Cybersecurity & Compliance Analyst

Job Title: Cybersecurity & Compliance Analyst

Location: Remote (US-only)

About InMarket

Since 2010, InMarket has been the leader in 360-degree consumer intelligence and real-time activation for thousands of today’s top brands. Through InMarket's data-driven marketing platform, brands can build targeted audiences, activate media in real time, and measure success in driving return on ad spend. InMarket's proprietary Moments offering outperforms traditional mobile advertising by 6x.* Our LCI attribution platform, which won the MarTech Breakthrough Award for Best Advertising Measurement Platform, was validated by Forrester to drive an average of $40 ROAS for our clients. 

*Source: Wordstream US Google Display Benchmarks for Mobile Media

About the Role

InMarket is building a lean, AI + MDR-first cybersecurity program designed to protect high-velocity, cloud-native SaaS business without stifling innovation. We are seeking a Cybersecurity & Compliance Analyst with a strong incident response background and a sharp eye for compliance.

This role requires a hands-on security operator who can investigate and contain threats in GCP/AWS, validate MDR escalations, identify vulnerabilities before they become incidents, and keep the organization continuously audit-ready (SOC 2, ISO 27001). You’ll be a technical partner to engineering teams while also serving as a compliance and legal liaison, ensuring security requirements are consistently met across development, operations, and customer engagements.

Your Daily Impact as a Cybersecurity & Compliance Analyst

Cloud Security & Threat Detection

• Partner with GCP (primary) and AWS engineering teams to design and enforce secure configurations, IAM models, and network controls.
• Continuously monitor cloud environments for misconfigurations, anomalous activity, and vulnerabilities using MDR/AI platforms.
• Analyze logs, threat intel feeds, and detection data to proactively identify attacker technique (MITRE ATT&CK alignment).
• Provide technical guidance on hardening, segmentation, encryption, and workload isolation.

Incident Responses & Threat Management

• Validate, investigate, and triage escalated alerts from MDR/MSSP and AI detection systems.
• Lead initial incident response: log analysis, containment, root cause identification, and coordination with engineering teams.
• Escalate to external IR retainers or cyber insurance partners when needed, ensuring seamless handoff.
• Maintain and refine playbooks for cloud-centric incident response scenarios (compromised IAM, data exfil, API abuse).
• Track false positives and escalation trends; recommend improvements to detection logic and automation.

Compliance & Continuous Audit Readiness

• Own evidence collection and control validation for SOC 2 Type II and ISO 27001.
• Map GCP security controls against compliance frameworks to ensure ongoing adherence.
• Partner with Legal on GDPR/CCPA and customer data privacy considerations.
• Maintain audit-ready repositories; every control must be defensible at any time.

Legal & Client Security Requests

• Complete client security questionnaires, RFP responses, and due diligence requests with accuracy and speed.
• Ensure responses align with InMarket’s policies, risk appetite, and compliance posture.
• Maintain a centralized tracker of all legal/security requests, deadlines, and owners.
• Collaborate with Legal for review and VP InfoSec for final approval before delivery.

Risk & Assurance

• Manage vendor security assessments and support third-party risk reviews.
• Oversee penetration testing engagements, validate findings, and track remediation to closure.
• Produce regular reporting on threat landscape, vulnerabilities, and cloud security posture.

Governance & Communication

• Deliver weekly reports covering incidents, escalations, vulnerabilities, compliance evidence, and legal request status.
• Communicate findings and risks clearly to both technical teams and the VP of Information Security.
• Serve as a bridge between InfoSec and platform teams, balancing innovation with security and compliance.

Your Experience and Expertise

• 5+ years in cybersecurity with proven cloud security and incident response experience.
• Prior exposure to MDR/MSSP workflows and escalation processes.
• Track record of managing compliance (SOC 2, ISO 27001) in a cloud-native SaaS company.
• Strong GCP security expertise (IAM, VPC Service Controls, Cloud Logging/Monitoring, workload identity, org policies).
• Familiarity with AWS security best practices.
• Proficiency in threat detection, log analysis, and response workflows in cloud environments.
• Experience with penetration testing oversight and vulnerability management tools.
• Understanding of MITRE ATT&CK, cloud attack vectors, and incident response frameworks (NIST, SANS).
• Strong communicator capable of engaging engineers, auditors, and legal counsel with equal clarity.
• Astute at balancing operation speed with compliance rigor.
• Highly accountable, organized, and detail-oriented, able to juggle investigations, compliance, and client needs simultaneously.

Nice-to-Haves

• Google Cloud Security Engineer Certification, CISSP, CCSP, or equivalent.

Benefits Summary

• Competitive salary, stock options, flexible vacation
• Medical, Dental and Flexible Spending Account (FSA)
• Company Matched 401(k)
• Unlimited PTO (Within reason)
• Talented co-workers and management
• Agile Development Program (For continued learning/professional development)
• Paid Paternity & Maternity Leave

For candidates in California, Colorado, and New York City, Illinois, Minnesota, New Jersey, Vermont, Washington and Massachusetts, the Targeted Base Salary Range for this role is $128,700 to $188,900. This role is also eligible for an 8% bonus based on achievement of company goals.

Actual salaries will vary depending on factors including but not limited to work experience, specialized skills and training, performance in role, business needs, and job requirements. Base salary is subject to change and may be modified in the future. Base salary is just one component of InMarket’s total rewards package that also may include bonus, equity, and benefits.  Ask your recruiter for more information!

At InMarket, diversity is not just a value, it’s the very essence of who we are. It’s about recognizing and celebrating the unique perspectives each of us brings, from our colleagues to the communities we serve.We are committed to embracing the full spectrum of backgrounds, beliefs, abilities, and life experiences, knowing that this diversity strengthens us. At InMarket, our commitment to Diversity, Equity, and Inclusion means valuing each individual’s unique contributions. Together, we thrive.

InMarket is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.

Privacy Notice for California Job Applicants: https://inmarket.com/ca-notice-for-job-applicants/

#LI-Remote