SaaS Security Analyst/Auditor

at Jobot
Published December 24, 2020
Location Dallas, TX
Category Default  
Job Type Full-time  

Description

Research the latest vulnerabilities and build solutions to protect against them!

This Jobot Job is hosted by: Jasper Posner
Are you a fit? Easy Apply now by clicking the "Apply on company site" button and sending us your resume.
Salary: $120,000 - $150,000 per year

A bit about us:

THIS IS A 100% REMOTE POSITION AVAILABLE TO CANDIDATES IN THE UNITED STATES, CANADA AND THE UNITED KINGDOM

We are a rapidly growing, profitable B2B Software company with multiple product lines including Application Security, BlockChain, and Mobile Apps. Our growing customer list includes Fortune 500 Companies, iconic brands, and growing start-ups. We have offices in Downtown Boston, San Francisco, Atlanta, Dallas, London, and Tokyo. We foster a collaborative and inclusive work culture that has resulted in employee retention rates and average tenures well above the industry standard. In the past year, we have made several acquisitions. As a result, we are growing our Information Security and Audit team, and as we have major initiatives around assessing our current posture, developing comprehensive and consistent policies across all business units and products. Ideally, we are seeking candidates who have experience developing policies, procedures, and pre-audit to ensure compliance of our various SaaS properties against frameworks including ISO 27001, NIST, Fedramp, ISO 1345. If that sounds like you, please read on!

Why join us?

WHAT'S IN IT FOR YOU

  • Competitive Salary, bonus, and equity
  • A high degree of autonomy, ownership, and impact working with cutting edge technology
  • Fully sponsored benefits including health, dental, commuter benefits
  • Company-sponsored 401k program
  • Paid time off, vacation, parental leave, etc.

Job Details

We are a SaaS Software company developing and marketing SaaS Software products. The focus of this position is to ensure that our SaaS offerings are in the most secure possible posture and that they will maintain compliance with frameworks including ISO 27001, NIST, Fedramp, and ISO 1345. Candidates will need to have a strong information security background. Ideally, you have worked at a SaaS Software company and within a cloud-based software development environment based on AWS, GCP, or Azure. Also, you should have a demonstrated ability to drive compliance efforts as they relate to security and privacy regulations. Due to several acquisitions in 2020, we are actively standardizing our processes, postures, and policies across all business units and SaaS product offerings.

Responsibilities:

  • Identify and remediate gaps in policies and environments.
  • Evaluate current processes, procedures and policies against current and future goals
  • Develop new policies and procedures with the goal of standardization and automation whenever possible
  • Provide expertise and technical leadership while collaborating with security, compliance, product managers, and developers to improve the security of applications, software code, and infrastructure
  • Participate in the certification process for security and privacy-related regulations or standards
  • Assist with communication and awareness efforts with internal audiences as they relate to security and privacy
  • Collaborate with contractors assisting with the execution of any related work efforts
  • Monitor our cloud environments for security breaches and investigate a violation when one occurs
  • Report on security breaches and the extent of the damage caused by the breaches
  • Conduct tests and scans of technical infrastructure and systems to identify technical vulnerabilities

Requirements:

  • Hands-on expertise and mastery of tools such as nessus, vulnerability scanners (Rapid 7 Nexpose, nCircle IP360, etc.)
  • 3+ years of experience focused on ensuring security and compliance of cloud environments (AWS, Azure or GCP)
  • Direct experience working with major source code repos solutions (i.e. Github), devops tools such as puppet, CI/CD processes, and secure SDLC processes
  • Experience in an Agile/Scrum development environment
  • Have supported compliance with relevant security standards including NIST 800-53, ISO 27001, Sox 2, etc. Experience with ISO 13485 is a bonus.
  • Solid teamwork with co-workers in Product Development, QA and executives.
  • Experience conducting & responding to audits from 3rd parties, internal customers, and internal audit
  • CISA, CISM, CISSP & PMP preferred.

Having read this ad, please apply now if you feel you may be a fit. Interviews are ongoing.

Interested in hearing more? Easy Apply now by clicking the "Apply on company site" button.