
Workstreet
Remote Jobs
Best-in-class trust services for high-growth companies. Vanta’s biggest services partner.
39 Jobs
Vulnerability Management Engineer
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
Role Description Our Cloud Security Engineering team is where compliance meets cloud operations. We work directly with clients' engineering and security contacts to monitor and remediate failing cloud security tests in GRC platforms like Vanta, keeping AWS, Azure, and GCP environments continuously compliant without slowing down the teams that build in them. We are seeking a consultative and hands-on Vulnerability Management (VM) Engineer to join our elite Delivery team. You will serve as the primary security advisor for an assigned portfolio of fast-growth startups, helping them identify, prioritize, and fix risks. In this role, you will seamlessly combine scanning infrastructure management with high-touch client advisory. What You'll Do - Orchestrate Vulnerability Scanning Infrastructure: - Configure, schedule, and maintain authenticated credentials, scan policies, and asset groups across client networks and cloud-native environments using enterprise platforms (Tenable/Nessus, Qualys, Rapid7 InsightVM, and Vanta). - Execute Threat Analysis and Risk Prioritization: - Evaluate raw scan outputs and filter false positives; apply advanced risk-based prioritization data utilizing CVSS base scores, EPSS real-time exploit indices, global threat intelligence feeds, and critical client asset contexts. - Drive Collaborative Remediation and Governance: - Translate technical vulnerabilities into clear, actionable architectural guidance and patch-management workflows; partner directly inside the trenches with client software engineers and IT teams to multi-thread remediation efforts and accelerate their sub-30-day time-to-remediate velocity. - Manage Exceptions and Audit Compliance: - Document, verify, and track formal client requests for temporary vulnerability exceptions or long-term risk acceptances; map operational patching data directly to control evidence required for regulatory audits (SOC 2, ISO 27001, HIPAA, CMMC, and NIST). - Own the Advisory Client Experience: - Act as the strategic primary point of contact and trusted security advisor for an assigned portfolio of fast-growth startups; deliver regular project milestones, handle high-priority technical escalations with calm professionalism, and generate regular status reports and executive summaries that communicate technical risk as clear business value. Qualifications - Hands-on configuration and operational experience with one or more vulnerability management scanning platforms (Tenable/Nessus, Qualys, Rapid7 InsightVM, or Vanta). - A deep, accurate understanding of vulnerability scoring systems (CVSS, EPSS indices) and data-driven, risk-based prioritization methodologies. - The explicit ability to interpret raw scan outputs, filter out false positives, and seamlessly translate complex technical findings into business-relevant risk language for corporate stakeholders. - Foundational familiarity with common vulnerability classes, cloud container exposures, configuration defects, and exploit vectors across cloud, OS, application, and network infrastructure layers. - Working knowledge of standard information security compliance frameworks (such as SOC 2, ISO 27001, HIPAA, or CMMC) and how automated infrastructure scanning maps to regulatory audit evidence. - A highly consultative, client-centric approach to engineering delivery; utilizing technical documentation, professional written summaries, and clear milestone mapping to manage multiple client engagements simultaneously and interact directly with US-based tech founders. Nice to Have - Experience with patch management workflows and coordination with IT and engineering teams. - Relevant certifications (e.g., CompTIA Security+, CEH, Tenable Certified Security Associate, or GIAC GEVA). - Familiarity with cloud environments (AWS, GCP, Azure) and cloud-native vulnerability surfaces. - Understanding of the CVE lifecycle, NVD, and threat intelligence feeds. - Prior experience in a managed security services or consulting environment. Benefits - Career Development: Clear path with mentorship and training opportunities. - Technical Training: Comprehensive onboarding on security and compliance frameworks. - Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities. - Growth Opportunity: Early-stage company with significant room for career advancement. - Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team. What You'll Need to Thrive - Excellent written and verbal English communication skills, with the ability to engage confidently with candidates, hiring managers, and business leaders across global teams. - A reliable, high-speed internet connection and a professional home office environment that supports confidential conversations, virtual interviews, and uninterrupted collaboration. - Commitment to working a standard schedule of 8:00 AM–5:00 PM US Eastern Time (ET) to effectively support hiring managers, candidates, and cross-functional teams. - Willingness and ability to travel locally for occasional onsite meetings, team gatherings, or business activities as needed. Hiring and Selection Process - Candidates must participate in live video interviews throughout the hiring process with the camera on (non-negotiable) and be prepared to verify their identity during recruitment and onboarding. - Employment is contingent upon successful completion of identity verification and background screening, where permitted by law. - Selected candidates will participate in structured interviews with hiring managers and cross-functional stakeholders to assess role fit, experience, and alignment with Workstreet’s operating principles. - Candidates will receive prompt updates and consistent communication throughout the interview process, ensuring a transparent, smooth, and engaging experience at every step. Workstreet Is An Equal Opportunity Employer As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.
