Security & Compliance Specialist

RadarFirst is seeking a Security & Compliance Specialist to strengthen our security posture across cloud infrastructure, applications, and customer-facing operations. This role owns CVE and vulnerability management, threat intelligence, incident response, alert monitoring and triage, and collaborates with Compliance to support customer security questionnaires, RFPs, and due-diligence requests. The ideal candidate blends strong technical cybersecurity skills with the ability to support compliance frameworks and ensure high-quality, accurate security documentation for customers and auditors. This role will also leverage AI and automation to streamline questionnaire workflows, evidence gathering, and documentation tasks. This position can be based out of our HQ in Portland, OR, or remote from anywhere in the U.S. Essential Responsibilities & Duties: Own the end-to-end vulnerability management lifecycle, including identification, triage, prioritization, remediation coordination, and validation.

• Integrate vulnerability scanning into CI/CD pipelines and cloud environments.
• Build dashboards and reports that track vulnerability posture and remediation SLAs. Partner with DevOps and Engineering teams to drive timely remediation across AWS, containerized, and application environments.
• Monitor threat intelligence feeds, CVE sources, and emerging exploit trends to identify relevant risks.
• Assess how new vulnerabilities or TTPs may impact RadarFirst systems and architecture.
• Produce actionable intelligence summaries for engineering and leadership teams.
• Manage and tune alerts from Datadog, AWS Security Hub, GuardDuty, EDR and other monitoring platforms.
• Perform first-level triage, determining severity, scope, and appropriate escalation.
• Automate alert enrichment, correlation, and response using scripts, workflows, and AI-powered tools.
• Lead or support incident response activities, including detection, containment, investigation, recovery, and post-incident analysis.
• Conduct root-cause analysis and document findings.
• Maintain and continuously improve IR playbooks, processes, and readiness exercises.
• Support SOC 2, HITRUST, and other frameworks.
• Complete customer security questionnaires, RFPs, DDQs, SIG Lite/Core, and HECVAT, ensuring technical accuracy.
• Use AI and automation to streamline questionnaire completion, generate evidence packets, and maintain a consistent knowledge base.
• Perform technical quality reviews of all security-related documentation before submission to customers or auditors.
• Provide technical support during customer security reviews and sales processes.
• Implement and maintain cloud, application, and infrastructure security controls across AWS, Terraform, Docker, and other environments.
• Partner with DevOps to enhance CI/CD pipeline security through automated testing, secrets scanning, and secure configuration practices.
• Support deployment and tuning of SAST, DAST, and container scanning tools.
• Promote encryption, IAM best practices, and secure communication patterns across systems.
• Work closely with Engineering, DevOps, Sales, and Customer Success teams.
• Provide training and guidance on secure development, threat awareness, and vulnerability remediation.
• Develop and maintain automated workflows, documentation templates, and knowledge bases. Research shows that people who identify as being from underrepresented groups are more likely to doubt the strength of their qualifications, so we encourage you to submit an application if you're interested in this role despite any reservations you may have about your background or skill set. Qualifications:
• 4+ years of experience in cybersecurity, security operations, vulnerability management, or similar roles.
• Experience with AWS security services (Security Hub, GuardDuty, IAM, KMS, Secrets Manager).
• Proficiency with vulnerability scanning and management tools.
• Experience completing or reviewing security questionnaires, RFPs, DDQs, or compliance documentation.
• Familiarity with SOC 2, HITRUST, NIST CSF, CIS Benchmarks, and OWASP Top 10.
• Strong experience with scripting (Python, Bash, Go) and security automation.
• Ability to use AI tools to automate documentation, questionnaire responses, knowledge base creation, and workflow optimization.
• Strong technical writing and communication skills, especially in customer-facing contexts. What is Nice to Have:
• Industry certifications: Security+, GSEC, GCIH, GCIA, or similar.
• Experience supporting compliance audits or evidence collection.
• Experience in a SaaS, cloud-native, or privacy-focused organization. Who We Are At RadarFirst, our mission is to make regulatory risk and data privacy simple, actionable, and sustainable. We're transforming how organizations handle incidents and compliance with automated, purpose-built SaaS solutions. Recognized as pioneers in privacy, we've earned patents, industry awards, and the confidence of some of the world's most highly

Apply tot his job Apply To this Job