VP, Security

Brightspot is seeking a VP of Security to own and elevate the company’s security posture, embedding security as a core part of how Brightspot builds, ships, and supports software.

This is a hands-on leadership role for a deeply technical security expert who enjoys building and operating security programs—not just defining policies. You will be responsible for strengthening Brightspot’s security architecture, leading compliance initiatives, and ensuring our platform meets the rigorous security and compliance expectations of enterprise and government customers.

You will work closely with Engineering, Platform, and Infrastructure leadership to implement practical security solutions while also partnering with Sales and Customer teams to position Brightspot as a trusted, secure enterprise platform.

This role reports to the executive team and will lead a small but growing security function, with the opportunity to define and scale security practices across the organization.

Responsibilities

• Own and continuously improve Brightspot’s overall security posture across platform, infrastructure, and internal systems
• Conduct a comprehensive security audit of the Brightspot ecosystem and define a roadmap for strengthening security practices
• Lead and maintain security compliance initiatives including SOC 2, GDPR, and other enterprise security frameworks
• Design and implement security architecture, controls, and automation across cloud infrastructure and development workflows
• Build and operate internal security monitoring and incident response capabilities
• Implement and manage firewalls, access controls, secrets management, and network security policies
• Partner with Engineering and Infrastructure teams to ensure secure software development and deployment practices
• Support the Sales organization in enterprise and government sales cycles, positioning Brightspot as an industry-leading secure platform
• Work directly with enterprise and government customers to address security reviews, audits, and technical due diligence
• Establish clear security metrics, reporting, and improvement plans
• Lead and mentor security team members as the function grows
  
  

Qualifications

• 15 years of deep hands-on experience in security engineering or infrastructure security
• Proven experience implementing and operating security programs, not just writing policies
• Expertise in cloud security environments (AWS or equivalent)
• Experience leading security compliance initiatives such as SOC 2, GDPR, or similar frameworks
• Strong technical understanding of network security, firewalls, access control, and secrets management
• Experience building or improving security monitoring, incident response, or SOC operations
• Ability to work closely with engineering teams and translate security requirements into practical implementation, including the use and evaluation of open-source security tooling
• Experience supporting enterprise security reviews and customer-facing technical discussions
• Demonstrated ability to identify risks and drive issues through to resolution
• Excellent communication skills with both technical and non-technical stakeholders
• Must hold security certifications such as CISSP, CISM, or equivalent
  
  

Preferred Qualifications

• Active U.S. security clearance
• Experience working with government customers or regulated environments
• Strong familiarity with federal security frameworks and compliance requirements
  
  

Hybrid Expectations

• This is a hybrid position. Candidates are expected to work on-site at our Reston office 3 days per week.
  
  

Compensation & Benefits

• The starting salary range for this role is $180,000 with bonus potential.
• Benefits include health, dental, and vision insurance, 3 weeks paid vacation, paid sick leave, paid company holidays, Safe Harbor 401(k) with employer matching, continuing education stipend, and a 3-week paid sabbatical after your 5th anniversary.