*Location: US-Remote (CONUS)

This position works on a 4x10, 2nd or 3rd shift

Position Overview

Vectra is seeking a highly skilled and experienced MDR (Managed Detection and Response) Security Analyst to join our team. As aSr Security Analyst, you will serve in a critical role in protecting and defending Vectra MDR customer infrastructure. You will be responsible for supervising and analyzing security events, responding to incidents, conducting SOC (Security Operations Center) operations, and assisting MDR customers to ensure their needs are met.

A successful candidate will have sound technical experience and skills, blended with good interpersonal, communication, and project management skills.

Responsibilities 

• Monitor security logs and alerts from various sources, including intrusion detection systems, Endpoint Detection and Response (EDR) systems, and security information and event management (SIEM) tools. 
• Investigate and analyze security incidents, identify root cause, and develop appropriate mitigation strategies.
• Complete security response actions, including full remote remediation of endpoints.
• Perform threat hunting and proactive analysis to identify potential security risks and vulnerabilities.
• Collaborate with multi-functional teams, including product, engineering, and support, to resolve customer incidents or issues.
• Mentor and provide guidance to junior security analysts, sharing knowledge and standard processes.
• Conduct health checks and architecture reviews, providing technical expertise and real-life experience in creating solutions, designs, and recommendations.
• Be a strong voice for your customers across business to identify new detection models, identify new product features, build content for both internal and external customer knowledge bases, and ensure successful Vectra deployments.
• Travel expected 0-5%

Requirements

• Demonstrable experience as an MDR security analyst, SOC analyst, or similar role in a fast-paced environment.
• Experience providing remote response and remediation activities within networks and on endpoints.
• Solid understanding of intrusion detection systems, artificial intelligence-based attack detection and prevention, incident response methodologies, and SOC operations.
• Experience with SIEM tools, log analysis, network analysis, endpoint analysis, and threat intelligence platforms.
• Solid knowledge of operating systems, networking protocols, and security technologies.
• Proficient in incident handling, threat hunting, and forensics.
• Excellent analytical and problem-solving skills, with the ability to think critically under pressure.
• Good communication skills to effectively collaborate with multi-functional teams and communicate complex security issues to non-technical stakeholders.
• Continuous learning attitude to stay updated with the evolving threat landscape and emerging security technologies.

Desirable

• Prior experience with Vectra, SentinelOne, Microsoft Defender, or CrowdStrike
• Coding experience in Bash, Python, or Powershell
• Open-source development

The Opportunity

As part of the Security Team, you will join a global Security Operations team, and contribute to UserTesting’s Corporate Security Framework from a technical and compliance perspective. 

• Assist customers in understanding and evaluating UserTesting's security profile, both in writing and on calls.
• Triage security alerts from security monitoring tools (AV, DLP, SOCaaS). 
• Respond to security incidents and help keep track of post-incident tasks.
• Participate in internal audits and support external audits.
• Carry out third-party risk management assessments and risk reviews of external vendors. 
• Identify and communicate current and emerging security threats.
• Identify security gaps in existing and proposed technologies and recommend changes or enhancements.
• Contribute to the design and implementation of enterprise-class security systems.
• Demonstrates UserTesting’s values through work product and within day to day team interactions

What we're looking for

• Competence and experience in 1-2 of the following areas:
  • Incident Response, Third Party Risk Management, Compliance, Vulnerability Management, Data Loss Prevention (DLP), Auditing, Privacy Operations, Identity Access Management, Customer Support
• Candidates living in Ontario is strongly preferred 

Desirable but not required: 

• Experience with Security frameworks such as NIST CSF, ISO 27001, SOC2
• Experience developing and maintaining policies, procedures, standards and guidelines
• Previous experience working with risk assessment methodologies
• Experience ensuring applications are secure throughout the software development lifecycle

Compensation
Up to £40,000. 

Perks/Benefits

• Private medical and dental
• Monthly wellness and telecommunications reimbursements
• Work from home office equipment stipend
• Professional development stipend
• Flexible hours
• Generous holiday entitlement
• Your Birthday off!
• Mental Wellness Employee Assistance Program
• Cycle to Work scheme 
• Employee Referral Programme 
• Paid quarterly volunteering days and Charity donation matching via our UT Cares Volunteers and Charitable Giving Committee
• Enhanced family leave
• Employee-led groups to help foster a more inclusive employee experience and build a culture of belonging at UserTesting. Read more here!

