Product Security Compliance Lead

ABOUT THE ROLE

Second Front Systems (2F) is seeking an ambitious and mission-driven Product Security Compliance Lead to join our growing security organization. Reporting to the VP of Security, this role is a senior technical leader on the team. We are a dynamic, fast-growing entrepreneurial company at the intersection of cutting-edge technology and national security, committed to delivering transformative solutions that empower our nation's defenders.

At 2F, we thrive on innovation and purpose, combining a startup's agility with a clear mission to support national security. You will be at the forefront of turning security and compliance into a competitive advantage by automating the trust boundary and moving away from "static paperwork" toward a future of Continuous Authorization. If you're a former ISSM or Security Architect who is excited by security that unlocks markets and missions rather than just checks boxes, we want to hear from you.

The Product Security Compliance Lead will lead a team of security and compliance specialists responsible for the technical translation and documentation of the security architecture and global accreditation programs that make Game Warden viable in some of the world's most demanding environments. You will shape how we design secure systems by defining control patterns, ensuring we meet stringent accreditation standards (FedRAMP, ISO 27001, US/UK/NATO ATOs), and leveraging AI and automation to produce the clear, defensible documentation and evidence required to prove our posture faster and at scale.

Note: This role requires U.S. citizenship due to government contract requirements. Additionally, candidates must reside in one of our approved hiring hubs:

• DC/Maryland/Virginia

• Raleigh/Durham/Chapel Hill, NC

• Denver/Colorado Springs, CO

• Dallas/Fort Worth/Austin, TX

WHAT YOU’LL DO

• Lead and mentor a team of security engineers and compliance specialists focused on architecture, control implementation, and audit readiness, fostering a culture of ownership, collaboration, and continuous improvement.

• Define and maintain security architecture and control patterns for Game Warden and supporting services, aligned with mission, risk, and accreditation needs.

• Serve as the senior technical lead for the execution of key security accreditations and certifications, including FedRAMP, US agency ATOs, ISO 27001, UK government / NCSC-aligned cloud security expectations, and NATO-related accreditations.

• Lead creation and maintenance of System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), security policies, standards, and technical control narratives, ensuring documentation accurately reflects our architecture, controls, and operating reality.

• Coordinate continuous monitoring activities, significant change reviews, and evidence collection so our accreditations stay current and our controls get stronger over time.

• Partner closely with Security Operations, Cybersecurity Assessment, Product, Engineering, Legal, and Sales teams to support complex customer requirements and unblock deals in highly regulated environments.

• Lead the technical representation of the company in third-party audits (3PAO) and accreditation sessions, ensuring all security documentation and postures are effectively articulated and defended to maintain authorization.

Skills You’ll Bring to Our Team

• 8+ years of experience in information security, with significant time in product / platform security, security architecture, or security engineering.

• Hands-on experience leading technical delivery on one or more security accreditation or certification programs (e.g., FedRAMP, DoD / IC ATOs, ISO 27001, public sector cloud frameworks such as NCSC / UK gov or NATO).

• Demonstrated ability to work with and / or author security documentation such as SSPs, POA&Ms, policies, and technical standards.

• Strong understanding of modern cloud architectures and platforms (e.g., AWS, containers / Kubernetes, SaaS delivery models).

• Comfort partnering with engineering teams on real-world design and implementation, able to propose pragmatic solutions, not just policy language.

• Excellent written and verbal communication skills; able to translate complex security and compliance topics into clear, actionable guidance for both technical and non-technical stakeholders.

• People leadership experience in security or compliance teams.

• Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required.

Preferred Qualifications

• Experience operating in defense, federal government, public sector, or other highly regulated industries.

• Familiarity with frameworks such as NIST 800-53, NIST 800-171, ISO 27001, FedRAMP baselines, and NCSC cloud security principles.

• Prior collaboration with 3PAOs, certification bodies, or accreditation authorities.

• Relevant certifications (e.g., CISSP, CCSP, CISM, ISO 27001 Lead Implementer / Auditor) are a plus, not a prerequisite.

• Experience with infrastructure-as-code, observability, and automation in support of security and compliance goals.

• Prior experience working in cleared or classified environments and with government security / accreditation stakeholders.

The expected base salary range for this role is $137,000–$191,000. Final compensation will be based on factors such as experience, skills, level, and geographic location. This role may also be eligible for discretionary bonuses and equity grants as part of the total compensation package.