Product Security Analyst III at Extrahopnetworks (Remote)

About the role

At ExtraHop, we’re on a mission to protect and empower the connected enterprise. We reveal what is happening in the very infrastructure that sustains businesses, lives, and communities, and ensure the integrity of networks, data, systems, and processes. Organizations rely on ExtraHop to provide visibility into the cyber threats, vulnerabilities, and network performance issues that evade their existing security and IT tools. With this insight, organizations can investigate smarter, stop threats faster, and keep operations running.

Our mission is fueled by a profound social and moral responsibility to be the best at what we do, ensuring a secure world where everyone can thrive. If this sounds like a place you’d like to spend the next chapter of your career, we’d love to hear from you.

Position Summary

By joining ExtraHop as a Product Security Analyst, you’ll directly contribute to strengthening the security and compliance posture of ExtraHop’s market-leading products. Collaborate with top-tier professionals to innovate and uphold the highest standards in cloud security.

You will play a key role in establishing, maintaining and enhancing our compliance with FedRAMP, SOC 2, ISO 27001 and other security and regulatory frameworks. Your expertise will ensure that security controls, monitoring processes, vulnerability management, and risk mitigation strategies meet rigorous standards. Collaborating across teams, you will drive initiatives related to system security planning, vulnerability management and continuous monitoring while supporting audits and responding to compliance requirements.

Key Responsibilities

Run FedRAMP Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders; manage asset inventory, vulnerability scan findings, and the Plan of Action & Milestones (POA&M) document
Manage vulnerability detection and response pipelines, including tools, reporting and tracking
Lead the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
Develop and provide vulnerability findings and responses for internal and external stakeholders, including customers
Collaborate with the Director of Product Security to handle customer and pre-sales security inquiries
Assist in addressing compliance requirements for various standards, (e.g., CSA STAR, ISO 27001, DoDIN APL, NIAP, FIPS, CMMC, IL4), supporting gap assessments and facilitating audits (including coordinating evidence collection and submission)
Develop a product security compliance roadmap and coordinate key activities across the organization to achieve milestones
Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
Work with security information & event management (SIEM) tooling and other systems to perform security investigations
Perform and/or lead security incident response activities
Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections

Required Qualifications

5+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, SOC 2, or similar
2+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
Bachelors degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field
Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies
Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments
Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools
Exceptional analytical skills to effectively manage and resolve security and compliance issues
Proven ability to communicate complex security concepts to technical and non-technical audiences
All R&D Employees will be required to attend 2 mandatory in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each
Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum

Preferred Qualifications

Experience supporting certifications like SOC 2, ISO 27001; familiarity with additional federal or industry security frameworks (e.g., CMMC, IL4, DoDIN APL, NIAP, FIPS)
Strong project management skills with the ability to balance compliance initiatives and security operations

Experience working in a security operations center (SOC) and/or leading security incident response activities
Relevant security certifications such as CISSP, CISA, or CISM are preferred

The salary range for this role is $135,000 - $149,000 + bonus + benefits

ABOUT EXTRAHOP

ExtraHop is reinventing Network Detection and Response (NDR) to offer enterprises unparalleled visibility, context, and control against emerging threats. The platform integrates NDR with Network Performance Management (NPM), Intrusion Detection Systems (IDS), and forensics, providing a single, comprehensive solution. By decrypting and analyzing complete packet-level data at wire speed and leveraging cloud-scale machine learning, ExtraHop empowers Security Operations Centers (SOCs) to detect, investigate, and remediate modern cyber risks in real time across their entire hybrid infrastructure, including data center, cloud, and SASE environments.

This comprehensive approach and market innovation have earned ExtraHop unique recognition as the only NDR vendor acknowledged as a leader by all major analyst firms, including the 2025 Gartner® Magic Quadrant for Network Detection and Response™, the 2025 Forrester® Wave for Network Analysis and Visibility, the 2024 IDC® Marketscape for NDR, and the 2025 Gigamon® Radar Report for Network Detection and Response. Since 2007, ExtraHop has consistently helped organizations worldwide extract in-depth network telemetry and contextual insights, affirming its commitment to protecting and empowering the connected enterprise.

OUR VALUES

Our culture is rooted in our five Values. These set the expectations for how we work individually and collectively as a team.