About the Role:

We are seeking a Sr. Analyst, Security to help build our Security Operations discipline. Our team moves at a fast pace and always looking to help drive best security practices at our core. This dynamic team enables multiple areas of the business to be able to stay agile, but with always being vigilant to keep our infrastructure secure and drive innovation. This is an opportunity to directly drive change and security in our business.

You Will:

• Advanced Security Monitoring and Analysis: Oversee the continuous monitoring and in-depth analysis of network traffic, system logs, and security alerts, employing cutting-edge SIEM solutions and leveraging advanced threat intelligence feeds to detect and respond to sophisticated cyber threats
• Incident Response Mastery: Develop, refine, and lead the execution of advanced incident response plans and procedures, orchestrating multifaceted incident handling activities with a focus on rapid containment, eradication, and recovery. Serve as the ultimate technical authority during high-stress security incidents
• Vulnerability Assessment and Management Expertise: Lead the identification and prioritization of vulnerabilities across our intricate technology stack, conducting comprehensive vulnerability assessments and overseeing advanced remediation efforts, including penetration testing and code review
• AWS, Azure, and GCP Security Expertise: Utilize your extensive knowledge of AWS, Azure, and GCP security best practices to assess and enhance the security of cloud environments. Implement and maintain security configurations, identity and access controls, and encryption mechanisms specific to each cloud platform. Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation
• Pioneering Threat Intelligence Integration: Maintain an expert understanding of emerging cybersecurity threats and trends, actively integrating advanced threat intelligence into security operations to drive proactive threat detection and support the development of custom threat-hunting methodologies
• Master of Security Automation and Tooling: Spearheaded the development and deployment of highly sophisticated scripts, automation tools, and custom security solutions to optimize and streamline complex security tasks, enhance operational efficiency, and enable rapid response to evolving threats
• Prior experience with Threat Hunting and making recommendations on findings
• Experience in Red team, Blue team, Purple team, and table top exercise
• Recommend and implement security enhancements to proactively address emerging threats
• Assist in the development and enforcement of security policies, standards, and procedures
• Prior experience with industry regulations and standards, such as NIST, CIS, and GDPR

You Have:

• Bachelor's degree in a relevant field or equivalent work experience
• Minimum of 5 years of experience in a security analyst role
• Experience with Python and Powershell scripting
• Strong expertise in cloud computing, with a preference for AWS
• Proficiency in Sumo Logic for creating Insights and Signals
• Experience researching through logs for security investigations
• Familiarity with security platforms such as Netskope, CrowdStrike, Tenable, Cisco Meraki, and Proofpoint, or similar products
• Certifications such as OCSP, CompTIA Security+, Pentest+, or AWS Certified Security – a plus
• Excellent problem-solving and analytical skills
• Strong communication, documentation, and teamwork abilities
• Ability to work independently and under pressure in a fast-paced environment
• Exposure to penetration testing platforms such as Burp Suite, Kali Linux, Metasploit, Nexpose
• Skilled with network security tools such as Palo Alto Firewalls, Cisco VPNs, Palo Alto IDS
• Understanding of regulatory compliance (NIST CSF, SOX, ISO)

Our Benefits (there are more but here are some highlights):

• Competitive salary & equity compensation for full-time roles
• Unlimited PTO, company holidays, and quarterly mental health days
• Comprehensive health benefits including medical, dental & vision, and parental leave
• Employee Stock Purchase Program (ESPP)
• Employee discounts on hims & hers & Apostrophe online products
• 401k benefits with employer matching contribution
• Offsite team retreats

#LI-Remote

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the kind of engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about supporting each other's growth.

As a Security Analyst, you will forge and nurture trusted relationships with internal teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks, auditors). You will partner closely with the entire organization to develop policies and procedures, operationalize, train, and enable secure operations.  Theis ideal candidate for this role will understand the needs of data/information security and is eager to grow their career in the areas of operations, governance, risk and compliance.

