Job Closed

This listing is no longer active.

Appfire logo
Appfire

Appfire is a computer software company that has been recognized as a “global authority” on Atlassian products and software. As an employer, the company aims

GRC Security Analyst - Information Security

Location

Worldwide

Posted

40 days ago

Salary

0

Seniority

Mid Level

Job Description

GRC Security Analyst - Information Security

Appfire

Role Description Do you have a strong understanding of information security GRC operations? Have you built lasting relationships with business owners and vendors? Appfire, the leading provider of Atlassian apps, is looking for a creative problem-solver and a self-starter to join our Information Security team. The GRC Security Analyst will handle diverse security-related tasks and issues for our rapidly growing company, including managing risk through a shared vision with Appfire’s business leaders. You’ll work within the GRC department managing diverse governance, risk and compliance security-related tasks and issues for our rapidly growing company, with a focus on people, practices, systems, and metrics. You’ll be asked to keep up with the latest industry requirements and will assist in the identification of security risks and the associated execution of remediation and corrective action plans, ensuring we are following up with those steps previously agreed upon by the business. Additionally, you’ll participate in regular vendor reviews and ensure compliance with Appfire policy, as well as provide ISO 27001 and other audit support. If you’re a highly organized, detail-oriented expert communicator, let’s chat! You will be expected to engage in professional development to maintain continual growth in professional skills and knowledge essential to the position and thrive in a highly collaborative workplace. Qualifications - Bachelor’s Degree in Computer Science, Information Security, Engineering, related curriculum, or equivalent experience. - 2+ years of experience working in information security risk and/or compliance roles. - Knowledge of common Information Security frameworks such as CIS, ISO 27001 & SOC 2. - Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure, Heroku, GCP). - Ability to work effectively within a fast paced, changing environment that is going through high growth. - A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions. - Creative problem solving required. - Excellent interpersonal and communication skills. - CISA, CISSP or similar security/GRC focused certifications a plus. Requirements - Work on the coordination and facilitation of Appfire’s security governance goals and initiatives. - Support our sales channels regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation. - Conduct assessments related to vendor risk management and following up on associated findings. - Provide support for regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, etc.). - Identify, document, and track information security policy related non-conformities and assist in developing and monitoring corrective action plans. - Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans. - Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans. - Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security. - Assist in the monitoring of business continuity (BC) and disaster recovery (DR) testing. - Perform periodic compliance checks across the Appfire organization. - Provide support for the coordination and execution of integration plans for Appfire acquisitions. - Support the annual review and update of information security related policies and processes. - Participate in and support annual security awareness campaigns. - Handle sensitive and/or confidential material and information with suitable discretion. Benefits - Equity: Every Appfire team member is eligible for company equity, fostering a true sense of ownership and connection to our growth. - Time Off & Wellbeing: - 26 paid vacation days annually, regardless of tenure. - 12 Wellness Days — one fully paid day off each month to recharge, available on an ad-hoc basis and not carried over month to month. - 24 hours of paid volunteer time to support meaningful causes outside of work. - 3 fully paid volunteering days each year through Appfire Town, our Corporate Social Responsibility (CSR) program supporting local communities. - Learning & Development: Grow with Appfire University — our custom, on-demand learning platform designed to support continuous learning and professional development. - Health & Insurance: - Fully covered Luxmed private healthcare plan. - Option to extend coverage to your partner or add personalized upgrades. - UNUM life insurance, fully paid by Appfire. - Lifestyle & Benefits: - MyBenefit Platform with 150 PLN per month to spend on: - a Multisport card - shopping - restaurants - entertainment experiences - Lunch Card with 300 PLN monthly for groceries or dining out via a virtual prepaid Pluxee card (Google Pay or Apple Wallet supported). - Remote Work Support: Receive 200 PLN net per month as a home office allowance to help cover electricity and internet costs while working remotely.

