Role Overview
Xai is hiring a entry-level Security Engineer - Governance Risk Compliance. This is a full-time role in New York, NY; Palo Alto, CA; Washington, D.C.. Part of Xai's Risk hiring, posted 3 days ago. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Salary Context
Salary is not disclosed in this posting. Market median for Junior-level Risk roles is $75k-$95k (based on 40 comparable listings). Many employers share specifics during the interview process or after an initial screen.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
ABOUT xAI
xAI’s mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excellence. This organization is for individuals who appreciate challenging themselves and thrive on curiosity. We operate with a flat organizational structure. All employees are expected to be hands-on and to contribute directly to the company’s mission. Leadership is given to those who show initiative and consistently deliver excellence. Work ethic and strong prioritization skills are important. All employees are expected to have strong communication skills. They should be able to concisely and accurately share knowledge with their teammates.
ABOUT THE ROLE:
RESPONSIBILITIES:
- Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).
- Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status.
- Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments.
- Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs.
- Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle.
- Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation.
- Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements.
- Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape.
- Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility.
- Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership.
- Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders.
BASIC QUALIFICATIONS:
- Bachelor’s degree in computer science, Information Security, Cybersecurity, or in an engineering/STEM field
- 3+ years of experience in governance, risk management, compliance, or technology audit roles.
- Experience with vulnerability management, POAMs, STIG implementation, and cloud security controls.
PREFERRED SKILLS AND EXPERIENCE:
- 5+ years of security compliance or technology audit-related.
- Previous systems engineering experience strongly preferred
- Ability to evaluate control objectives with IT configurations
- Experience in the tech or AI industry, particularly with startups, innovative organizations, or government/public sector engagements.
- Proven expertise in regulatory frameworks, data privacy, cybersecurity, and federal compliance standards, preferably in a technology, cloud, or AI-driven environment.
- Strong understanding of AI ethics, emerging technologies, Risk Management Framework (RMF), and their associated risks.
- Exceptional analytical, problem-solving, organizational, and project management skills, with the ability to balance innovation, oversight, and taking projects from conception to launch.
- Excellent communication, stakeholder management, and translation skills, with experience influencing cross-functional teams and communicating risks to leadership.
- Ability to thrive in a fast-paced, dynamic environment and adapt to evolving priorities.
- Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar preferred.
- Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies (including validation via ACAS and similar tools).
- Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks.
- Background in managing third-party risk, vendor compliance programs, or federal assessments.
- Understanding of cybersecurity controls for cloud service providers.
- Knowledge of government cloud services and evolving certification programs.
COMPENSATION AND BENEFITS:
$100,000 - $258,000 USD
Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.
ITAR REQUIREMENTS:
- To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.
xAI is an equal opportunity employer. For details on data processing, view our Recruitment Privacy Notice.
About Xai
Frequently Asked Questions
How do I apply for the Security Engineer - Governance Risk Compliance position at Xai?
Use the Apply button above to submit your application directly to Xai. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Where is the Security Engineer - Governance Risk Compliance position at Xai located?
This position is based in New York, NY; Palo Alto, CA; Washington, D.C.. Xai has not indicated remote or hybrid options for this role, so candidates should plan for on-site work.
What does a Security Engineer - Governance Risk Compliance at Xai earn?
Xai has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Security Engineer - Governance Risk Compliance role at Xai posted?
This role was posted on July 6, 2026 (3 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
Is the Security Engineer - Governance Risk Compliance role at Xai entry-level?
Yes. This is an entry-level position. Strong candidates typically have 0-2 years of relevant work experience, internships, or significant project work. Read the full description for any specific qualification requirements Xai has listed.
Similar Jobs
Senior Data Analyst- Fraud & AML
Xai
Program Manager (Data Center Construction)
Xai
Product Leader, Finance Engineering
Klaviyo
Order to Cash Track Lead, Finance Engineering
Klaviyo
Staff Newsroom Security Engineer
Thenewyorktimes
More Jobs at Xai
View all →AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start