Security Analyst
Who we are...
BombBomb makes it easy to use simple videos to build relationships through email, text and social media. Our team is scrappy and intelligent. Competitive and collaborative. Fun-loving and tenacious. We're close-knit and love adding new talent to the mix. Rehumanizing the planet can't be done without EXCELLENT people and we want to add you to our already amazing team!
Who we're looking for...
The Security Analyst will be a part of our IT Information Security team, and help us achieve a SOC2 attestation by the end of 2018 to facilitate BombBomb’s relationship with emerging enterprise markets. You will swiftly identify and remediate vulnerabilities to the company’s cyber infrastructure. Additionally, you will help protect BombBomb employees, resources and confidential company/customer data by implementing appropriate security policies and practices.
What you will do...
- Continually complete client security questionnaires within 3 business days.
- Lead the various compliance projects, guide the development and IT staff to achieve SOC2 attestation by the end of Q4 2018.
- Continually run vulnerability assessments every 30 days, work with internal teams to remediate critical vulnerabilities
- Run PCI compliance scans for our payment processor every 90 days and resolve any issues
- Establish good relationships with senior management and staff. Communicate and coordinate security efforts to ensure that BombBomb includes security awareness in its culture.
- Coordinate and advocate for security development work among product owners and developers to ensure progress is made in larger security initiatives
- Continually improve technical skills to include a good working knowledge of the following:
- Linux systems and bash scripting to improve automation capabilities and troubleshoot back-end systems related to security
- Enough programming to know the basics and spot obvious vulnerabilities such as SQL injection and Cross-Site scripting
- Splunk administration and creation of high-level security dashboards
- Run phishing campaigns and follow up with live education classes twice a year. Maintain a recidivism rate of lower than 35% (new employees exempt) company-wide
- Maintain security policies and understand them in depth.
- Review and audit the efficacy of BombBomb’s Security policies at least annually to ensure compliance.
- Review and audit the efficacy of BombBomb’s Security controls at least quarterly to ensure compliance.
- Train and remediate security incidents with BombBomb staff, ensuring that BombBomb staff recidivism is less than 35%
- Maintain and administer the physical security systems and periodically review video footage and access logs for unauthorized access.
- Manage security-related vendor relationships such as physical security, software products and services, ensuring that they are secure and well-researched. Be accurate in licensing counts and stay within budgetary estimates.
- Deliver accurate budgetary requirements yearly in October
How you'll do it...
Embody BombBomb’s core values: Relationships, Fun, Humility, Flexibility and Service
Integrity & Trust: Acts ethically and honestly and builds professional relationships by promoting mutual trust
Communication: Be a good communicator and build relationships with the people you will be working with in the office. The position will depend on communication between multiple people across multiple departments, coordinating to achieve ISO compliance. Communicating deadlines and the relevance of the requirements will be crucial to the project’s success.
Flexibility: Willing to learn new technologies, security protocols and methods of circumventing our security systems. Ability to adapt to new challenges as they arise, and put out fires without being overwhelmed during busy times.
Detail-Oriented: The position requires attention to detail, as a violation in company policy may result in failure to achieve compliance and ultimately losses in company revenue.
Analytical Thinking / Problem Solving: The ability to understand an idea, situation, or problem by breaking it into smaller pieces
Diplomacy: Effectively handling difficult or sensitive issues by using tact, diplomacy and an understanding of organizational culture and climate
Our ideal candidate will be or have...
- 5+ years of progressive information technology experience
- 3+ years of IT security experience
- Bachelor's degree in technology or related field
- Experience with enterprise logging (Splunk, SumoLogic, etc.)
- Experience with enterprise endpoint protection systems (ESET, Cylance, or similar)
- Experience with vulnerability assessment tools (Rapid7, Burp Suite or similar)
- Strong understanding of networking concepts (VPN, subnetting, ACLs, VLANs, etc.)
- Familiarity with network IDS/IPS systems (CheckPoint, SNORT, SourceFire, etc.)
- Experience working with Security Compliance Frameworks (ISO 27001, SOC2 and PCI-DSS)
- Knowledge of popular SaaS applications
- Knowledge of Linux, macOS, iOS, and Android
- Knowledge of AWS security principles
- Familiarity with Kanban/Agile project management
- Ability to meet deadlines and adjust to changing priorities
- Willingness to work in a fast paced and hands-on environment
- Preferred Qualifications:
- CompTIA Security+ certification
- CompTIA CySA+ or CSA+ certification
- CISM or CISSP certification
BombBomb Benefits Package Includes...
- Excellent Medical, Dental and Vision Benefits for you and your family (2 PPO + HSA option)
- 10 days paid vacation and 5 days of sick leave
- 8 paid holidays
- 401k Plan with employer match
- Weekly company-catered lunch
- Fun workplace: happy hour every Friday and company game room
- Annual Education/Development for your career growth