As a Security Analyst, you will:

• Operationalize, configure, and monitor security applications such as EDR, DLP, Vulnerability Management, and CSPM systems.
• Assist with incident response activities, including tabletop exercises.
• Support the implementation and maintenance of GRC frameworks.
• Assist in internal risk assessments and audits to ensure adherence with security policies.
• Serve as security point-of-contact for audit/certification programs such as HITRUST, SOC 2, and HIPAA.
• Assess and improve systems for compliance with security requirements, policies, guidelines and standards (see above).
• Interface with external customers on CA security reviews and assessments.
• Participate in security awareness and training programs to promote security-first mindset across the organization.

You will love this job if:

• You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
• You have a bias toward action and seek to intervene before issues arise.
• You are comfortable navigating ambiguity and working in an evolving environment.
• You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
• You are a strong communicator and able to influence behaviors to help drive desired outcomes.
• You are empathetic and seek to build enduring relationships with our customers and users.
• You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

• You have 1+ years of experience in a security role with priority operations, risk and/or compliance.
• You have good knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO, CIS).
• You have familiarity with security tools such as EDR, DLP, Vulnerability Management, and CSPM systems, 
• You have familiarity with log analysis, SIEM systems and network traffic monitoring.
• You have a good understanding of IAM/PAM concepts and tools.
• You have the ability to write, review, and update security policies, and procedure documentation.
• You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
• You stay up-to-date with the latest research on threats, attack vectors, and security trends and are keen to apply them to our environment.

Benefits Overview:

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by offering comprehensive group medical coverage that include coverage for hospitalization, outpatient care, optical services, and dental benefits.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, company holidays, access to mental health resources, and a generous annual leave policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
• Professional Development: We are committed to developing our talent professionally. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

• Reimbursement for office setup expenses
• Flexibility to work from home or from our office, enabling collaboration with global teams
• Paid parental leave for all new parents
• And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-REMOTE

Company Overview:

Cohere Health is a fast-growing clinical intelligence company that’s improving lives at scale by promoting the best patient-specific care options, using leading edge AI combined with deep clinical expertise. In only four years our solutions have been adopted by health insurance plans covering over 15 million people, while our revenues and company size have quadrupled.  That growth combined with capital raises totaling $106M positions us extremely well for continued success. Our awards include: 2023 and 2024 BuiltIn Best Place to Work, Top 5 LinkedIn™ Startup, TripleTree iAward, multiple KLAS Research Points of Light, along with recognition on Fierce Healthcare's Fierce 15 and CB Insights' Digital Health 150 lists.

Opportunity Overview:

We are seeking a skilled and experienced Security Analyst to join our cybersecurity team. The successful candidate will play a pivotal role in safeguarding our organization's digital assets by actively participating in incident response, leveraging managed detection and response (MDR) tools, and enhancing log management practices. The Security Analyst will work closely with our Managed Security Service Provider (MSSP) and internal teams to ensure robust security monitoring, efficient incident escalation, and proactive threat hunting.

Last but not least: People who succeed here are empathetic teammates who are candid, kind, caring, and embody our core values and principles. We believe that diverse, inclusive teams make the most impactful work. Cohere is deeply invested in ensuring that we have a supportive, growth-oriented environment that works for everyone.

What you will do:

