Security Analyst

<div class="content-intro"><h2>About Us:</h2> <p>Forage is building the modern payments stack that powers inclusive commerce. Our technology enables grocers, delivery platforms, and point-of-sale systems to seamlessly accept EBT payments both online and in-store. Beyond infrastructure, we’re helping SNAP EBT shoppers stretch their grocery budgets every week, making healthy food more affordable and accessible to the 42 million Americans on food assistance.​</p> <p>Backed by leading fintech investors, Forage is a fast-growing startup with a clear vision and real-world impact, feeding tens of thousands of families daily. Our team is made up of kind, driven individuals who take ownership, move quickly, and collaborate closely. We value humility, curiosity, and a shared commitment to making a difference.​</p> <p>We’re not just building payments infrastructure — we’re helping feed tens of thousands of families each day, and transforming grocery access for millions more. <a class="c-link" href="https://www.youtube.com/watch?v=VBj55AWz74w" target="_blank" data-stringify-link="https://www.youtube.com/watch?v=VBj55AWz74w" data-sk="tooltip_parent">Watch our story and see why we do what we do</a>.</p></div><h2><strong>What we are looking for: </strong></h2> <p>We’re looking for a Security Analyst to help keep Forage’s security and compliance programs running smoothly as we scale. You’ll own the operational backbone of our security practice. You will ensure our policies, controls, audits, and evidence stay organized, up-to-date, and ready for scrutiny. You’ll work closely with our Head of Security to turn strategic decisions into consistent day-to-day execution. </p> <p>This is a hands-on role for someone who enjoys structure, documentation, problem-solving, and a broad variety of small-but-important tasks across security, compliance, and infrastructure.</p> <h2><strong>Qualifications: </strong></h2> <ul> <li>1-4 years of experience in GRC, security compliance, IT audit or security operations.</li> <li>Familiarity with SOC 2, PCI DSS, ISO 27001, or similar security frameworks.</li> <li>Ability to read and understand python code to validate security fixes</li> <li>Strong organizational and documentation skills</li> <li>Ability to own and prioritize multiple tasks open at once</li> <li>Experience with vendor assessments, access reviews, evidence collection, or audit support</li> <li>Comfort working with technical teams, asking clarifying questions, and escalating when need</li> <li>Nice to have: Payments experience</li> <li>Nice to have: Knowledge of penetration testing workflows</li> <li>Nice to have: ability to read node </li> </ul> <h2><strong>Key Responsibilities: </strong></h2> <ul> <li>Triage and manage incoming security requests from entire company</li> <li>Own and manage the full vendor security assessment lifecycle (new vendors and annual reviews)</li> <li>Own and build device management and provisioning process</li> <li>Troubleshoot and enhance in-office IT, wifi and physical security</li> <li>Partner with product/engineering teams to clarify which controls apply to new features, systems, or architectural changes</li> <li>Read python code to understand vulnerabilities and help validate fixes and make small bug fixes or configuration updates when appropriate</li> <li>Maintain organized, audit-ready repositories of policies, SOC reports, and control documentation</li> <li>Assist with security questionnaires from enterprise customers</li> <li>Coordinate evidence collection and organize materials for quarterly/annual audits</li> <li>Update and refine security policies to reflect current controls and organizational practices</li> <li>Track remediation of security findings from vulnerability scans, pentests, and audits</li> </ul> <h1><strong style="font-size: 14px;">Our Offer:</strong></h1> <p>Your base salary would fall within the bands below. Please keep in mind that the equity portion of your offer is <em>not</em> included in these nu ... (truncated, view full listing at source)