[Hiring] Senior Security Analyst @OpenSesame

Role Description

As a Senior Security Analyst on our Compliance team, you will play a key role in strengthening OpenSesame’s security posture in a fast-moving, high-growth environment. We’re looking for someone who brings deep technical security expertise, a proactive mindset, and the ability to turn complex risks into practical, scalable solutions.

This role spans:

• Vulnerability management
• Penetration testing
• Bug bounty operations
• Cloud and application security
• Audit readiness

You’ll partner across Engineering, DevOps, IT, and Compliance to improve security processes, support compliance efforts, and help ensure security is built into how we work, especially as we continue evolving our approach to AI security.

You’ll be a strong fit if you’re detail-oriented, collaborative, and excited to build programs that reduce risk, improve visibility, and support safe innovation across the business.

Performance Objectives

• Establish Security Ownership & Technical Depth (0–6 Months)
  • Develop a comprehensive view of OpenSesame’s external attack surface, vulnerabilities, and threat landscape.
  • Own external penetration testing engagements end-to-end.
  • Build and operationalize a structured vulnerability management program.
  • Stand up scalable evidence collection and control mapping workflows in Drata.
  • Establish strong cross-functional relationships to embed security into engineering, infrastructure, and IT workflows.
• Operationalize Continuous & AI-Aware Security (6–12 Months)
  • Design and implement a continuous penetration testing program.
  • Own and mature the bug bounty program.
  • Lead implementation of AI security practices across internal systems and product development.
  • Develop automations and tooling to continuously collect threat intelligence.
  • Improve Jira and Confluence workflows to create visibility and accountability.
  • Provide deep technical support during audits.
• Drive Security Maturity & Compliance Integration (12+ Months)
  • Serve as a senior technical partner to Compliance.
  • Continuously improve Drata automation and evidence pipelines.
  • Partner with Engineering and DevOps leadership to evolve secure development practices.
  • Establish and refine AI security governance models.
  • Identify systemic risks, recurring vulnerability patterns, and process inefficiencies.
  • Contribute to long-term security strategy.

What Success Looks Like

• Penetration testing is predictable, effective, and drives measurable reductions in risk.
• Vulnerabilities are prioritized intelligently and remediated within defined SLAs.
• The bug bounty program consistently yields high-quality findings.
• AI systems and tools are deployed with clear security guardrails.
• Engineering teams proactively incorporate security into design and development workflows.
• Audit readiness becomes continuous rather than event-driven.
• Security is viewed as a strategic enabler of safe innovation.

Location

This position can be based anywhere in the US. We operate as a remote-first company, and invest in mandatory all-company meetings several times a year in addition to required team travel as necessary.

Performance Driven

We're looking for self-starters with a track record of delivering excellent results, but we're highly selective about who we hire. We don't focus on typical job requirements, instead, we're interested in specific examples from your past experiences.

Compensation

The base salary for this position generally ranges between $130,000 and $160,000, depending on experience. At OpenSesame, we offer a comprehensive benefits package to employees upon hire.

Equal Employment Opportunity

OpenSesame is an Equal Employment Opportunity and Affirmative Action employer that values and welcomes diversity. We do not discriminate on the basis of various legally protected characteristics.

Pay Transparency

At OpenSesame, we prioritize pay transparency, fairness, and equity to create a positive and inclusive work environment.

CPRA (California Candidates)

When you submit your application, OpenSesame may collect and use your personal information in accordance with our privacy policy and the CPRA.