HSI
Making the Workplace Safer and Smarter
Product Development Security and Compliance Specialist
Location
United States
Posted
44 days ago
Salary
Not specified
Bachelor Degree2 yrs expEnglishAWSAzureCloudCyber SecurityGoogle Cloud PlatformJenkinsPythonSDLC
Job Description
• Support HSI’s product and DevOps teams in building and operating secure, compliant SaaS products.
• Coordinate and execute evidence collection for external audits (e.g., SOC 2, ISO 27001) and internal assessments.
• Perform recurring control activities (e.g., access reviews, change reviews, configuration checks) according to documented procedures.
• Assist with vendor and customer security questionnaires, RFP security sections, and due-diligence requests by gathering technical details and documentation.
• Assist with risk assessments by documenting control gaps, tracking remediation tasks, and ensuring risks are recorded.
• Assist with administration of security controls and tooling in SDLC process.
• Triage and track security findings from automated tools, working with engineers to prioritize and validate remediation.
• Help document configuration standards and runbooks for secure cloud services and application infrastructure.
• Support vulnerability management and monitoring of existing security tooling.
• Help maintain incident response documentation and capture incident timelines and evidence.
• Participate in design discussions and contribute to security awareness materials for product development teams.
Job Requirements
- Bachelor’s degree in computer science, Cybersecurity, Information Systems, or a related field; or equivalent combination of education and hands-on experience.
- 2–4 years of experience in one or more of the following:
- IT/security compliance or audit support
- Security, DevSecOps, or application security roles
- DevOps/Cloud engineering roles with significant security/compliance responsibilities
- Experience working with or supporting at least one security or compliance framework (e.g., SOC 2, ISO 27001, NIST).
- Experience creating or updating security/compliance documentation (e.g., policies, standards, procedures).
- Experience supporting, or strong interest in supporting, audits or assessments (evidence gathering, walkthroughs, responding to questions)
- Familiarity with concepts such as least privilege, change management, configuration management, and incident response.
- Familiarity with CI/CD tools (e.g., Azure DevOps, GitHub Actions, GitLab CI, Jenkins) and how security checks can be integrated into pipelines.
- Exposure to at least one major cloud platform (AWS, Azure, or GCP), including use of native security features and basic understanding of secure configuration concepts.
- Hands-on experience with one or more of the following is strongly preferred:
- Source code or dependency scanning (SAST/SCA)
- Container security tools
- Cloud security posture management or configuration scanning tools
- Experience using ticketing and documentation systems (e.g., Jira, Confluence, SharePoint, or similar) to track work and maintain artifacts.
- Experience with security/compliance automation platforms (e.g., Drata, Vanta, Secureframe) or GRC tools
- Relevant industry certifications (e.g., Security+, CCSK, AWS/Azure foundational security certs) or coursework in information security or audit.
- Basic scripting or automation skills (e.g., PowerShell, Bash, Python) for data extraction, evidence collection, or simple task automation.
- Experience in a production SaaS or cloud-native product environment.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Engineer44 days ago
Full TimeRemoteTeam 1-10H1B No Sponsor
Senior Security Technologist managing security governance for enterprise environments
AzureCloudSQL
Security Engineer44 days ago
Full TimeRemote
Knight Division Tactical is seeking a disciplined and technically capable Hacker to support offensive and defensive cybersecurity operations. This role focuses on penetration testing, vulnerability assessment, network exploitation, and security research to protect KDT's systems a...
United States + 180 moreAll locations: United States, Canada, Brazil, Colombia, Argentina, Chile, Venezuela, Bolivarian Republic Of, Bolivia, Plurinational State Of, Ecuador, French Guiana, Guyana, Paraguay, Peru, Suriname, Uruguay, Mexico, Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua, Panama, Dominican Republic, Puerto Rico, Bahamas, Guadeloupe, Haiti, Jamaica, Martinique, Montserrat, United Kingdom, Germany, France, Estonia, Portugal, Hungary, Poland, Ukraine, Romania, Bulgaria, Czech Republic, Slovakia, Belarus, Moldova, Republic Of, Sweden, Greece, Belgium, Italy, Ireland, Switzerland, Netherlands, Finland, Malta, Denmark, Lithuania, Croatia, Spain, Austria, Bosnia And Herzegovina, Iceland, Luxembourg, Macedonia, The Former Yugoslav Republic Of, Montenegro, Norway, Serbia, Slovenia, Albania, Cyprus, Latvia, Monaco, South Africa, Egypt, Algeria, Angola, Benin, Botswana, Burkina Faso, Burundi, Cameroon, Cape Verde, Central African Republic, Chad, Congo, Côte D'ivoire, Congo, The Democratic Republic Of The, Equatorial Guinea, Eritrea, Ethiopia, Gabon, Gambia, Ghana, Guinea, Guinea-bissau, Kenya, Lesotho, Liberia, Libyan Arab Jamahiriya, Madagascar, Malawi, Mali, Mauritania, Mauritius, Mayotte, Morocco, Mozambique, Namibia, Niger, Nigeria, Réunion, Rwanda, Senegal, Seychelles, Sierra Leone, Somalia, Sudan, Swaziland, Tanzania, United Republic Of, Togo, Tunisia, Uganda, Zambia, Zimbabwe, Georgia, Turkey, Israel, United Arab Emirates, Armenia, Azerbaijan, Bahrain, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Palestinian Territory, Occupied, Yemen, India, Japan, Philippines, Pakistan, Thailand, Singapore, Viet Nam, Taiwan, Province Of China, Indonesia, Cambodia, Lao People's Democratic Republic, Malaysia, Myanmar, Korea, Republic Of, China, Afghanistan, Bangladesh, Bhutan, Kazakhstan, Kyrgyzstan, Maldives, Mongolia, Nepal, Sri Lanka, Tajikistan, Turkmenistan, Uzbekistan, Australia, Papua New Guinea, Kiribati, Palau, French Polynesia, Tuvalu, New Zealand
Security Engineer44 days ago
Full TimeRemoteTeam 1,001-5,000Since 2001H1B Sponsor
Consultant assessing security of client applications at Coalfire.
Cloud
Security Engineer44 days ago
Full TimeRemoteTeam 501-1,000Since 1961H1B No Sponsor
Senior Manager overseeing cybersecurity architecture and strategy at Business Wire
AWSCloudCyber Security
