Security & Compliance Specialist

RadarFirst is seeking a Security & Compliance Specialist to strengthen our security posture across cloud infrastructure, applications, and customer-facing operations. This role owns CVE and vulnerability management, threat intelligence, incident response, alert monitoring and triage, and collaborates with Compliance to support customer security questionnaires, RFPs, and due-diligence requests.

The ideal candidate blends strong technical cybersecurity skills with the ability to support compliance frameworks and ensure high-quality, accurate security documentation for customers and auditors. This role will also leverage AI and automation to streamline questionnaire workflows, evidence gathering, and documentation tasks.

This position can be based out of our HQ in Portland, OR, or remote from anywhere in the U.S.

Essential Responsibilities & Duties:

Own the end-to-end vulnerability management lifecycle, including identification, triage, prioritization, remediation coordination, and validation.

• Integrate vulnerability scanning into CI/CD pipelines and cloud environments.
• Build dashboards and reports that track vulnerability posture and remediation SLAs.
  Partner with DevOps and Engineering teams to drive timely remediation across AWS, containerized, and application environments.
• Monitor threat intelligence feeds, CVE sources, and emerging exploit trends to identify relevant risks.
• Assess how new vulnerabilities or TTPs may impact RadarFirst systems and architecture.
• Produce actionable intelligence summaries for engineering and leadership teams.
• Manage and tune alerts from Datadog, AWS Security Hub, GuardDuty, EDR and other monitoring platforms.
• Perform first-level triage, determining severity, scope, and appropriate escalation.
• Automate alert enrichment, correlation, and response using scripts, workflows, and AI-powered tools.
• Lead or support incident response activities, including detection, containment, investigation, recovery, and post-incident analysis.
• Conduct root-cause analysis and document findings.
• Maintain and continuously improve IR playbooks, processes, and readiness exercises.
• Support SOC 2, HITRUST, and other frameworks.
• Complete customer security questionnaires, RFPs, DDQs, SIG Lite/Core, and HECVAT, ensuring technical accuracy.
• Use AI and automation to streamline questionnaire completion, generate evidence packets, and maintain a consistent knowledge base.
• Perform technical quality reviews of all security-related documentation before submission to customers or auditors.
• Provide technical support during customer security reviews and sales processes.
• Implement and maintain cloud, application, and infrastructure security controls across AWS, Terraform, Docker, and other environments.
• Partner with DevOps to enhance CI/CD pipeline security through automated testing, secrets scanning, and secure configuration practices.
• Support deployment and tuning of SAST, DAST, and container scanning tools.
• Promote encryption, IAM best practices, and secure communication patterns across systems.
• Work closely with Engineering, DevOps, Sales, and Customer Success teams.
• Provide training and guidance on secure development, threat awareness, and vulnerability remediation.
• Develop and maintain automated workflows, documentation templates, and knowledge bases.

Research shows that people who identify as being from underrepresented groups are more likely to doubt the strength of their qualifications, so we encourage you to submit an application if you're interested in this role despite any reservations you may have about your background or skill set.

Qualifications:

• 4+ years of experience in cybersecurity, security operations, vulnerability management, or similar roles.
• Experience with AWS security services (Security Hub, GuardDuty, IAM, KMS, Secrets Manager).
• Proficiency with vulnerability scanning and management tools.
• Experience completing or reviewing security questionnaires, RFPs, DDQs, or compliance documentation.
• Familiarity with SOC 2, HITRUST, NIST CSF, CIS Benchmarks, and OWASP Top 10.
• Strong experience with scripting (Python, Bash, Go) and security automation.
• Ability to use AI tools to automate documentation, questionnaire responses, knowledge base creation, and workflow optimization.
• Strong technical writing and communication skills, especially in customer-facing contexts.

What is Nice to Have:

• Industry certifications: Security+, GSEC, GCIH, GCIA, or similar.
• Experience supporting compliance audits or evidence collection.
• Experience in a SaaS, cloud-native, or privacy-focused organization.

Who We Are

At RadarFirst, our mission is to make regulatory risk and data privacy simple, actionable, and sustainable.

We’re transforming how organizations handle incidents and compliance with automated, purpose-built SaaS solutions. Recognized as pioneers in privacy, we’ve earned patents, industry awards, and the confidence of some of the world’s most highly regulated industries, from healthcare and insurance to finance and beyond.

Our Values

Respect & CandorInclusion & InnovationIntegrity & Empathy

Why Join RadarFirst?

At RadarFirst, our team is filled with smart, thoughtful, and forward-thinking contributors who are experts at what they do.  Our culture of innovation and trust is paramount to our success. We work hard, but we also encourage and support a healthy work/life balance. We offer a generous package of benefits and perks that make RadarFirst a great place to work, including:

• Comprehensive benefits that include medical and dental, 401k, Life and Disability insurance, generous flexible time off policy, paid holiday time, and 12 weeks paid parental leave. Plus flexible spending accounts for medical, dependent care, and commuter expenses

• Community outreach programs to encourage giving back to our community both as a group and individually

• Commitment to anti-racism work and accountability to our short-term and long-term equity & inclusion action plan

RadarFirst is a community-first organization, operating on a hybrid model. We actively support all employees working in the way they need. For those who wish to work from the office, these are some features of our downtown Portland office:

• On-site amenities such as indoor bike racks, showers, lockers, and gym facilities
• Casual work environment in an ideal central location, close to great food, shopping, and transportation options

This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9.

The salary range for this role is $ 120,000 - $130,000 a year.

 #LI-REMOTE