Deem

Information Security Analyst

Deem$80K — $110K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years in the technology sector, with at least 3 years in an information security role
  • Expertise in identity management and security tools (IDS, SEM/SIEM, WAF)
  • Possession of industry-standard certifications (CISSP or equivalent)
  • Strong knowledge of compliance standards such as PCI and SSAE16
  • Experience in leading security and compliance audits
  • Up-to-date understanding of web security threats (XSS, code injection, etc.)
  • Exceptional communication and interpersonal skills, both written and oral
  • Proficient in performing penetration tests and collaborating with engineering teams for security remediation
  • Familiarity with programming languages (Ruby, Java, Python, Javascript, Bash, or C#) is a plus

Responsibilities

  • Advise senior management on developing and maintaining information security infrastructure
  • Ensure conformance with enterprise policies through monitoring metrics and risk analysis
  • Maintain internal governance and adapt to evolving security threats
  • Operate compliance with industry-standard audits (SSAE-18, SOC, PCI 3.2)
  • Conduct periodic internal audits to identify security violations and inefficiencies
  • Develop prioritized plans to close identified security gaps in collaboration with engineering teams
  • Install and maintain security management and monitoring tools in corporate environments

Benefits

  • Health, dental, and vision insurance available
  • Retirement plan options
  • Professional development opportunities
  • Flexible work schedule
  • Work-life balance initiatives
Full Job Description
Overview

We are seeking an experienced, talented, energetic, hands-on, and proactive Information Security Analyst to maintain and operate Deem's Information Security programs. You will be responsible for developing policies and driving processes based on a combination of threat intelligence and regulatory compliance.

Responsibilities

  • Advise senior management in the development, implementation and maintenance of a company-wide information security infrastructure, and ensure appropriate control objectives for system integrity, confidentiality, accountability and assurance within the context of the company's risk tolerance.
  • Ensure conformance with enterprise policy standards, which include monitoring metrics, response integration and escalation, and various risk analysis.
  • Maintain internal governance and recommend adjustments as threats and practices evolve.
  • Operate the information protection effort to comply with industry standard audits including (SSAE-18, SOC , PCI 3.2).
  • Determine security violations and inefficiencies by conducting periodic internal audits.
  • Develop a prioritized plan to close security gaps. Work with engineering teams (product & operations) to implement solutions.
  • Be hands-on where/when appropriate, in installing and evaluating security tools.
  • Install and maintain security management and monitoring tools in corporate and production environments, including vulnerability scanning, SEIM, IDS, etc.
  • Make sound, well-reasoned recommendations on vendor and tool selection.
  • Provide security consultation as needed for product development and industry marketing solutions.
  • Manage Internal Penetration Testing & Vulnerability Assessment Tools and Programs.
  • Investigate security incidents and recommend actions needed to resolve situations.
  • Work with product engineering to test for and fix vulnerabilities in the product code.
  • Develop content for and administer Employee Security Training Programs.


Skills & Requirements
Qualifications

  • 3+ years in the technology industry, 3+ in an information security role
  • Expert knowledge of identity management, IDS, SEM/SIEM, WAF
  • Industry-standard certifications: CISSP, or equivalent
  • Expertise in compliance standards, most notably PCI and SSAE16
  • Experience leading security and compliance audits
  • Thorough understanding and up-to-date knowledge of the web security threats (XSS, code injection, etc.)
  • Strong troubleshooting and forensic skills and ability to effectively work in cross functional teams as needed to resolve issues
  • Strong written, oral, and interpersonal communications skills
  • Capable of performing penetration tests and collaborating with Engineering on the static security analysis and remediation
  • Coding experience with Ruby, Java, Python, Javascript, Bash, or C# are nice to have


Qualifications

About Deem

Deem is a cloud-based software company that provides a suite of travel and expense management solutions for businesses. The company's platform includes tools for booking travel, managing expenses, and analyzing data to optimize travel spending. Deem's customers include small and medium-sized businesses, as well as large enterprises. The company was founded in 2000 and is headquartered in San Francisco, California.
Learn more about Deem
Size
201 employees
Industry
Founded
1999

Similar Jobs

More Jobs at Deem

More Information Technology Jobs

Find similar Information Security Analyst jobs: