Product Security Analyst III

Position Summary

By joining ExtraHop as a Product Security Analyst, you'll directly contribute to strengthening the security and compliance posture of ExtraHop's market-leading products. Collaborate with top-tier professionals to innovate and uphold the highest standards in cloud security.

You will play a key role in establishing, maintaining and enhancing our compliance with FedRAMP, SOC 2, ISO 27001 and other security and regulatory frameworks. Your expertise will ensure that security controls, monitoring processes, vulnerability management, and risk mitigation strategies meet rigorous standards. Collaborating across teams, you will drive initiatives related to system security planning, vulnerability management and continuous monitoring while supporting audits and responding to compliance requirements.

Key Responsibilities

• Run FedRAMP Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders; manage asset inventory, vulnerability scan findings, and the Plan of Action & Milestones (POA&M) document
• Manage vulnerability detection and response pipelines, including tools, reporting and tracking
• Lead the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
• Develop and provide vulnerability findings and responses for internal and external stakeholders, including customers
• Collaborate with the Director of Product Security to handle customer and pre-sales security inquiries
• Assist in addressing compliance requirements for various standards, (e.g., CSA STAR, ISO 27001, DoDIN APL, NIAP, FIPS, CMMC, IL4), supporting gap assessments and facilitating audits (including coordinating evidence collection and submission)
• Develop a product security compliance roadmap and coordinate key activities across the organization to achieve milestones
• Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
• Work with security information & event management (SIEM) tooling and other systems to perform security investigations
• Perform and/or lead security incident response activities
• Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections

Required Qualifications

• 5+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, SOC 2, or similar
• 2+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
• Bachelors degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field
• Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methods