Senior Information Security Analyst

Information Security | San Francisco, CA, United States

Reporting to the Chief Information Security Officer, the Senior Information Security Analyst is responsible for risk assessment based on application, data, and technology architectures; for solution design and information security policy development and maintenance (policy/standard/baseline); for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. The Senior Information Security Analyst will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments. This will require practical use and understanding of security protocols and standards, and solid knowledge of information security principles and practices.

Responsibilities:

  • Manage information security policy lifecycle including policy creation, maintenance, and decommission, policy exception/waiver management process and policy change requests
  • Assess information security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture. This will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices
  • Assist with enterprise-wide risk assessment processes
  • Coordinate cross-functional team meetings to remediate previously identified security risks and close out pending action plans
  • Architect, develop, deploy and support information security systems and solutions such as strong authentication, key management, IPS, SIEM, antimalware, and others
  • Proactively assesses potential items of risk and opportunities of vulnerability in the network
  • Interact with internal and external customers on security-related projects and operational tasks
  • Participate in 24x7 Information Security Response team

Requirements:

  • At least 8 years of experience in the Information Security domain[s] and 10+ years overall technology experience
  • BS or MS degree in Computer Science
  • Experience in IT regulation and compliance standards, such as SSAE-16/AT-101, ISO 27001/27002
  • Practical use and implementation of solid knowledge of information security principles and practices; Understanding of IT methodologies, such as software development lifecycle and operations
  • Exposures in IT security baseline and procedures development
  • Strong analytical and problem solving skills and the ability to 'think-out-of-the-box'
  • Able to work independently or with a team
  • Beneficial but not required: Knowledge of Security Practices for Cloud Computing Environments: (SaaS, PaaS, IaaS)

Specific technology and compliance knowledge:

  • UNIX, Windows, Linux, Network LAN and WAN, Firewalls, Access controls, Authentication, Authorization, Encryption, IPS, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, Proxy services. UML and BPMN are a plus
  • ISO 27001/27002/27005, PCI DSS, HIPAA (and other industry specific), related NIST standards. COBIT and TOGAF are a plus
Benefits include:
  • Stock Options
  • Full Medical, Dental, Vision and Life Insurance; Flexible Spending Account; 401k; unlimited PTO
  • Commuter benefits
  • Gym membership subsidy
  • Community kitchen fully stocked with healthy food (plus diet coke)
  • Catered lunches every day
  • Awesome swag including hoodies, solar panel backpacks and your very own superhero alter ego
  • Mac laptop provided to all employees
  • A bright, modern office with 360-degree views of San Francisco, and close to public transportation
  • Planetarium hammock nap room
  • Rec room with PS4, full size pool table, ping pong and foosball
  • Company sponsored happy hours and off-sites