Senior GRC Engineer – NIST 800-53/FedRAMP
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Guide Clients Through Federal Authorization Processes: Lead clients through NIST SP 800-53 and FedRAMP compliance initiatives, providing proactive communication, clear milestone guidance, and hands-on support throughout the Assessment and Authorization (A&A) lifecycle • Collaborate Closely with Clients: Partner directly with organizations pursuing federal authorizations to understand their environment, identify security gaps, and drive progress toward achieving and maintaining compliance • Be a Trusted Compliance Advisor: Deliver expert guidance on NIST SP 800-53, FedRAMP requirements, and federal cybersecurity standards in a way that is accessible, actionable, and aligned with each client's unique operational environment • Lead and Mentor a Compliance Team: Provide direction, feedback, and professional development support to a small team of compliance professionals, maintaining quality standards and accountability across client engagements • Drive Consistent Delivery: Manage and coordinate multiple NIST SP 800-53 and FedRAMP compliance projects across various clients, ensuring milestones and deliverables are met ahead of authorization deadlines • Interpret and Apply Security Controls: Analyze and interpret NIST SP 800-53 security and privacy controls and control baselines to ensure client compliance with federal cybersecurity standards • Develop and Maintain Authorization Documentation: Create, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other authorization documentation required for NIST SP 800-53 and FedRAMP • Conduct Gap Assessments: Perform readiness reviews to identify and address control deficiencies for organizations pursuing an Authorization to Operate (ATO) or FedRAMP authorization • Support Assessment Activities: Guide clients through the Assessment and Authorization (A&A) process and coordinate with Third-Party Assessment Organizations (3PAOs) and independent assessors • Collaborate on Remediation Efforts: Work closely with clients to identify and remediate gaps in their security programs to meet NIST SP 800-53 Low, Moderate, and High control baselines • Monitor Regulatory Updates: Stay current on evolving NIST SP 800-53 revisions, FedRAMP requirements, and federal cybersecurity policies and guidance to ensure client programs remain compliant and ahead of changing requirements
Trust Services Engineer
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Complete and submit security questionnaires - serve as the primary responder for customer due diligence requests. • Research and validate responses - dig into client-specific questions that fall outside standard frameworks. • Maintain consistency and quality across all deliverables - ensure every response reflects current, approved language. • Collaborate with internal teams - coordinate with compliance and security teams to verify information.
Account Executive – LATAM
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Own a New Market: Be the first dedicated seller for LATAM — building the territory, pipeline, and regional playbook from the ground up • Be a Great Partner: Serve as the primary relationship owner for an assigned group of Vanta Account Executives, building trusted partnerships, driving referral generation, supporting joint customer opportunities, and expanding Workstreet's footprint within the Vanta partner ecosystem. • Run the Full Sales Cycle: Manage deals independently from discovery through close across LATAM and the US, with support from senior leaders as needed • Generate Your Own Pipeline: Blend inbound demand with proactive outbound to identify and develop high-potential prospects in an emerging market • Develop Technical Expertise: Build deep knowledge in SOC 2, ISO 27001, GDPR, and other frameworks to have meaningful, consultative conversations with technical buyers • Engage Key Stakeholders: Build relationships with security leaders, compliance teams, and technical buyers at growing SaaS companies across the Americas • Shape the GTM Motion: Help define our LATAM messaging, qualification criteria, and sales playbooks based on what you learn in the field — your feedback directly shapes how we expand
Trust Services Analyst
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Complete security questionnaires and vendor risk assessments using existing documentation • Research and respond to security questionnaires by leveraging policy and control libraries • Work within platforms like Drata, Vanta, or SecureFrame to retrieve relevant evidence • Collaborate with compliance and security teams to clarify responses as needed
Senior GRC Engineer – Government
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Analyze and interpret CMMC requirements and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards. • Develop, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other CMMC-required documentation. • Conduct gap assessments and readiness reviews for organizations pursuing CMMC certification. • Collaborate with defense contractors to identify and remediate gaps in their cybersecurity programs to meet CMMC Level 1 and Level 2 requirements. • Guide clients through the CMMC assessment process and coordinate with Certified Third-Party Assessment Organizations (C3PAOs). • Manage and coordinate multiple CMMC compliance projects across various defense contractors, ensuring timely completion before contract deadlines. • Lead and mentor a small team of compliance professionals to effectively deliver on CMMC objectives. • Stay current with evolving CMMC requirements, CMMC 2.0 rulemaking, and DoD cybersecurity policies.
Penetration Tester
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Perform comprehensive security assessments across cloud, network, and system environments. • Execute specialized security evaluations of native MacOS applications to identify platform-specific vulnerabilities. • Go beyond standard assessments by simulating real-world adversary tactics and testing human security awareness through phishing and pretexting. • Evaluate and exploit vulnerabilities within AWS, GCP, or Azure environments to ensure robust cloud architecture. • Analyze findings, assess impact, and produce detailed reports with clear remediation recommendations. • Work with engineering and operations teams to validate fixes and strengthen overall system security. • Create and refine scripts, tools, and methodologies to enhance testing accuracy and coverage. • Continuously monitor emerging exploits, specifically focusing on MacOS-based threats and cloud-native attack vectors.