Related Categories

Related Job Pages

More Security Engineer Jobs

TrueCommerce logo

Systems Security Engineer

TrueCommerce

Unlock the true potential of your supply chain.

Full TimeRemoteTeam 1,001-5,000H1B No Sponsor

• Design, implement, and maintain security controls across Windows and Linux systems • Manage and optimize Check Point, Cisco, and FortiGate firewall infrastructure, including policy design and advanced threat prevention • Manage and optimize Web Application Firewall solutions such as F5 WAF or Check Point CloudGuard • Manage and optimize endpoint detection and response (MDR/EDR/XDR) solutions such as Palo Alto Cortex or Microsoft Defender for Servers • Standardize and harden cryptographic policies and TLS configurations across enterprise systems • Develop and maintain security baselines, hardening guidelines, and automated security configurations • Monitor, analyze, and respond to security incidents • Conduct vulnerability assessments and guide remediation • Provide documentation and mentor junior team members

United States

Platform Security Lead

Defcon AI

Resilience In The Face Of Disruption

Full TimeRemoteTeam 11-50H1B No Sponsor

• Define and execute the ATO pathway, including responsibility allocation across government and contractor teams • Author and maintain RMF documentation (SSP, SAP, SCTM, ConMon) in accordance with DoDI 8510.01 and NIST 800-53 • Coordinate with eMASS and Authorizing Officials on assessment and authorization activities • Lead continuous monitoring and reauthorization efforts across the system lifecycle • Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge) • Evaluate and guide selection of DoD-approved cross-domain solutions • Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, REL_TO, ORCON) • Review system architecture to ensure compliant handling of classified data flows • Support secure operation across NIPR, SIPR, and higher classification environments • Define authorization approaches (inheritance vs. standalone ATOs) across enclaves • Ensure security posture scales without requiring fundamentally different architectures • Serve as the authoritative internal resource for DoD security and RMF-related questions • Advise on container security, RBAC, service mesh security, PKI/CAC integration, and secrets management • Define expectations for security scanning, container hardening, and vulnerability management (without owning the pipeline) • Evaluate new capabilities for security and authorization impacts prior to production deployment

United States
$175K - $215K / year
Full TimeRemoteTeam 11-50H1B Sponsor

• Define and execute the ATO pathway, including responsibility allocation across government and contractor teams • Author and maintain RMF documentation (SSP, SAP, SCTM, ConMon) in accordance with DoDI 8510.01 and NIST 800-53 • Coordinate with eMASS and Authorizing Officials on assessment and authorization activities • Lead continuous monitoring and reauthorization efforts across the system lifecycle • Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge) • Evaluate and guide selection of DoD-approved cross-domain solutions • Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, REL_TO, ORCON) • Review system architecture to ensure compliant handling of classified data flows • Support secure operation across NIPR, SIPR, and higher classification environments • Define authorization approaches (inheritance vs. standalone ATOs) across enclaves • Maintain alignment with evolving joint and service-level security requirements

Virginia
$175K - $215K / year
Pipe logo

Lead Security Engineer

Pipe

Pipe has built the world’s first trading platform to help founders access the capital they need to grow on their terms.

Full TimeRemoteTeam 51-200Since 2020H1B Sponsor

• Review and help design robust security standards and monitoring • Maintain and improve our policy-as-code platform to enable rapid detection and response • Work closely with our Infrastructure team to ensure cloud-based deployments have proper monitoring and adhere to our policies • Manage SOC II audits, set a high standard for compliant software and processes, and ensure we consistently meet those standards • Participate in on-call rotation to support critical security issues • Own the vulnerability disclosure program and triage inbound reports to security@ • Run periodic tabletop exercises and incident response drills • Maintain security policies and lead recurring reviews (e.g., firewall changes, security reviews) • Lead responses to partner and customer security questionnaires • Maintain the security risk register, track remediation, and produce periodic security metrics for leadership

North America
$150K - $220K / year