Security and Risk Analyst
What we do:
Recognized as one the Top 100 Tech Companies by Builtin.com and over 4.4-star review on Glassdoor, SambaSafety® is the pioneer of driver risk management software in North America. Trusted by over 2 million subscribed drivers; thousands of businesses look to Sambasafety to provide the most powerful, advanced, intuitive, and impactful risk solution platform on the market. SambaSafety is growing at an incredible rate with high employee engagement. It’s an exciting time to be at Samba. Now is the right time to join our high performing culture. We hope to see you here!
What You’ll Do:
SambaSafety, the market leader in cloud-based driver risk management solutions, is seeking a highly motivated, up and coming Security and Risk Analyst. In this role you will be collaborating with IT, DevOps, Developers and other Internal Business units to monitor and implement technical and procedural security controls. This position is multi-disciplinary and requires excellent communication skills, a self-driven attitude and the ability to dive in and solve technical challenges. Day-to-day duties will include: monitoring security systems and logs (firewalls, IDS, vulnerability management tools), maintaining policies and procedures, evaluating systems for proper security controls and responding to customer and business security requirements and questions.
- Collect, monitor and analyze IT security metrics to measure the effectiveness of IT security management processes.
- Document and update elements of IT security governance (e.g. policies, procedures, standards).
- Perform policy compliance reviews of enterprise IT systems.
- Work on SOC 2 requests and partner with vendor to complete SOC 2 requirements.
- Support internal and external audits by gathering or coordinating the collection of any necessary evidence.
- Contribute to process improvements and workflow development for the identification, measurement, management, tracking, and reporting of information risks.
- Clearly document and define risks and potential impacts along with the probability of such an event and identify systems affected by the defined risk.
- Maintain and monitor Information Security Risk Exception process.
- Assist with the planning, management and execution of vulnerability and risk assessment projects, including managing 3rd party resources or service providers.
- Planning and execution of Threat and Risk Assessments of enterprise IT systems and providing recommendations on how to mitigate risks.
- Collaborates with appropriate peers to understand business requirements and define secure requirements and/or solutions
- Provides continual monitoring of our environment through the use of automated tools or manual processes to identify and address security incidents.
What you’ll need:
- BS/BA in Computer Science or related field, or equivalent experience
- 2+ years related experience
- Self-starter with ability to collaborate with team environment following SCRUM and Agile methodologies
- Experience with log management/SIEM analysis and reporting tools preferred.
- Knowledge in key areas such as: Firewalls, IDS, IPS, VPN, Remote Access, Security Logging, Vulnerability Management, Security Incident Response, Penetration testing
- Comfortable with virtualization technologies and AWS solutions
- Understand and have the ability to implement controls for common compliance requirements including: SSAE16 / SOC 2, PCI, etc.
- Excellent written and verbal communication skills with ability to communicate technical issues to nontechnical and technical audiences
- Certifications in security and/or network specific preferred - CISSP, Security+, Vendor Certs, etc.