View Our Website View All Jobs

Information Security Analyst

About ThousandEyes

The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a "black box" outside of their control. ThousandEyes gives organizations visibility and insight into the now borderless network. It arms them with an accurate understanding of how the network impacts their applications, users and customers. ThousandEyes is used by some of the world's largest and fastest growing brands, including 4 of the top 5 SaaS companies, 4 of the top 4 US banks and 3 of the Fortune 5. ThousandEyes is backed by Sequoia Capital, Google Ventures, Tenaya Capital and Sutter Hill Ventures, with headquarters in San Francisco, CA.

About the Role

ThousandEyes is seeking an exceptional information security analyst with strong project management skills to support our Information Security and Privacy Risk Management function. This is a combination of project/program management and risk analysis, hands-on role that requires experience and expertise managing projects and processes related to security of networks, systems and applications.  The Information Security Risk Management team is responsible for managing and mitigating risks faced by ThousandEyes to protect its systems, services and data. Our scope includes everything from customer applications to enterprise services that support our business operations. We work cross-functionally with internal teams providing security consulting services and driving new program initiatives.

 

You should be strongly driven by learning new processes. You will be collaborating with ThousandEyes’ project teams to ensure the success of the information security risk management program.  We are looking for a San Francisco based information security analyst / project manager that will be aggressive in following up on tasks, achieving deadlines, and holding resource owners accountable to risk remediation plans.  The security analyst role will be highly engaged with all aspects of the risk assessment process.  The successful candidate will need strong project management fundamentals and excellent communication skills.

Responsibilities:

  • Assess information security risks of new projects and deployments (this will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices)
  • Project/program management of information security risk management activities (including risk treatment plans and external audit/certification initiatives such as SOC2, ISO 27001 and FedRAMP)
  • Plan and perform internal security audits to assess control design and effectiveness
  • Participate in supporting major external security certification and compliance attestation initiatives
  • Communicate with company workers on security awareness topics
  • Evangelize business owners to do the right thing using diplomacy and tact in all interactions
  • Participate in 24x7 Information Security Response team

Requirements:

  • Highly organized with excellent verbal and written communication skills
  • Good understanding of technologies and controls including those related to system, networking, and web application security
  • Experience with multi-tasking and fast paced work environments needed; strong time management skills
  • Action oriented with a passion for getting things done quickly, efficiently, and properly
  • Ability to work independently with minimal guidance while being a team player able to effectively manage a demanding workload across geographic and organizational boundaries
  • Strong customer service and service delivery orientation
  • Basic knowledge of ISMS governance models (i.e. ISO 27001 and NIST), information security roles, and security controls
  • BA/BS degree in Computer Science or a related field and a minimum of 2 years experience in information security and/or IT project management

A plus if you also have:

  • Technical working knowledge of Linux OS, Network Protocols (TCP/IP, HTTP, SMTP, DNS), Container technologies and Web security architecture, Firewalls, IAM, IDS/IPS, SIEM, Cryptography
  • Proven experience performing or project managing information security risk assessments
  • Knowledge of ISO 27001, SOC2, FedRAMP, NIST and CSA CCM frameworks, as well as global data protection and privacy laws
  • Hands-on experience with FedRAMP, SOC2 and/or ISO certification engagements
  • Security certifications such as CISSP, CISM, CCSP, GSEC, CCIE
  • Project management certifications such as PMP
Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

150