Stay in Touch

TITLE

 

Security Analyst

COMPANY

 

Shape Security

LOCATION

 

Mountain View, CA, US

Description

Join a team providing a leading-edge security solution to protect web and mobile services. The Security
analyst will support Shape’s security governance and compliance program. Emphasis will be on executing
compliance testing, managing technical remediation campaigns, performing key controls assessments and
maintaining control framework documentation across the security program as needed. The individual will work
with various functions throughout the enterprise to evaluate the design and effectiveness of the control
environment and maintain the security posture of the program.

Job Duties and Responsibilities:

    • Support and improve Shape’s information security and governance programs.
    • Driving projects focused on security improvements while working with stakeholders across the group in Engineering, Product management to deliver highly impactful results.
    • Monitor internal compliance against information security governance frameworks by conducting testing and internal control reviews and risk assessments
    • Assist in identifying and communicating control gaps and evaluating management remediation action plans and related reporting
    • Assist in the management of customer and compliance audits (SOC2 and PCI DSS) and activities, including remediation activities
    • Assist with the facilitation of vendor assessments to include evaluations on controls, threat models and other key factors

Required Knowledge, Skills, and Abilities

    • Bachelor's degree in business, information systems or computer science or equivalent experience
    • 2-4 years’ experience in IT Security / Risk management work
    • Experience managing large security efforts, delivering significant security improvements to large, highly complex systems.
    • Excellent analytical and interpersonal skills, with ability to work successfully across all engineering disciplines and multiple teams.
    • Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy
    • Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
    • Familiarity with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks
    • Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing
    • Strong analytical skills, to analyze security requirements and relate them to appropriate security controls

Bonus Knowledge, Skills, and Abilities

    • Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc
    • Familiarity with DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
    • Experience with automating security monitoring functions using scripting.

Apply for the job

Subscribe to our blog.


 

Blog & Newsletter Signup