Senior Security Analyst, Compliance
USFull-TimeSenior
Salary130000 - 160000 USD per year
Apply NowOpens the employer's application page
Job Details
- Required Skills
- AWSPythonGCPJiraRESTful APIsConfluenceGitHub
Requirements
- Deep technical security expertise
- Proactive mindset
- Ability to turn complex risks into practical, scalable solutions
- Proven experience owning penetration testing programs
- Proven experience building vulnerability management systems
- Proven experience implementing security automation
- Proven experience helping organizations adopt modern technologies (including AI) securely and responsibly
- Detail-oriented
- Collaborative
- Excited to build programs that reduce risk, improve visibility, and support safe innovation
Responsibilities
- Develop a comprehensive view of OpenSesame’s external attack surface, vulnerabilities, and threat landscape — integrating signals from CrowdStrike, cloud environments (AWS, GCP), and application security tooling.
- Own external penetration testing engagements end-to-end — including vendor selection, scope design, execution oversight, remediation validation, and executive reporting.
- Build and operationalize a structured vulnerability management program — partnering with DevOps, Engineering, and IT to prioritize and remediate risk effectively.
- Stand up scalable evidence collection and control mapping workflows in Drata — improving audit readiness and reducing manual effort.
- Establish strong cross-functional relationships to embed security into engineering, infrastructure, and IT workflows from the outset.
- Design and implement a continuous penetration testing program that complements annual third-party testing — leveraging automation, threat modeling, and targeted validation.
- Own and mature the bug bounty program — improving signal quality, triage processes, researcher engagement, and remediation workflows.
- Lead implementation of AI security practices across internal systems and product development, applying OWASP Top 10 for LLMs / AI systems and supporting adoption of ISO 42001 controls.
- Partner with Product Engineering to define and enforce secure AI and application baseline requirements — ensuring security is built into system design, not retrofitted.
- Develop automations and tooling (Python, APIs, Make) to continuously collect threat intelligence, validate security baselines, and detect drift across AWS, GCP, GitHub, and SaaS platforms.
View Full Description & ApplyYou'll be redirected to the employer's site
