Pendo's mission is to help companies build great software. We believe that great software is also secure software! The Pendo Security Team, a.k.a. Team Sherlock is here to provide everyone at Pendo the resources that they need to keep the data we are entrusted with secure and to deliver products that are built with security and privacy by design.
Pendo is seeking a Security Compliance Engineer to join our growing team in Raleigh, North Carolina. Reporting to our Director of Security Compliance, you will be working on our compliance-related programs, with an initial focus on our FedRAMP Authorization initiative and subsequently ISO 27001, PCI DSS, and other global compliance frameworks. You will also work closely with engineering, product, and corporate IT teams to achieve the goals of these programs. The ideal candidate is a passionate, highly skilled information security expert who has a customer-focused mindset and is capable of quickly learning new technologies and creatively solving problems.
Responsibilities (what you’ll do):
- Provide analysis and implementation guidance of NIST 800 series, FedRAMP, ISO 27001, PCI DSS, and other related compliance requirements and regulations
- Plan, implement, and maintain security controls to protect the confidentiality, integrity, and availability of data and information systems
- Work closely with engineering and product teams to deliver compliance requirements, provide consultation, and validate implementation
- Communicate compliance requirements, deliverables, and project status to stakeholders, leaders and external partners
- Drive cross-functional execution and validation of compliance deliverables
- Build, execute, and maintain continuous monitoring functions and deliverables, including the Plan Of Action and Milestones (POA&Ms)
- Drive vulnerability remediation in accordance with compliance requirements
- Monitor performance metrics, review logs, and conduct periodic audits to verify the effectiveness of security controls
- Write, edit and manage a wide variety of information security policies, procedures, and other documentation to meet compliance requirements
Qualifications (what you have):
- Bachelor’s Degree or equivalent professional experience
- 2+ years’ experience in:
- NIST SP 800 Series, FedRAMP, FIPS 199, and FISMA frameworks
- Working with subject matter experts and developing, editing, and revising documentation including standard operating procedures, system security plans (SSP), and policies and procedures.
- With continuous monitoring requirements and POA&M management and communication.
- Working with Third-party Assessment Organizations (3PAO)
- Excellent verbal and written communication skills
- Strong understanding of security controls, frameworks and practices
- Strong understanding of vulnerability management, scanning tools and remediation
- Strong critical thinking and decision-making skills
- Strong customer service orientation
- Experience in cloud and application security domains
- Ability to self-manage assigned project tasks
- Ability to work independently with minimal direction
- A growth mindset and love of learning new technologies
Additional Preferred Qualifications:
- One or more industry-recognized security certifications, such as CISSP, CISM, CISA, OSCP, CEH, or CSSK
- Experience working in SaaS companies
- Hands-on experience with scripting and coding to automate systems and security administration tasks (e.g. using a language such as Python)
- Familiarity with multiple security-related frameworks and regulations, such as ISO 27000 series, HIPAA, and PCI
- Familiarity with penetration testing tools and techniques
Pink, Perks, and Such:
Pendo was founded in 2013 by former product managers, who combined their heads and hearts to build something they wanted but never had as product managers -- a simple way to understand and attack what truly drives product success. Our mission is to improve society's experience with software.
Come join one of the fastest-growing startups, supported by best-in-class institutions like Battery Ventures, Salesforce Ventures, Spark Capital and Meritech. You will gain experience in a diverse and exciting set of technologies and clients and have a real impact on Pendo's future. Our culture is passionate, dynamic, and fun.
- Company Equity
- Pendo covers 100% of monthly premium for the HDHP (High Deductible) Medical plan for all employees and their families
- Pendo covers 100% of monthly premium for dental and vision coverage for all employees and their families
- Open vacation policy
- Free weekly lunches and fully stocked kitchen with drinks, goodies and balanced snacks
- Frequent company and team-building events
- Free parking or monthly stipend for other modes of transportation (biking, walking, do you skate?)
- Lots of company swag...hope you like pink!
We are an equal opportunity employer and believe having diverse teams in which everyone brings their whole self to Pendo is key to our success. We welcome people of different backgrounds, experiences, abilities and perspectives.