Security Analyst

Summary

We are seeking a Security Analyst to help operate and improve our security and privacy program. Our program integrates requirements across various compliance mandates, including FedRAMP and HIPAA.

Key Responsibilities

• Regulatory Compliance: Ensure that the product’s security measures meet FedRAMP, HIPAA, and other applicable compliance standards.

• Vulnerability Management: Review and triage findings from various vulnerability assessment tools, and coordinate with engineers for treatment of issues.

• Risk Assessment: Evaluate potential threats to the system, perform risk assessments, and suggest mitigation strategies.

• Security Audits & Assessments: Support regular security audits, penetration tests, and assessments performed by 3rd party assessors.

• Security Reporting: Produce detailed reports on security metrics, incident responses, and compliance status for senior leadership.

Required Qualifications

• Prior security experience.

• Associate or Bachelor’s Degree in Cybersecurity, IT, or other relevant field.

• Strong verbal and written communication skills.

• Ability to work fully remote within the continental USA (excluding CA, CO, NY, WA) with a high speed internet connection, and with work hours overlapping with the Eastern time zone.

• Must be a US citizen or permanent resident.

Extra Qualifications (Nice-to-Have)

• Experience in a GRC-focused role.

• Experience with FedRAMP, NIST SP 800-53, HIPAA, and/or HITRUST.

• Security certifications, such as CCSK, CSSP, CISM, CISSP, etc.

• Cloud architecture/security awareness, especially AWS.