Product Development Security and Compliance Specialist
HSI
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
About the role
- Support HSI’s product and DevOps teams in building and operating secure, compliant SaaS products.
- Coordinate and execute evidence collection for external audits (e.g., SOC 2, ISO 27001) and internal assessments.
- Perform recurring control activities (e.g., access reviews, change reviews, configuration checks) according to documented procedures.
- Assist with vendor and customer security questionnaires, RFP security sections, and due-diligence requests by gathering technical details and documentation.
- Assist with risk assessments by documenting control gaps, tracking remediation tasks, and ensuring risks are recorded.
- Assist with administration of security controls and tooling in SDLC process.
- Triage and track security findings from automated tools, working with engineers to prioritize and validate remediation.
- Help document configuration standards and runbooks for secure cloud services and application infrastructure.
- Support vulnerability management and monitoring of existing security tooling.
- Help maintain incident response documentation and capture incident timelines and evidence.
- Participate in design discussions and contribute to security awareness materials for product development teams.
Requirements
- Bachelor’s degree in computer science, Cybersecurity, Information Systems, or a related field; or equivalent combination of education and hands-on experience.
- 2–4 years of experience in one or more of the following:
- IT/security compliance or audit support
- Security, DevSecOps, or application security roles
- DevOps/Cloud engineering roles with significant security/compliance responsibilities
- Experience working with or supporting at least one security or compliance framework (e.g., SOC 2, ISO 27001, NIST).
- Experience creating or updating security/compliance documentation (e.g., policies, standards, procedures).
- Experience supporting, or strong interest in supporting, audits or assessments (evidence gathering, walkthroughs, responding to questions)
- Familiarity with concepts such as least privilege, change management, configuration management, and incident response.
- Familiarity with CI/CD tools (e.g., Azure DevOps, GitHub Actions, GitLab CI, Jenkins) and how security checks can be integrated into pipelines.
- Exposure to at least one major cloud platform (AWS, Azure, or GCP), including use of native security features and basic understanding of secure configuration concepts.
- Hands-on experience with one or more of the following is strongly preferred:
- Source code or dependency scanning (SAST/SCA)
- Container security tools
- Cloud security posture management or configuration scanning tools
- Experience using ticketing and documentation systems (e.g., Jira, Confluence, SharePoint, or similar) to track work and maintain artifacts.
- Experience with security/compliance automation platforms (e.g., Drata, Vanta, Secureframe) or GRC tools
- Relevant industry certifications (e.g., Security+, CCSK, AWS/Azure foundational security certs) or coursework in information security or audit.
- Basic scripting or automation skills (e.g., PowerShell, Bash, Python) for data extraction, evidence collection, or simple task automation.
- Experience in a production SaaS or cloud-native product environment.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
IT compliancesecurity auditingDevSecOpsapplication securitycloud engineeringsecurity documentationincident responsescriptingsource code scanningcontainer security
Soft Skills
communicationorganizationcollaborationproblem-solvingattention to detail
Certifications
Security+CCSKAWS foundational security certAzure foundational security cert