HSI · 13 hours ago
Product Development Security and Compliance Specialist
United States
Full-time
Remote
Entry, Mid Level
$100K/yr - $120K/yr
2+ years expHSI is a company focused on delivering secure and compliant SaaS products. The Product Development Security & Compliance Specialist supports the product and DevOps teams in ensuring that security and compliance requirements are integrated into the software development lifecycle and cloud infrastructure.
Medical DevicePublic Safety
Responsibilities
Maintain up-to-date security and compliance documentation, including policies, standards, control narratives, data flow diagrams, system descriptions, and procedure documents
Coordinate and execute evidence collection for external audits (e.g., SOC 2, ISO 27001) and internal assessments, ensuring artifacts are complete, accurate, and organized
Perform recurring control activities (e.g., access reviews, change reviews, configuration checks) according to documented procedures, and record results as audit evidence
Assist with vendor and customer security questionnaires, RFP security sections, and due-diligence requests by gathering technical details and documentation from DevOps, Engineering, and IT
Assist with risk assessments by documenting control gaps, tracking remediation tasks, and ensuring risks are recorded in appropriate systems
Assist with administration of security controls and tooling in SDLC process (e.g., code scanning, dependency scanning, container image scanning, secrets management, infrastructure-as-code scanning)
Triage and track security findings from automated tools, working with engineers to prioritize and validate remediation
Help document configuration standards and runbooks for secure cloud services and application infrastructure under the guidance of DevOps Architect and DevOps Management
Support vulnerability management, including validating issues, tracking remediation progress, and documenting exceptions or compensating controls
Support monitoring of existing security tooling (e.g., cloud security posture management, application security tools, log/alert dashboards) by reviewing alerts, documenting initial triage, and escalating to senior engineers as needed
Help maintain incident response documentation, including playbooks, contact lists, and communication templates
Capture and organize incident timelines, evidence, and action items, ensuring that lessons learned and follow-up tasks are recorded and tracked to completion
Assist in documenting and communicating incident summaries and remediation status to stakeholders
Participate in design discussions, backlog grooming, and release planning, helping DevOps, Engineering, Product Management, and IT incorporate documented security and compliance requirements
Contribute to security awareness and enablement materials for product development teams (e.g., how-to guides, short training snippets, checklists for secure coding and deployment)
Provide clear, concise documentation and ticket updates so that non-security stakeholders can easily understand what is required and why
Stay current on security and compliance best practices relevant to SaaS products and DevSecOps, sharing insights that may improve HSI's security posture
Qualification
Required
Bachelor's degree in computer science, Cybersecurity, Information Systems, or a related field; or equivalent combination of education and hands-on experience
2-4 years of experience in one or more of the following: IT/security compliance or audit support, Security, DevSecOps, or application security roles, DevOps/Cloud engineering roles with significant security/compliance responsibilities
Experience working with or supporting at least one security or compliance framework (e.g., SOC 2, ISO 27001, NIST)
Experience creating or updating security/compliance documentation (e.g., policies, standards, procedures)
Experience supporting, or strong interest in supporting, audits or assessments (evidence gathering, walkthroughs, responding to questions)
Familiarity with concepts such as least privilege, change management, configuration management, and incident response
Familiarity with CI/CD tools (e.g., Azure DevOps, GitHub Actions, GitLab CI, Jenkins) and how security checks can be integrated into pipelines
Exposure to at least one major cloud platform (AWS, Azure, or GCP), including use of native security features and basic understanding of secure configuration concepts
Preferred
Hands-on experience with one or more of the following is strongly preferred: Source code or dependency scanning (SAST/SCA), Container security tools, Cloud security posture management or configuration scanning tools
Experience using ticketing and documentation systems (e.g., Jira, Confluence, SharePoint, or similar) to track work and maintain artifacts
Experience with security/compliance automation platforms (e.g., Drata, Vanta, Secureframe) or GRC tools
Relevant industry certifications (e.g., Security+, CCSK, AWS/Azure foundational security certs) or coursework in information security or audit
Basic scripting or automation skills (e.g., PowerShell, Bash, Python) for data extraction, evidence collection, or simple task automation
Experience in a production SaaS or cloud-native product environment
Company
HSI
HSI is a provider of EH&S training solutions to customers in the United States and Canada.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
unknownKey Investors
Neuberger BermanMillpond Equity Partners
2023-11-15Private Equity
2019-09-03Acquired
2006-07-01Private Equity
Leadership Team
Chad Birckelbaw
Executive Chairman
Frank Powers
Chief Technolgy Officer
Recent News
2026-01-16
2025-10-21
Company data provided by crunchbase