Startup Jobs
Post a Job
HSI

Product Development Security and Compliance Specialist

full-time Remote

AI overview

This role combines hands-on security compliance work with product and DevOps teams, ensuring alignment with critical frameworks like SOC 2 and ISO 27001 in the SaaS development lifecycle.

The Product Development Security & Compliance Specialist supports HSI’s product and DevOps teams in building and operating secure, compliant SaaS products. This role is hands-on and focused on control execution, evidence collection, documentation maintenance, and day-to-day coordination with engineers and product leadership.

Working closely with DevOps, Engineering, IT, and the Product Development leadership team, this position helps ensure that security and compliance requirements are embedded into our software development lifecycle (SDLC), CI/CD pipelines, and cloud infrastructure, and that we maintain strong alignment with frameworks such as SOC 2, ISO 27001, and NIST.

Essential Functions

  • Maintain up-to-date security and compliance documentation, including policies, standards, control narratives, data flow diagrams, system descriptions, and procedure documents.
  • Coordinate and execute evidence collection for external audits (e.g., SOC 2, ISO 27001) and internal assessments, ensuring artifacts are complete, accurate, and organized.
  • Perform recurring control activities (e.g., access reviews, change reviews, configuration checks) according to documented procedures, and record results as audit evidence.
  • Assist with vendor and customer security questionnaires, RFP security sections, and due-diligence requests by gathering technical details and documentation from DevOps, Engineering, and IT.
  • Assist with risk assessments by documenting control gaps, tracking remediation tasks, and ensuring risks are recorded in appropriate systems.
  • Assist with administration of security controls and tooling in SDLC process (e.g., code scanning, dependency scanning, container image scanning, secrets management, infrastructure-as-code scanning).
  • Triage and track security findings from automated tools, working with engineers to prioritize and validate remediation.
  • Help document configuration standards and runbooks for secure cloud services and application infrastructure under the guidance of DevOps Architect and DevOps Management
  • Support vulnerability management, including validating issues, tracking remediation progress, and documenting exceptions or compensating controls.
  • Support monitoring of existing security tooling (e.g., cloud security posture management, application security tools, log/alert dashboards) by reviewing alerts, documenting initial triage, and escalating to senior engineers as needed.
  • Help maintain incident response documentation, including playbooks, contact lists, and communication templates.
  • Capture and organize incident timelines, evidence, and action items, ensuring that lessons learned and follow-up tasks are recorded and tracked to completion.
  • Assist in documenting and communicating incident summaries and remediation status to stakeholders.
  • Participate in design discussions, backlog grooming, and release planning, helping DevOps, Engineering, Product Management, and IT incorporate documented security and compliance requirements.
  • Contribute to security awareness and enablement materials for product development teams (e.g., how-to guides, short training snippets, checklists for secure coding and deployment).
  • Provide clear, concise documentation and ticket updates so that non-security stakeholders can easily understand what is required and why.
  • Stay current on security and compliance best practices relevant to SaaS products and DevSecOps, sharing insights that may improve HSI’s security posture.

Competencies

  • Attention to Detail – Carefully gathers, reviews, and maintains documentation and evidence, ensuring accuracy and completeness.
  • Product Development - Security …
  • Analytical Problem Solving – Breaks down issues from audit findings, tool alerts, and tickets, and helps identify practical remediation options.
  • Communication – Explains security and compliance requirements in clear, accessible language to both technical and non-technical stakeholders.
  • Collaboration – Works closely with DevOps, Engineering, Product Management, and IT to keep security and compliance activities aligned with delivery timelines.
  • Organization & Follow-Through – Manages multiple evidence requests, control tasks, and tickets simultaneously, keeping items moving and stakeholders informed.
  • Adaptability – Adjusts quickly to changing priorities in a fast-paced product development environment.
  • Initiative – Proactively identifies gaps or inconsistencies in documentation, evidence, or processes and proposes practical improvements.

Requirements

  • Bachelor’s degree in computer science, Cybersecurity, Information Systems, or a related field; or equivalent combination of education and hands-on experience.
  • 2–4 years of experience in one or more of the following:
  • IT/security compliance or audit support
  • Security, DevSecOps, or application security roles
  • DevOps/Cloud engineering roles with significant security/compliance responsibilities
  • Experience working with or supporting at least one security or compliance framework (e.g., SOC 2, ISO 27001, NIST).
  • Experience creating or updating security/compliance documentation (e.g., policies, standards, procedures).
  • Experience supporting, or strong interest in supporting, audits or assessments (evidence gathering, walkthroughs, responding to questions)
  • Familiarity with concepts such as least privilege, change management, configuration management, and incident response.
  • Familiarity with CI/CD tools (e.g., Azure DevOps, GitHub Actions, GitLab CI, Jenkins) and how security checks can be integrated into pipelines.
  • Exposure to at least one major cloud platform (AWS, Azure, or GCP), including use of native security features and basic understanding of secure configuration concepts.
  • Hands-on experience with one or more of the following is strongly preferred:
  • Source code or dependency scanning (SAST/SCA)
  • Container security tools
  • Cloud security posture management or configuration scanning tools
  • Experience using ticketing and documentation systems (e.g., Jira, Confluence, SharePoint, or similar) to track work and maintain artifacts.
  • Experience with security/compliance automation platforms (e.g., Drata, Vanta, Secureframe) or GRC tools
  • Relevant industry certifications (e.g., Security+, CCSK, AWS/Azure foundational security certs) or coursework in information security or audit.
  • Basic scripting or automation skills (e.g., PowerShell, Bash, Python) for data extraction, evidence collection, or simple task automation.
  • Experience in a production SaaS or cloud-native product environment.
 HSI

Work at the Forefront of Workplace Safety and Professional GrowthAt HSI, we are driving innovation in environmental, health, safety (EHS), and workforce development solutions. Our comprehensive suite of products and services helps businesses across industries create safer, smarter workplaces while empowering employees to reach their full potential.As an HSI team member, you'll have a direct impact delivering cutting-edge tools for EHS compliance, safety training, professional skills development, and HR compliance to companies of all sizes. Our scalable cloud platforms provide one seamless solution for managing inspections, audits, chemical data, learning programs, and more.With a library of over 300 up-to-date online courses covering critical safety topics like hazard communication, OSHA/MSHA, fire safety, and more, we ensure workplaces remain compliant while prioritizing employee wellbeing. Our professional development offerings further elevate the workforce through skills training in leadership, DEI, mental health, and industry-specific areas.Join a company powering real progress in EHS and workforce enablement. We offer exciting opportunities to grow your career while bettering workplaces around the world. Explore open roles and take the first step toward making a lasting impact.

Website LinkedIn
View all jobs
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Compliance Specialist Q&A's
Report this job
Apply for this job