Senior Security Analyst, Compliance

Open Sesame is the trusted partner for Workforce Reinvention in the age of AI. Open Sesame delivers integrated software, curated and customizable content, and expert services – embedded into existing learning, HR, and work systems – to help organizations expand their human+AI potential and thrive through change.

As a Senior Security Analyst on our Compliance team, you will play a key role in strengthening Open Sesame’s security posture in a fast-moving, high-growth environment. We’re looking for someone who brings deep technical security expertise, a proactive mindset, and the ability to turn complex risks into practical, scalable solutions.

This role spans vulnerability management, penetration testing, bug bounty operations, cloud and application security, and audit readiness. You’ll partner across Engineering, Dev Ops, IT, and Compliance to improve security processes, support compliance efforts, and help ensure security is built into how we work, especially as we continue evolving our approach to AI security. We’re looking for proven examples from your career that show you can do this job;

that you’ve owned penetration testing programs, built vulnerability management systems, implemented security automation, and helped organizations adopt modern technologies (including AI) securely and responsibly.

You’ll be a strong fit if you’re detail-oriented, collaborative, and excited to build programs that reduce risk, improve visibility, and support safe innovation across the business.

• Develop a comprehensive view of Open Sesame’s external attack surface, vulnerabilities, and threat landscape — integrating signals from Crowd Strike, cloud environments (AWS, GCP), and application security tooling.
• Own external penetration testing engagements end-to-end — including vendor selection, scope design, execution oversight, remediation validation, and executive reporting.
• Build and operationalize a structured vulnerability management program — partnering with Dev Ops, Engineering, and IT to prioritize and remediate risk effectively.
• Stand up scalable evidence collection and control mapping workflows in Drata — improving audit readiness and reducing manual effort.
• Establish strong cross-functional relationships to embed security into engineering, infrastructure, and IT workflows from the outset.

• Design and implement a continuous penetration testing program that complements annual third-party testing — leveraging automation, threat modeling, and targeted validation.
• Own and mature the bug bounty program — improving signal quality, triage processes, researcher engagement, and remediation workflows.
• Lead implementation of AI security practices across internal systems and product development:
  • Apply OWASP Top 10 for LLMs / AI systems to identify and mitigate emerging risks
  • Support adoption and operationalization of ISO 42001 controls
  • Define secure usage patterns for internal AI tools and third-party AI integrations
• Partner with Product Engineering to define and enforce secure AI and application baseline requirements — ensuring security is built into system design, not retrofitted.
• Develop automations and tooling (Python, APIs, Make) to continuously collect threat intelligence, validate security baselines, and detect drift across AWS, GCP, Git Hub, and SaaS platforms.
• Improve Jira and Confluence workflows to create visibility, accountability, and measurable progress across security findings and remediation.
• Provide deep technical support during audits — translating real-world implementations into clear, defensible narratives aligned with ISO 27001, ISO 27701, and ISO 42001.

• Serve as a senior technical partner to Compliance — supporting vendor reviews, customer security questionnaires, and control design with practical, implementation-level expertise.
• Continuously improve Drata automation and evidence pipelines — moving toward near real-time compliance visibility.
• Partner with Engineering and Dev Ops leadership to evolve secure…