OverviewWe are seeking an experienced, talented, energetic, hands-on, and proactive Information Security Analyst to maintain and operate Deem's Information Security programs. You will be responsible for developing policies and driving processes based on a combination of threat intelligence and regulatory compliance.
Responsibilities- Advise senior management in the development, implementation and maintenance of a company-wide information security infrastructure, and ensure appropriate control objectives for system integrity, confidentiality, accountability and assurance within the context of the company's risk tolerance.
- Ensure conformance with enterprise policy standards, which include monitoring metrics, response integration and escalation, and various risk analysis.
- Maintain internal governance and recommend adjustments as threats and practices evolve.
- Operate the information protection effort to comply with industry standard audits including (SSAE-18, SOC , PCI 3.2).
- Determine security violations and inefficiencies by conducting periodic internal audits.
- Develop a prioritized plan to close security gaps. Work with engineering teams (product & operations) to implement solutions.
- Be hands-on where/when appropriate, in installing and evaluating security tools.
- Install and maintain security management and monitoring tools in corporate and production environments, including vulnerability scanning, SEIM, IDS, etc.
- Make sound, well-reasoned recommendations on vendor and tool selection.
- Provide security consultation as needed for product development and industry marketing solutions.
- Manage Internal Penetration Testing & Vulnerability Assessment Tools and Programs.
- Investigate security incidents and recommend actions needed to resolve situations.
- Work with product engineering to test for and fix vulnerabilities in the product code.
- Develop content for and administer Employee Security Training Programs.
Skills & Requirements
Qualifications- 3+ years in the technology industry, 3+ in an information security role
- Expert knowledge of identity management, IDS, SEM/SIEM, WAF
- Industry-standard certifications: CISSP, or equivalent
- Expertise in compliance standards, most notably PCI and SSAE16
- Experience leading security and compliance audits
- Thorough understanding and up-to-date knowledge of the web security threats (XSS, code injection, etc.)
- Strong troubleshooting and forensic skills and ability to effectively work in cross functional teams as needed to resolve issues
- Strong written, oral, and interpersonal communications skills
- Capable of performing penetration tests and collaborating with Engineering on the static security analysis and remediation
- Coding experience with Ruby, Java, Python, Javascript, Bash, or C# are nice to have
Qualifications