Security and Compliance Analyst

You love checkboxes. After all, security is all about meeting requirements. Make sure all the boxes are checked, and we'll be safe.  Are you a checkbox-ninja? Do you yearn to pick apart systems with a squint in your eye and a red pen in your hand? Then you can stop right now, because that's not who we're looking for. For everyone else, let's start again.

You know that requirements bingo can actually be a good foundation. Do you often think, "If only we believed in these from the beginning, that would be something"? Turns out, we feel the same way.

Security used to be simple. We built things, we solved problems, and we built some more things. Then we realized that we were solving the same problems, over and over again. So we started making lists, to avoid problems tomorrow.

At some point, these lists began regulating everything we do to build and run systems. They ceased being goals, and instead turned into restrictions. The checking of the box became the ultimate goal, rather than understanding why the box was there in the first place. Security culture lurched towards "Compliance before Competence."

But you know better. You understand that compliance frameworks can have productive value. You use them for crafting a roadmap for the future, instead of as absolute measurements of the past. They suggest what to do next, instead of whether what's already done was Good™ or Bad™.

Is there a need for post-hoc assessments? Of course there is. GDPR is rapidly becoming a legal hot-button. Our customers expect glowing SOC 2 audits. New customers send us extensive questionnaires. There are even some frameworks, like the NIST CSF, that we choose to use all on our own.

Your mission will be to help Expel expertly navigate all these frameworks, and more, blazing a path that's logical, efficient, and helps the company thrive.

What Expel can do for you

  • Expose you to more requirements, controls, and questions than you can shake a good-sized stick at
  • Provide an opportunity to "Do Compliance Right" in a way that boosts security, rather than headcount
  • Give you experience working the whole "security problem"
  • Enable you to work across the organization with people who take security seriously
  • Listen to what you say so you can directly impact our direction
  • Teach you new tricks and take the time to make sure you're learning new skills and growing your career
  • Provide an entertaining and transparent environment
  • Challenge you to push the bounds and expand our vision of security

What you can do for Expel

  • You will discover how to make compliance easy, by developing sensible procedures and tools tracking requirements
  • Monitor common compliance frameworks to give early warning when new changes may affect Expel
  • Improve the value of requirements compliance, by using it to influence security, engineering, and operational efforts
  • Craft Expel's responses by understanding the importance of specific requirements
  • Keep Expel informed on how well we're meeting our requirements, and how this has benefited us and our customers
  • Try and fail…and try again. Experiment with new technologies, approaches and techniques
  • Help develop and mature our cybersecurity risk management program

What you should bring with you

  • A solid grasp of frameworks like SOC 2, NIST CSF, GDPR, and VSA
  • Experience evaluating a system or an organization against compliance regimes
  • Ability to track multiple requirements across many regimes
  • Readiness to find a new way to approach security requirement compliance
  • The ability to analyze and understand arcane requirements
  • Excellent project management skills

Additional notes

We're looking to hire someone to work from our offices in Herndon, Virginia.

We're an Equal Opportunity Employer: You'll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Back to top