Security Consultant – SecOps

By Tim Mektrakarn - CISSP | CISA | ISO 27001 | August 9, 2024

Bright Defense  ·  SecOps Team  ·  Now Hiring

Security Consultant

SecOps — GRC, Risk & Compliance Advisory — Mid-Level

Full-Time Remote SecOps 5+ Years Experience

We’re looking for a mid-level Security Consultant to join our SecOps Team — someone who can work with clients at every level of an organization and translate complex frameworks into actionable, business-relevant steps. You’ll sit at the center of our delivery model, coordinating with Internal Auditors, ISMs, and Offensive Security to drive real outcomes for clients. If you’re humble, hungry, and smart, this role was built for you.

About Bright Defense

Bright Defense is dedicated to delivering top-tier Security, Risk, and Compliance consulting services. Our commitment to excellence, participation, integrity, and collaboration sets us apart in the industry. We strive to create a dynamic and inclusive environment where innovation and teamwork drive success.

Who we look for

Humble

Self-aware, genuine, and always willing to learn from others

Hungry

Goes above and beyond for clients and colleagues; passionate about learning and technology

Smart

Connects people, data, trends, and experiences; navigates diverse audiences with ease

What we do

Our SecOps Security Consultants work with clients at all organizational levels — from the C-suite to the shop floor — helping them achieve their most strategic security initiatives. You’ll serve as the strategic lead on client engagements, guiding Internal Auditors, Information Security Managers, and other SecOps colleagues as you deliver realistic, data-driven decisions that break complex programs into actionable steps.

Key responsibilities

Program & compliance delivery

  • Lead Cybersecurity, Information Security, Risk, Compliance, and Data Privacy programs for a portfolio of SecOps clients
  • Compliance and regulatory framework mapping and implementation
  • Advisory-side risk and regulatory remediation management
  • Readiness planning for new laws and regulations
  • Audit or certification readiness — coordinating Internal Auditors and ISMs toward external audit success
  • Change management related to regulatory adoption or compliance changes

Controls & strategy

  • Create roadmaps to mature Risk, Compliance, and Information Security strategies, programs, and controls
  • Design and enable cyber controls functions and processes
  • Design or mature controls across Software Development, IAM, Business Continuity, and Cloud environments
  • Risk, Compliance, and Information Security risk reporting and monitoring

GRC & audit

  • Assist with GRC-related tasks, projects, and tooling across the SecOps client portfolio
  • Apply industry-specific regulations and standards — SOC 2, ISO 27001, CMMC/NIST 800-171, NIST 800-53, CCPA/CPRA, HIPAA, PCI DSS
  • Oversee internal audit activities and coordinate clients through external audits
  • Align audit activities with the overall security strategy for each engagement

SecOps team leadership

  • Serve as the strategic lead for your assigned client POD — guiding ISMs, Internal Auditors, and SecOps colleagues
  • Coordinate with Offensive Security on findings that affect client compliance posture
  • Contribute to SecOps team objectives through internal syncs, knowledge sharing, and process improvement
  • Continuously develop expertise and grow toward Senior Consultant responsibilities

Cross-functional collaboration

Internal Auditors
Info Security Managers
Offensive Security
Governance

Qualifications

Required
  • Demonstrated business and technology acumen
  • Strong written and verbal communication skills
  • Experience solving real business problems and delivering measurable results
  • Ability to work across industries, roles, functions, and technologies
  • Experience leading or supporting a team in a consulting or client-facing environment
  • Authorization for permanent employment in the United States (not eligible for immigration sponsorship)
Preferred
  • Bachelor’s degree
  • 5+ years of professional experience in cybersecurity, GRC, or compliance
  • Experience across Bright Defense service offerings — SOC 2, HIPAA, CMMC, ISO 27001, PCI DSS
  • Familiarity with GRC platforms such as Drata, Vanta, or Thoropass
  • Experience supporting clients in regulated sectors — defense, healthcare, fintech, or SaaS

Relevant certifications

CC (Certified in Cybersecurity) CISA CISM CISSP CEH CCNA CompTIA Security+ GISF GSEC SSCP ISACA Cybersecurity Fundamentals

Compensation & perks

  • Competitive base salary — range shared during screening
  • Remote-first with flexible working hours
  • Certification reimbursement across all relevant certs
  • Direct access to Bright Defense co-founders and leadership
  • Exposure to diverse client engagements across defense, healthcare, and fintech
  • Clear growth path toward Senior Consultant and beyond

Bright Defense is an equal opportunity employer. We build diverse, high-trust teams.  |  brightdefense.com

Job Category: Security Operations (SecOps)
Job Type: Full Time
Job Location: Remote

Apply for this position

Allowed Type(s): .pdf, .doc, .docx