Senior Security Analyst, Compliance

About OpenSesame

OpenSesame is the trusted partner for Workforce Reinvention in the age of AI. OpenSesame delivers integrated software, curated and customizable content, and expert services – embedded into existing learning, HR, and work systems – to help organizations expand their human+AI potential and thrive through change. Learn more: www.opensesame.com/about

About the Role

As a Senior Security Analyst on our Compliance team, you will play a key role in strengthening OpenSesame’s security posture in a fast-moving, high-growth environment. We’re looking for someone who brings deep technical security expertise, a proactive mindset, and the ability to turn complex risks into practical, scalable solutions. This role spans:

• Vulnerability management
• Penetration testing
• Bug bounty operations
• Cloud and application security
• Audit readiness

You’ll partner across Engineering, DevOps, IT, and Compliance to improve security processes, support compliance efforts, and help ensure security is built into how we work, especially as we continue evolving our approach to AI security.

Performance Objectives

Establish Security Ownership & Technical Depth (0–6 Months)

• Develop a comprehensive view of OpenSesame’s external attack surface, vulnerabilities, and threat landscape — integrating signals from CrowdStrike, cloud environments (AWS, GCP), and application security tooling.
• Own external penetration testing engagements end-to-end — including vendor selection, scope design, execution oversight, remediation validation, and executive reporting.
• Build and operationalize a structured vulnerability management program — partnering with DevOps, Engineering, and IT to prioritize and remediate risk effectively.
• Stand up scalable evidence collection and control mapping workflows in Drata — improving audit readiness and reducing manual effort.
• Establish strong cross-functional relationships to embed security into engineering, infrastructure, and IT workflows from the outset.
• Operationalize Continuous & AI-Aware security practices