Product Security Compliance Lead

Second Front Systems, Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• Lead and mentor a team of security engineers and compliance specialists focused on architecture, control implementation, and audit readiness, fostering a culture of ownership, collaboration, and continuous improvement.
• Define and maintain security architecture and control patterns for Game Warden and supporting services, aligned with mission, risk, and accreditation needs.
• Serve as the senior technical lead for the execution of key security accreditations and certifications, including FedRAMP, US agency ATOs, ISO 27001, UK government / NCSC-aligned cloud security expectations, and NATO-related accreditations.
• Lead creation and maintenance of System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), security policies, standards, and technical control narratives, ensuring documentation accurately reflects our architecture, controls, and operating reality.
• Coordinate continuous monitoring activities, significant change reviews, and evidence collection so our accreditations stay current and our controls get stronger over time.
• Partner closely with Security Operations, Cybersecurity Assessment, Product, Engineering, Legal, and Sales teams to support complex customer requirements and unblock deals in highly regulated environments.
• Lead the technical representation of the company in third-party audits (3PAO) and accreditation sessions, ensuring all security documentation and postures are effectively articulated and defended to maintain authorization.

🎯 Requirements

• 8+ years of experience in information security, with significant time in product / platform security, security architecture, or security engineering.
• Hands-on experience leading technical delivery on one or more security accreditation or certification programs (e.g., FedRAMP, DoD / IC ATOs, ISO 27001, public sector cloud frameworks such as NCSC / UK gov or NATO).
• Demonstrated ability to work with and / or author security documentation such as SSPs, POA&Ms, policies, and technical standards.
• Strong understanding of modern cloud architectures and platforms (e.g., AWS, containers / Kubernetes, SaaS delivery models).
• Comfort partnering with engineering teams on real-world design and implementation, able to propose pragmatic solutions, not just policy language.
• Excellent written and verbal communication skills; able to translate complex security and compliance topics into clear, actionable guidance for both technical and non-technical stakeholders.
• People leadership experience in security or compliance teams.
• Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required.

🏖️ Benefits

• Competitive base salary range of $137,000–$191,000.
• Eligibility for discretionary bonuses and equity grants as part of the total compensation package.
• Opportunity to work on mission-critical national security projects with a fast-growing entrepreneurial company.
• Remote work flexibility within approved hiring hubs (DC/MD/VA, Raleigh/Durham/Chapel Hill, Denver/Colorado Springs, Dallas/Fort Worth/Austin).
• Collaboration with cross-functional teams including Engineering, Legal, Sales, and Product to unblock deals in highly regulated environments.
• Leadership role shaping continuous authorization and automation of compliance processes.

Skills & Technologies

TypeScript

AWS

Kubernetes

Senior

Remote

$137k-191k

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Second Front Systems, Inc.

Visit Website

About Second Front Systems, Inc.

Second Front Systems provides software delivery and security accreditation services for the U.S. Department of Defense and federal agencies. The company operates Game Warden, a DevSecOps platform that automates Authority to Operate processes, accelerates software deployment, and maintains continuous compliance monitoring. It integrates security controls, vulnerability scanning, and cloud hosting to enable commercial technology companies to deliver applications to classified and unclassified government networks efficiently.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.