• Cloud Security Expertise:
• Demonstrate advanced proficiency in cloud security, particularly within AWS environments.
• Stay abreast of the latest AWS security services, tools, and best practices.
• Incident Response:
• Lead and manage the incident response process, including detection, analysis, containment, eradication, and recovery of security incidents.
• Develop and maintain incident response playbooks, ensuring timely and effective handling of security incidents.
• Conduct post-incident analysis and create detailed incident reports with recommendations for improving security posture.
• Managed Detection and Response (MDR):
• Utilize MDR tools to monitor security alerts, identify potential threats, and coordinate response efforts.
• Analyze alerts generated by MDR tools, determine their severity, and take appropriate actions to mitigate threats.
• Collaborate with MDR service providers to ensure optimal configuration and performance of security monitoring systems.
• Log Enhancement and Management:
• Enhance log management practices, including log collection, normalization, and correlation.
• Develop and implement log retention and rotation policies to comply with industry standards and regulations.
• Analyze logs to identify suspicious activities, anomalies, and potential security breaches.
• Incident Escalation:
• Act as the primary point of contact for Level 2 incident escalation and triage.
• Assess and prioritize security incidents based on their impact and severity.
• Coordinate with relevant teams and stakeholders to escalate incidents to higher levels of response when necessary.
• Level 2 Alert Triage:
• Perform in-depth analysis of security alerts and incidents, determining false positives and true positives.
• Investigate and respond to Level 2 alerts, ensuring timely resolution and documentation.
• Develop and maintain detailed records of all triaged alerts and actions taken.
• Collaboration with Managed Security Service Provider (MSSP):
• Collaborate closely with the MSSP to ensure seamless communication and coordination during security incidents.
• Review and validate the quality of services provided by the MSSP, including threat detection and response capabilities.
• Participate in regular meetings with the MSSP to discuss security trends, incident reports, and service improvements.
• Alert Tuning and Optimization:
• Continuously tune and optimize security alerts to reduce false positives and enhance detection accuracy.
• Work with the security operations team to refine alert thresholds and improve the overall effectiveness of security monitoring.
• Threat Hunting Exercises:
• Proactively hunt for threats and vulnerabilities within the organization's environment.
• Conduct threat intelligence research and analysis to identify emerging threats and attack vectors.
• Develop and execute threat hunting exercises to identify and mitigate potential security risks.

Your background & requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• 3+ years of experience in a security analyst role, with a focus on incident response, log management, and threat detection.
• Strong knowledge of MDR tools, SIEM platforms, and security monitoring technologies.
• Experience with incident response frameworks and best practices (e.g., MITRE - ATT&CK, MITRE D3FEND, NIST CSF, SANS).
• Proficiency in analyzing security logs, alerts, and incidents.
• Excellent problem-solving and analytical skills, with the ability to work under pressure.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and external partners.
• Relevant certifications such as Security +, CEH, GCIH, or similar are preferred.

We can’t wait to learn more about you and meet you at Cohere Health!

Equal Opportunity Statement: 

Cohere Health is an Equal Opportunity Employer. We are committed to fostering an environment of mutual respect where equal employment opportunities are available to all.  To us, it’s personal.

The salary range for this position is $80,000 to $105,000; as part of a total benefits package which includes health insurance, 401k and bonus. In accordance with state applicable laws, Cohere is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including but not limited to qualifications for the role, experience level, skillset, and internal alignment.

#LI-Remote

#BI-Remote

Senior Security Analyst

US-Remote

Who we are

Are you passionate about innovating at the intersection of technology and personal security? At Pindrop, we recognize that the human voice is a unique personal identifier, increasingly susceptible to sophisticated fraud, including the threat of deepfakes. We're leading the way in developing cutting-edge authentication, fraud prevention, and deepfake detection. Our mission is to provide seamless and secure digital experiences, safeguarding the most personal aspect of our identity: our voice. Here, you'll be part of a team driven by values of Innovation, Customer Advocacy, Excellence, and Impact. We're not just creating a safer digital landscape by fortifying trust and integrity with those we serve, we’re also building a dynamic, supportive workplace where your contributions make a real difference.

Headquartered in Atlanta, GA, Pindrop is backed by world-class investors such as Andreessen-Horowitz, IVP, and CapitalG.

What you’ll do 

• Represent security in internal and external meetings to discuss security analysis, findings and security/compliance responses. 
• Review past incidents and identify attack trends. Finetune and reconfigure alerts based on prior incidents to improve detection.
• Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization.
• Identify and track internal and external assets to identify potential risks. Communicate these risks to internal and external stakeholders and build a plan of action.
• Develop, update, and maintain a repository of cybersecurity threat information that may be used in conducting risk assessments and reports on cyber risk trends.
• Build and maintain tools for automation of security events and reporting. Optimize and reconfigure tools to improve security processes.
• Implement, maintain and monitor IDS/IPS rule sets, alerts and reports.
• Perform investigations and improve detection processes on a wide variety of security events from various sources to determine whether they pose a threat to Pindrop
• Identify, research and develop internal and open source tools used to improve security and threat intelligence workflows to support Pindrop's unique environment
• Collaborate with internal and external teams to answer customer questionnaires, compliance audits.

