Security Program Manager

About GovSignals

We are shaping the future of government contracting with breakthrough AI‑driven solutions. We are disrupting a multi‑billion dollar industry and enabling private‑sector technologies to secure government contracts faster than ever, strengthening national security and driving economic growth.

GovSignals has built the most advanced government‑contracting AI platform available. From small businesses to Fortune 500 enterprises, our platform multiplies the opportunities contractors can pursue and empowers them to deliver fully compliant, winning proposals in hours instead of months. As one of the largest aggregators of U.S. government data, we set trends rather than follow them.

The Role

We’re looking for a Security Program Manager to lead and scale GovSignals’ security and compliance programs across FedRAMP High, IL5, CMMC Level 2, and SOC 2. You’ll bridge engineering and compliance — automating evidence, driving audits, and ensuring we stay secure and fast as we grow.

Ideal candidates bring a technical foundation (engineering, DevOps, or security) and hands-on experience guiding a startup through its first major compliance milestones. You’ll think in systems and automation, not spreadsheets, and treat compliance as a way to enable product, sales, and customer trust.

Key Responsibilities

• Build and maintain the master security and compliance program covering FedRAMP High, IL5, CMMC Level 2, SOC 2, and related frameworks.

• Own evidence management end to end: gather artifacts, automate collection where possible, and keep everything audit-ready at all times.

• Lead quarterly and annual security documentation cycles, coordinate penetration tests and red-team engagements, and track remediation plans to closure.

• Act as primary liaison on security questionnaires and customer calls, clearly explaining our posture and roadmap.

• Identify smart, automation-first solutions to compliance roadblocks. Help guide company roadmaps to scope and prepare for compliance changes.

• Partner with engineering to embed secure-by-design practices, including automated policy checks in CI/CD and infrastructure-as-code guardrails.

• Monitor the evolving threat and compliance landscape and propose proactive hardening measures.

Qualifications

• 3+ years leading or contributing to security or compliance programs in a high-growth technology or defense startup.

• Demonstrated success achieving and maintaining FedRAMP High Authority to Operate or equivalent high-impact compliance goals.

• Strong technical fluency — comfortable reading Terraform/YAML/logs and collaborating directly with engineers.

• Proven ability to design and run automated evidence collection, policy management, and vulnerability-tracking workflows.

• Excellent written and verbal communication skills for both technical and executive audiences; comfortable leading customer security reviews.

• Experience coordinating red-team, penetration-test, or bug-bounty programs and translating findings into engineering actions.

• Bonus points for hands-on exposure to Kubernetes, CVEs, Terraform, JAMF, and modern DevSecOps toolchains that accelerate compliance.

Why Join GovSignals?

• Top‑tier compensation for top‑tier talent.

• Premium benefits, including medical, dental, vision, and unlimited PTO.

• Shape the security culture of a fast‑moving AI company serving critical public‑sector missions.

• Join a mission‑driven team that is redefining government contracting while advancing American innovation and security.

Ready to build a best‑in‑class security and compliance program? Apply now and help safeguard the platform that powers the next generation of government solutions.