Lead with Purpose: We are driven to deliver results that create a positive impact for our customers, partners, and colleagues.

Act with Integrity: We operate with transparency, authenticity, and always in the best interest of the company.

Find a Way: We are resourceful, tackle hard problems with a sense of urgency and ownership, and do what it takes to get the job done.

Innovate: We listen to customers, partners, and the market, and respectfully push boundaries and challenge the status quo.

Share Success: We run together, we win together. We value diverse perspectives, hold space for all voices, and achieve the best results as a team.

BENEFITS

Employees' wellbeing is top of mind for the ExtraHop team. Employees and their families will have the option to participate in the following benefits:

Health, Dental, and Vision Benefits
Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
FSA and Dependent Care Accounts + EAP, where applicable
Educational Reimbursement
401k with Employer Match or Pension where applicable
Pet Insurance (US Only)
Parental Leave (US Only)
Hybrid and Remote Work Model

Our people are our most important competitive advantage, leading the charge against cyber criminals. Join the fight today!

To learn more, visit our website or follow us on LinkedIn.

Create a Job Alert

Interested in building your career at ExtraHop? Get future opportunities sent straight to your email.

About the role

Position Summary

Key Responsibilities

Run FedRAMP Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders; manage asset inventory, vulnerability scan findings, and the Plan of Action & Milestones (POA&M) document
Manage vulnerability detection and response pipelines, including tools, reporting and tracking
Lead the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
Develop and provide vulnerability findings and responses for internal and external stakeholders, including customers
Collaborate with the Director of Product Security to handle customer and pre-sales security inquiries
Assist in addressing compliance requirements for various standards, (e.g., CSA STAR, ISO 27001, DoDIN APL, NIAP, FIPS, CMMC, IL4), supporting gap assessments and facilitating audits (including coordinating evidence collection and submission)
Develop a product security compliance roadmap and coordinate key activities across the organization to achieve milestones
Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
Work with security information & event management (SIEM) tooling and other systems to perform security investigations
Perform and/or lead security incident response activities
Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections

Required Qualifications

5+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, SOC 2, or similar
2+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
Bachelors degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field
Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies
Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments
Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools
Exceptional analytical skills to effectively manage and resolve security and compliance issues
Proven ability to communicate complex security concepts to technical and non-technical audiences
All R&D Employees will be required to attend 2 mandatory in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each
Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum

Preferred Qualifications

Experience supporting certifications like SOC 2, ISO 27001; familiarity with additional federal or industry security frameworks (e.g., CMMC, IL4, DoDIN APL, NIAP, FIPS)
Strong project management skills with the ability to balance compliance initiatives and security operations

Experience working in a security operations center (SOC) and/or leading security incident response activities
Relevant security certifications such as CISSP, CISA, or CISM are preferred

The salary range for this role is $135,000 - $149,000 + bonus + benefits

ABOUT EXTRAHOP

OUR VALUES

Our culture is rooted in our five Values. These set the expectations for how we work individually and collectively as a team.

Lead with Purpose: We are driven to deliver results that create a positive impact for our customers, partners, and colleagues.

Act with Integrity: We operate with transparency, authenticity, and always in the best interest of the company.

Find a Way: We are resourceful, tackle hard problems with a sense of urgency and ownership, and do what it takes to get the job done.

Innovate: We listen to customers, partners, and the market, and respectfully push boundaries and challenge the status quo.

Share Success: We run together, we win together. We value diverse perspectives, hold space for all voices, and achieve the best results as a team.

BENEFITS

Employees' wellbeing is top of mind for the ExtraHop team. Employees and their families will have the option to participate in the following benefits:

Health, Dental, and Vision Benefits
Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
FSA and Dependent Care Accounts + EAP, where applicable
Educational Reimbursement
401k with Employer Match or Pension where applicable
Pet Insurance (US Only)
Parental Leave (US Only)
Hybrid and Remote Work Model

Our people are our most important competitive advantage, leading the charge against cyber criminals. Join the fight today!

To learn more, visit our website or follow us on LinkedIn.

Create a Job Alert

Interested in building your career at ExtraHop? Get future opportunities sent straight to your email.

Product Security Analyst III

Summary

About the role

Related jobs

Product Security Analyst III

Summary

About the role

Related jobs