Who you are

• You are, hands-on problem solver that excels in dynamic fast paced environments, curious and always looking to learn., highly interested in how things work and gets excited by threat modeling and new exploits
• You are resilient in the face of challenges, change, and ambiguity
• You are optimistic and believe that you can make a problem into a solution
• You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
• You take accountability, do the things you say you’ll do, under-promise and over-deliver
• You are nimble and adaptable when priorities change and continue to see the “forest through the trees” 
• Part of On-call rotation with night/weekend work required

Your skill-set: 

• 2+ years of security monitoring and incident response experience
• Must have experience with Linux, Mac, and knowledge of Windows
• Experience in configuration and maintenance of endpoint security solutions, eg. Crowdstrike, SentinelOne, Carbon Black.
• Experience with security tools including SIEM, Metasploit, Splunk, Wireshark
• In-depth knowledge of SIEM log ingestion and alert creation.
• Hands-on experience with TCP/IP and networking
• Ability to write scripts/code using Python or other scripting languages for automation
• Knowledge of incident response and investigation tools and techniques
• Experience with security operations in cloud platforms such as AWS, GCP, Azure etc.
• Experience responding to security questionnaires and customer questions

Nice to have:

• Experience with forensic analysis tools (commercial and open-source) and procedures desired
• Experience with threat feeds and threat intelligence (e.g., STIX, TAXII, IOCs) desired
• Experience with cloud logging applications, AWS Cloudtrail, VPC Flow Logs, Lambda, etc.

What’s in it for you:

As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest. We’re a passionate group committed to excellence - but that doesn’t stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days.

Within 30 days:

• You’ll focus on training and learning the basics of the company. This includes the company’s systems, procedures that should be adhered to, products and services, software, vendors, and/or clients.
• You’ll have been introduced to your team, colleagues and have 1:1’s to assimilate into the company culture.
• You will have the opportunity to learn the product in and out through training and a variety of resources. This then means that the majority of the things-to-do should fall along the lines of attending training sessions, gaining and mastering product knowledge, learning major corporate systems, meeting the members of your team, and getting the necessary access. 

Within 60 days:

• You’ll have a good grasp of your working environment and you can now move onto more advanced tasks. 
• You will start studying the best practices in the industry, create goals, meet up with your supervisor and get feedback on your performance, and build meaningful relationships with your co-workers along with taking on proper job responsibilities.  

Within 90 days

• You’ll demonstrate a firm grasp of the company and confidence in your job function. Thus, you should be preparing to make breakthrough contributions to your team or department. 
• The contributions may include finding new ways to improve security or coming up with ideas to save the company money. Instead of only identifying problems in the company, you should be at the forefront of brainstorming possible solutions. 
• You will be able to spearhead new initiatives and collaborate with other teams for the good of the company. 

What we offer

As a part of Pindrop, you’ll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here’s a snapshot of the benefits we offer:

• Competitive compensation, including equity for all employees
• Unlimited Paid Time Off (PTO)
• 4 company-wide rest days in 2024 where the entire company rests and recharges!
• Generous health and welfare plans to choose from - including one employer-paid “employee-only” plan!
• Best-in-class Health Savings Account (HSA) employer contribution
• Affordable vision and dental plans for you and your family
• Employer-provided life and disability coverage with additional supplemental options
• Paid Parental Leave - Equal for all parents, including birth, adoptive & foster parents
• Identity protection through Norton LifeLock
• One Time home office allowance
• Remote first environment - meaning you have flexibility in your day!
• Company holidays
• Annual professional development and learning benefit
• Pick your own Apple MacBook Pro
• Retirement plan with competitive 401(k) match
• Wellness Program including Employee Assistance Program, 24/7 Telemedicine

What we live by

At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:    

• Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
• Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion.   We are champions for our customers, and our customers become our champions, creating a universal commitment to one another. 
• Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
• Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together. 
• Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Pindrop is an Equal Opportunity Employer

Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.

#LI-Remote

Available Locations: Mexico City, Mexico, or Austin, Texas, San Francisco, CA, or Washington, DC 

About the role 

As an Identity and Access Management (IAM) Security Analyst you will play a key role in efficiently managing user identities and access across the enterprise. You will be responsible for implementing technologies and designing processes to ensure users have authorized access to resources and systems.   

