Automation Compliance Engineer Intern, IT Compliance (Summer 2026)

Beschreibung:

* Design and implement workflow-based control automation for Regulatory Standards (e.g., ISO, PCI) and SOX 404 ITGCs, using:
* Explicit start-action-evidence-end flows.
* Triggers from tickets, change-management systems, HR events, or IAM changes.
* Delivered via tools such as n8n, Camunda, Azure Logic Apps, or custom MCP-style servers.
* Build and operate MCP-style or MCP-compatible servers that expose:
* Tools: RESTful endpoints for "trigger evidence collection", "run access review", "validate change ticket", etc..
* Resources: Standardized data sources (logs, IAM, ticket data) formatted for AI agents or workflow engines.
* Auth patterns: API keys, bearer tokens, OAuth2, or OIDC-style flows that can be consumed by agents or external tools.
* Engineer API-first automation:
* Write scripts and connectors (Python, Node.js, Bash, etc.) that call, compose, and orchestrate APIs from:
* IAM, IdP, PAM, HRIS, ticketing, cloud IAM, and logging platforms, etc.
* GRC platforms (e.g., ServiceNow, 6clicks, or similar) via REST APIs.
* Implement:
* Authentication and authorization (API keys, Bearer, OAuth2, JWT, Basic, MTLS).
* Pagination, retry with backoff, rate-limiting, and safe error handling.
* Idempotency and safe state transitions for audit-critical operations.
* Translate ISO 27001 controls and SOX 404 ITGCs into automated workflows:
* Example pattern:
* Trigger: new user join or role change in IAM.
* Action: call APIs to validate entitlements, cross-check against SoD, and emit evidence to a GRC tool.
* Outcome: workflow-generated record for ISO 27001 access control and SOX logical-access control.
* Maintain one source of truth for control logic (code / config) and use workflow IDs as control-evidence bindings.
* Design AI-agent-ready interfaces:
* Expose structured, MCP-style endpoints or OpenAPI specs so that LLM agents or workflow tools can call concrete tools (e.g., "get latest access review for System X", "run change-ticket-completeness check").
* Handle dynamic policy enforcement: short-lived tokens, context-aware access, and audit logging for each AI or agent call.
* Integrate with data platforms and SIEM/logging:
* Use logs, change tickets, and identity events as workflow inputs.
* Build automated tests for control effectiveness (e.g., "if a production change is not approved, fire an alert and record as control failure") linked to ISO / SOX control IDs.
* Maintain audit-ready workflow artifacts:
* Log all workflow steps, including timestamps, input, user/agent context, and outputs.
* Ensure workflow outputs are machinable (JSON, structured logs) and can be replayed or reasoned over by auditors or AI agents

Ihr Profil:

* Students currently pursuing Bachelor's degree in computer science, computer engineering or related disciplines.
* Strong understanding of authorization and authentication:
* API keys, Bearer tokens, OAuth2 (client, JWT, PKCE), Basic Auth, MTLS, and OIDC-style flows.
* Hands-on experience implementing these in Python, Node.js, or Go (or similar).
* Deep practical experience with:
* RESTful APIs: understanding of HTTP methods, status codes, pagination, rate-limiting, and idempotency.
* API clients: writing or using libraries that handle auth, retries, and error handling for large datasets.
* Experience building or integrating with:
* Workflow / orchestration tools (n8n, Airflow, Logic Apps, Camunda, etc.) or MCP-style servers / Model Context Protocol-compatible tooling.
* GRC platforms via APIs (e.g., ServiceNow, 6clicks, or similar).
* Familiarity with:
* ISO 27001 (especially Annex A controls related to access management, change control, and operations).
* SOX 404 ITGCs (logical access, change management, computer operations, data integrity).
* Full-time interns preferred
* Part-time interns who can commit at least 3 working days a week are also welcome to apply

Preferred Qualifications:
* OpenAPI / Swagger to MCP-style tool generation (e.g., converting production APIs into MCP servers or AI-agent tools).
* Experience with MCP servers or similar control-plane architectures that expose tools, resources, and prompts for AI agents.
* Background in security automation, CI/CD, or DevSecOps (number of tools: n8n, Terraform, Ansible, Docker, logging pipelines).
* Prior involvement in SOX 404 audits and ISO 27001 certification projects, with a focus on how to automate evidence collection rather than manual spreadsheets.

Shopee will be prioritizing applicants who have a current right to work in Singapore, and do not require Shopee sponsorship of a visa.

Kindly note that you can only be considered in one recruitment process at a time within Sea Group and will be considered for jobs in the order that you have applied.

The IT Compliance team acts as the organization's "IT doctors," partnering with business teams to deliver technological solutions that enhance Shopee's user experience. A key focus is ensuring our product solutions meet regulatory standards by obtaining necessary certifications, achieved through close collaboration with internal and external stakeholders. This process not only ensures compliance but also provides the team with a deep understanding of regional business landscapes and cross-functional collaboration, enabling us to drive long-term, impactful solutions as the organization grows