and audit readiness.
• Collaborate with engineering, ProdSec, and InfoSec teams to integrate security compliance requirements into CI/CD pipelines and automated testing frameworks.
• Identify opportunities for proactive risk identification and mitigation strategies across product lines, influencing product development and operational practices.
• Exercise good judgment in achieving compliance objectives and resolving audit findings.
• Independently manage and prioritize multiple security compliance projects, providing regular updates and data presentations to stakeholders.

Skills and Experience

• Bachelor's degree and 8+ years of progressive experience in security compliance, audit, or program management, with a strong emphasis on cybersecurity products.
• Self-starter with Driver personality.
• Cybersecurity background, particularly cloud security.
• Proven experience project managing security compliance audit or certification projects.
• Ability to quickly grasp complex technical concepts and make them easily understandable.
• Ownership of delivery for planned, high-risk, and complicated projects.
• Driving projects from conception (planning) to completion (release).
• Ability to parse compliance language and translate into layman's terms.
• Coordinating audit activities, including evidence gathering and redaction.
• Demonstrated experience with scripting languages (e.g., Python, PowerShell) for automation of GRC processes (such as evidence gathering).
• Demonstrated ability to work autonomously and manage multiple priorities effectively in a fast-paced environment.

Preferred

• Knowledge of regulation/laws in subject area, ability to recognize implications of changes.
• Senior-level experience with software development practices, particularly secure development practices.
• Can understand/create architecture diagrams and data flows.
• Familiarity with GRC automation platforms and tools (e.g., ServiceNow GRC, Anecdotes, Archer).
• Experience with data analysis and visualization tools to present compliance metrics and audit findings effectively.
• Hands-on experience with cloud security technologies and automation in GCP

Additional Job Description:

Compensation and Benefits

The annual base salary range for this position is $120,000 - $192,000

This position is also eligible for a discretionary annual bonus in accordance with relevant plan documents, and equity in accordance with equity plan documents and equity award agreements.

Broadcom offers a competitive and comprehensive benefits package: Medical, dental and vision plans, 401(K) participation including company matching, Employee Stock Purchase Program (ESPP), Employee Assistance Program (EAP), company paid holidays, paid sick leave and vacation time. The company follows all applicable laws for Paid Family Leave and other leaves of absence.

Broadcom is proud to be an equal opportunity employer. We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law. We will also consider qualified applicants with arrest and conviction records consistent with local law.

If you are located outside USA, please be sure to fill out a home address as this will be used for future correspondence.

Welcome! Thank you for your interest in Broadcom!

We are a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

For more information please visit our video library and check out our Connected by Broadcom series.

Follow us on Linked In Broadcom Inc.

Follow Us

• [](https://www.linkedin.com/company/3072 "LinkedIn")

Privacy Page

© 2025 Workday, Inc. All rights reserved.