What You’ll Do

• Establish and execute access governance programs and policies
• Define and enforce access control policies, including role-based access control (RBAC), attribute based access control (ABAC), and policy based access controls (PBAC)
• Ensure access adhere to the principle of least privilege and segregation of duties (SoD).
• Develop and execute an access certification program and scale to all systems 
• Design, implement, and manage Identity Access & Governance policies and procedures.
• Define and enforce privileged access management (PAM) policies to secure sensitive systems and data.
• Manage user onboarding, offboarding, and role changes, ensuring adherence to security policies and compliance requirements.
• Collaborate with cross-functional teams, including IT, security, and compliance, to ensure IAM aligns with business goals.
• Communicate IAM-related updates and recommendations to stakeholders.
• Maintain comprehensive documentation of IAM policies, processes, and configurations.
• Generate reports and metrics related to IAM activities and security posture.
• Stay current with industry best practices, regulations, and compliance standards related to IAM, such as FedRamp, SOX, GDPR, PCI, and NIST.
• Provide operational support of IAM systems including an on-call rotation that may include after hours calls

Examples of desirable skills, knowledge and experience.

• In-depth understanding of access governance 
• Experience in Identity Governance & Administration (IGA) solutions
• Performing policy enforcement, role management, and access certifications
• Experience implementing privileged access management (PAM)
• Experience developing IAM security standards and policies
• Preferred background in scripting and/or application development to automate identity and access management processes.

Compensation

Compensation may be adjusted depending on work location.

• For Colorado-based hires: Estimated annual salary of $123,000 - $151,000
• For New York City, Washington, and California (excluding Bay Area) based hires: Estimated annual salary of $139,000 - $169,000
• For Bay Area-based hires: Estimated annual salary of $146,000 -  $178,000

Equity

This role is eligible to participate in Cloudflare’s equity plan.

Benefits

Cloudflare offers a complete package of benefits and programs to support you and your family.  Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun!  The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits

• Medical/Rx Insurance
• Dental Insurance
• Vision Insurance
• Flexible Spending Accounts
• Commuter Spending Accounts
• Fertility & Family Forming Benefits
• On-demand mental health support and Employee Assistance Program
• Global Travel Medical Insurance

Financial Benefits

• Short and Long Term Disability Insurance
• Life & Accident Insurance
• 401(k) Retirement Savings Plan
• Employee Stock Participation Plan

Time Off

• Flexible paid time off covering vacation and sick leave
• Leave programs, including parental, pregnancy health, medical, and bereavement leave

At Vidyard, we make life easier for sellers, marketers and corporate communicators. Our video messaging tools, digital sales room platform, and other products are used by Microsoft, LinkedIn, and thousands of other companies. We're passionate about elevating our customers, our teammates, our communities, and ourselves.

About the Role

Vidyard is looking for a Senior Security Analystto join our IT & Security team. Reporting to the Manager, IT & Security, you will work alongside our talented group of Vidyardians currently comprising the IT & Security team to grow and shape our security framework, as well as provide insight and collaboration with the Product and Engineering teams during the software development process. The Senior Security Analyst will be a pivotal role on the IT & Security team, and will lend their experience and mentorship expertise in secure software development and secure Engineering practices to the rest of the team, navigating exciting and new technology, and leveling up Vidyard’s posture and framework while also growing and shaping their own skills. This role is new to the team, and tailored toward a candidate who is excited about cybersecurity, secure coding, and secure development practices, while also looking for an avenue to display their own talents and leadership skills with a team that is eager to grow, and eager to learn. 

This is a remote role open to candidates located in Canada. 

About the Team

Our IT & Security team consists of the Manager, IT & Security, and IT & Security Specialists. This fully cross-functional team manages all IT and Security requests and requirements, manages our security framework, obligations, and compliance initiatives. Working closely with all other teams within Vidyard, the IT & Security team is positioned to provide world class support both to Vidyardians and our current and prospective clients throughout the sales enablement process. In addition, the team works alongside the Product and Engineering teams to ensure the security and protection, availability, and confidentiality of customer data remains top of mind and a company-wide priority.  