People and Talent Manager
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
Role Description We are a US-based cybersecurity consulting firm looking for a People & Talent Manager to serve as the primary HR point of contact for our growing India team. This is a blended generalist and recruiting role — you will own the day-to-day people operations for our India-based employees and contractors while also leading full-cycle recruiting efforts in-country. You will be a trusted partner to both local team members and US-based leadership, helping to build a strong, high-performing team in India. The ideal candidate brings experience supporting or working within a cybersecurity, technology consulting, or professional services environment, and understands the nuances of supporting a global team operating across time zones. This role begins as a contract engagement with a clear path to permanent employment based on performance and business needs. Qualifications - 6–9 years of progressive HR experience, with a blend of generalist and recruiting responsibilities - Prior experience supporting a cybersecurity, IT consulting, managed services, or technology company - Strong knowledge of India employment law, statutory compliance, and local HR best practices - Experience working in a global or US-headquartered company and collaborating with an international People team - Proven ability to recruit for technical and specialized roles, including an understanding of cybersecurity skill sets and role nomenclature - Proficiency with HRIS systems; experience with Rippling is a strong plus - Excellent written and verbal English communication skills; comfortable working across US Eastern Time hours as needed - High degree of discretion, integrity, and professionalism Requirements - Serve as the primary HR point of contact for all India-based employees and contractors - Partner with the US People team to localize and roll out global HR programs, policies, and processes for the India workforce - Support onboarding and offboarding processes - Manage employee relations matters with professionalism and discretion - Track and ensure compliance with India labor laws, statutory requirements, and any EOR provider obligations - Maintain accurate HR records and support data reporting needs through Rippling - Assist with performance management cycles, compensation reviews, and employee engagement initiatives - Lead full-cycle recruiting for open roles in India - Source and engage candidates for cybersecurity and technical roles - Build and maintain relationships with local recruiting partners, universities, and talent communities in India - Coordinate interview processes between India-based candidates and US-based hiring managers - Draft job descriptions and manage job postings across relevant platforms - Ensure a positive candidate experience that reflects the company’s values and culture - Partner with the US People team to align India hiring to headcount plans and compensation bands Benefits - Clear path with mentorship and training opportunities - A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities - Early-stage company with significant room for career advancement - Flexibility to work from anywhere while collaborating with a global team Nice To Have - Experience working with an EOR provider such as Rippling EOR - Background in compliance-heavy industries where confidentiality and regulatory awareness are critical - Familiarity with sourcing cybersecurity professionals on Naukri, LinkedIn Recruiter, or niche platforms - MBA or postgraduate degree in HR, Business, or a related field - SHRM, HRCI, or equivalent HR certification Company Description As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.
Manager, GRC Engineering
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Develop and Maintain Compliance Frameworks : Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards. • Lead Compliance Certifications : Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure). • Conduct Risk and Security Audits : Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture. • Manage Compliance Team : Lead a team of 3–5 analysts through coaching, mentorship, and performance management to ensure quality and accountability. • Collaborate Cross-Functionally : Partner with internal teams and clients to embed security and compliance best practices and resolve compliance escalations. • Monitor Regulatory Developments : Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls. • Leverage Compliance Automation Tools : Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness.
Senior Manager, Trust Services
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
• Own Executive-Level Client Relationships: Serve as the senior point of contact for a portfolio of strategic accounts, building long-term trust and ensuring clients receive an exceptional, high-touch experience at every stage of the engagement. • Lead and Guide Client Engagements: Provide strategic oversight across multiple trust services engagements, ensuring clients are well-informed, prepared, and confident throughout security reviews, assessments, and contractual negotiations. • Manage Escalations at the Executive Level: Address complex, high-stakes client concerns with professionalism, urgency, and composure — turning challenging situations into opportunities to reinforce trust and loyalty. • Be a Strategic Trusted Advisor: Understand the broader business goals of each client and deliver security and compliance guidance that is not just technically sound, but strategically aligned with their objectives. • Conduct regular reviews of client communications, deliverables, and quality metrics to maintain consistency and excellence across all engagements. • Supervise and mentor managers, analysts, and reviewers across multiple time zones, fostering a culture of performance, accountability, collaboration, and professional growth. • Provide leadership and direction to team managers, setting clear expectations, coaching for performance, and ensuring accountability across the full delivery team. • Drive staffing, hiring, and resource allocation to optimize delivery efficiency and support department scalability as the business grows. • Establish and enforce quality benchmarks across the team, ensuring every client-facing output meets Workstreet’s high standards. • Implement agile practices (Scrum or Kanban) to manage workload distribution, track SLAs, and drive continuous improvement through retrospectives and sprint planning. • Oversee the completion, review, and finalization of client and vendor security questionnaires (SIG, CAIQ, or custom formats). Collaborate with SMEs to validate technical and compliance responses. • Conduct and manage reviews of NDAs, DPAs, MNDAs, and other contractual security clauses. Collaborate with internal and external legal counsel to redline, comment, and ensure alignment with cybersecurity frameworks and risk posture. • Utilize AI-powered tools to accelerate first-pass reviews and integrate SME feedback to improve accuracy and speed. • Partner with Legal, Compliance, IT, and Sales teams to align responses, ensure contractual compliance, and resolve escalations.
29more opportunities are still waiting for you.Log in now and take your next shot before someone else does.