Freshpaint

Security Operations Lead

Freshpaint

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $135,000 - $180,000 per year

Job Level

Senior

Tech Stack

AWSCloudGoogle Cloud Platform

About the role

  • Own and manage Freshpaint’s recurring security compliance programs, including SOC 2 Type II, HITRUST R2, and other certifications or audits as needed.
  • Coordinate and manage annual penetration tests and follow through on remediation activities.
  • Maintain and continuously improve Freshpaint’s security controls and documentation.
  • Partner with engineering and product teams to operationalize security best practices across systems, tools, and processes.
  • Support risk assessments, vendor security reviews, and internal audits.
  • Act as a key point of contact for external auditors, customers, and vendors on security-related matters.
  • Drive security awareness and education initiatives across the company.

Requirements

  • 3+ years of experience in security operations, GRC, or compliance at a SaaS or cloud-based company.
  • Strong understanding of security frameworks and standards (SOC 2, HITRUST, ISO 27001, etc.).
  • Experience managing audits and working directly with assessors and penetration testing vendors.
  • Familiarity with cloud infrastructure (AWS, GCP) and modern software development practices.
  • Excellent project management and cross-functional communication skills.
  • You’re organized, detail-oriented, and excited by the challenge of building scalable security programs in a fast-moving environment.
Benefits
  • Competitive pay + generous equity (10-year exercise window)
  • Fully remote (U.S. only) with a $150/month coworking stipend
  • Half-day Fridays, every Friday
  • Unlimited PTO—with a *required* 2-week minimum
  • Top-tier health, dental & vision (100% covered for you, 80% for dependents)
  • 2 “Treat Yourself” days a year—$100 and a day off, just because
  • Generous parental leave
  • Epic offsites twice a year (past trips: Greece, Jackson Hole, Cabo, wine country + more)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security complianceSOC 2 Type IIHITRUST R2penetration testingrisk assessmentsvendor security reviewsinternal auditssecurity frameworksISO 27001cloud infrastructure
Soft skills
project managementcross-functional communicationorganizeddetail-orientedsecurity awarenesseducation initiatives