What You’ll Work On

Strategy and Policy Development

• Lead the development, implementation and maintenance of Security policies and procedures
• Work alongside management to define protocols that align with Vidyard’s objectives, goals, and compliance initiative

Threat Analysis and Risk Assessment

• Perform advanced screening and risk assessment and analysis to proactively identify and resolve Security threats and vulnerabilities 
• Develop and lead the implementation of risk management strategies
• Stay updated with trends and threats, using this intelligence to anticipate and guard against bad actors or exploits

Incident Response and Management

• Lead the Security team’s responses to Security events or incidents in conjunction with Security leadership, and assist in remediation efforts.
• Conduct analysis and post-mortems to identify root causes and recommend changes, working in conjunction with Security leadership, and mentoring Security staff throughout

Monitoring and Analysis

• Monitor security access and identify any anomalies or breaches to company assets.
• Instrument security tooling (SIEM systems, etc) to collect and analyze data, identifying potential threats
• Review and action logs and reports as needed
• Monitor and respond to security tickets that are more advanced, and assist others with more complex issues

Software Development Lifecycle

• Requirement gathering and risk assessment during initial planning phases of software development process; work closely with product design and development teams 
• Conduct threat modeling and risk assessments early in the process of development, to inform of security requirements and the overall design of the product
• Secure coding practices; provide guidelines and best practices to developers and engineering Vidyardians
• Ensure that security controls are integrated into the framework of our products, to protect the integrity of Vidyard and customer data
• Ongoing testing and secure coding review; perform regular audits and checks to maintain the overall security posture at Vidyard during the development process 

Team Leadership and Development

• Mentor and provide guidance to Security team members, enhancing their skills and capabilities
• Champion and lead Security initiatives, setting clear goals and expectations, and manage longer term projects in conjunction with Security leadership.
• Foster a culture of continuous growth and improvement, and support and contribute to the learning and development of the entire Security team

What You’ll Bring to this Role and Your New Team:

• ~ 6+ years of experience in cybersecurity at software development or SaaS companies
• Experience with mentorship is preferred, as this will be a pivotal role in the Security team.
• Experience with software development lifecycle and secure coding practices is preferred, as this role will be uniquely positioned to guide these processes  
• Deep expertise in the OWASP Top 10 and a thorough understanding of web application security principles and common vulnerabilities.
• Expertise in cloud security, preferably in AWS, with a strong understanding of cloud security best practices.
• Strong communication and collaboration skills, with the ability to work effectively across teams and influence stakeholders.

Our Tech Stack

• Cloud Compliance Platforms
• SIEM products
• Network Security (eg. WAF, Security Groups)
• Cloud Security Tooling (eg. AWS Inspector)
• Static Application Security Testing (SAST) Tools
• Dynamic Application Security Testing (DAST) Tools

Job descriptions can be overwhelming. At Vidyard we are motivated to drive change togetherand deeply value the unique experiences, abilities and opinions you possess, so if this role sounds like your next adventure, but you don’t feel entirely qualified, apply! We value candidates who own it, and if you’re relentlessly resourceful too, you might be exactly who we are looking for. 

As we also value user obsession, we prioritize our users, customers and community so you can expect to hear from our team even if you are not selected to move forward.

What You’ll Love about Vidyard:

• Competitive pay
• Comprehensive, flexible benefits on day one*
• Wellness allowance to spend on what's important to you 
• Flexible hours + unlimited vacation + programs to support travel while working, enabling you to live your best life
• Access to Inkblot, a digital mental health platform + $1,500/person/year for mental health coverage*
• Allowance to support your ongoing growth and development
• Parental leave top-up
• Paid volunteer hours
• Employee resource groups to empower and drive change at Vidyard and in our communities
• RRSP match*
• Stock options
• Flexible holiday program
• Home office stipend 
• Flexibility to work in the place that brings out your best: whether you thrive in the comfort of your home office, or are local to, and prefer the energy of our collaboration space in Kitchener, Ontario, Canada, there is flexibility for all. Although we default to remote-first there will be occasional in-person meetings/events purposefully designed for connection and collaboration.

We thank all applicants for your interest in Vidyard. Only those applicants selected for an interview will be contacted. Unsolicited resumes from Agencies will not be accepted.

Vidyard is an equal opportunity employer. Applicants who require reasonable accommodation to complete the application and/or interview process should notify us atrecruitment@vidyard.com.