Information Security Technical Analyst - Vulnerability and Vendor Risk Management

Job Title: Information Security Technical Analyst

Location: 100% Remote (Prefer candidates from West Coast)

Duration: 12 months

Type: Contract

Job Description:

This role is within the Security Governance, Risk, and Compliance (SGRC) team, within Information Security Organization. The SGRC team collaborates with cross-functional teams across (Security, Counsel, Engineering, Industry Relations, Procurement, and Product teams) to ensure our products can launch anywhere in the world while maintaining compliance with industry, partner, regulatory information security standards, requirements, and obligations. As an Information Security Technical Analyst, you will partner with various teams in support of the execution of Information Security programs which primarily focuses on risk-reduction through vulnerability management, vendor security monitoring and reviews, development & implementation of automated controls assessments. You will report to the Security Risk, and V2 (Vulnerability & Vendor Security) Lead, and collaborate as you contribute to the evolution and automation of security risk reduction programs across the organization to take principled risks and unlock velocity. This role is responsible for driving down the potential risks and impact of vulnerabilities by making expert-informed decisions regarding remediation guidance.

You Will:

• Manage and maintain the flow of incoming vulnerability cases, including CVE notifications, cloud-based vulnerabilities, cloud misconfigurations, access control issues, web application vulnerabilities, and source code vulnerabilities.
• Conduct technical assessments of vulnerabilities to assist engineering teams and DRIs with remediation efforts, including the implementation of available patches where possible.
• Partner across security and product teams to identify and burn down vulnerabilities and security issues using a prioritized approach that is grounded in risk management principles.
• Research and report vendor advisories, zero days, bug trackers, and other sources for intel to analyze any potential impact.
• Manage the risk exception process by partnering across Security teams to identify areas of risk and collaborate with business units to make informed, risk-based decisions.

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Proactively identify opportunities to reduce toil by suggesting and championing the automation of manual triage, case management, and escalation workflows.
• Minimize recurring vulnerabilities by collaborating with partners to identify and solve root causes, ensuring long-term remediation.
• Monitor vulnerability metrics, including backlog status, historical trends, and remediation rates, to assess the overall security posture of the organization.
• Maintain runbooks or playbooks and document any new processes or procedures.
• Collaborate with Engineering and Compliance teams to manage pen-test results and address PCI-related vulnerabilities.
• Support ongoing bug bounty programs with a third-party vendor and internal stakeholders to prioritize and fix vulnerabilities.
• Support ongoing and periodic security risk assessment exercises that involves identifying, evaluating and monitoring cybersecurity risks using both quantitative and qualitative methodologies
• Collaborate with cross-functional teams (engineering, product, others) to gather relevant data required for risk analysis, provide domain and subject matter expertise in security and risk.
• Support risk mitigation and control improvement actions to drive risk remediation.
• Support the adoption, evolution, and continuous improvement of a risk program.

Qualifications:

• 5+ years of demonstrated security, intelligence, and risk management experience in a technology-focused company
• General understanding of cloud infrastructure (AWS, GCP, Azure), networking, and containerization
• Experience with scripting skills in designing and implementing security automation workflows
• Experience with multiple vulnerability scanning tools
• Deep technical understanding of common security vulnerabilities such as web application vulnerabilities, OWASP top 10, cloud vulnerabilities plus misconfigurations, and source code vulnerabilities
• Strong knowledge of risk countermeasures and compensating controls
• Ability to work independently and in a collaborative environment with excellent communication and interpersonal skills

An Ideal Candidate Would Have:.

• Fundamental knowledge of information security principles, including threats, vulnerabilities, and risk management
• Proficient in utilizing AI agents and workflows automation for process improvements
• Technical problem-solving mindset with strong work ethic, motivation, and results-driven attitude
• Hold security certifications such as CISSP, Security+, CySA+, or GIAC equivalent