Senior Staff Cyber Security Analyst - REMOTE
- Full-Time
- San Diego, CA
- VerSprite Staffing
- Posted 2 years ago – Accepting applications
VerSprite Staffing is a subsidiary of VerSprite Cybersecurity. Specializing in technology staffing and utilizing a network of technical clients, VerSprite Staffing connects top level technical talent with industry clients through various methods and expands not only clients talent network, but candidates job search as well. At the bottom line, VerSprite adds value to both clients and candidates alike.
We work with clients to fill both full-time and contracting opportunities, so If the following job interests you, please apply to learn more!
* Please note that this position is a full-time (W2) position, and we are not able to accept Contract to Contract positions or Contract to Hire positions * FULL TIME REMOTE
Position Summary:
The Product Security Team is looking for a talented Senior Staff Cybersecurity Analyst to help us strengthen our world-class business. As a valued team member, you will define, identify, document and manage vulnerabilities and security requirements designed to strengthen the security of our products and services.
You will be collaborating closely with engineering, development and technology groups to identify and document product security requirements with a focus on actionable and clear outputs. You will drive alignment of security requirements with the business and technical strategic direction of the company. You are highly motivated and a great communicator with teams of varying backgrounds. The successful Security Systems Analyst will own the process from start to finish.
Responsibilities:
- Manage the Postmarket vulnerability scanning and monitoring functions related to medical device products and services
- Triage vulnerability reports and work with product teams to apply risk scoring and escalations
- Interface with deep subject matter experts in Development, Customer Support and Operations to find and fix issues
- Generate content that will support Medical Device Quality system reporting
- Use advanced technical and workflow development skills to automate, streamline and expand coverage to new product lines
- Provide deep cybersecurity expertise to product development teams on vulnerability analysis, root cause and how to resolve issues
- Drive security by turning requirements into actions and deliverables
- Manage multiple security projects focused on business initiatives and requirements.
- Align, and document business process with the NIST framework.
- Partner with key security stakeholders in staying abreast of regulatory and compliance impacts.
- Design and document deliverables for successful planning and outcomes.
- Identify potential opportunities, risk or complications and drive stakeholders to meet objectives.
- Consult with Engineering and Development Teams to align processes.
- Collaborate with other security functions in defining and recognizing risk. Managing the register of identified risk.
- Day-to-day working with product, DevOps, testing and security teams to ensure products meet architecture, design, policy, standards and certification.
Requirements:
- Minimum 7+ years of experience managing product security initiatives with a track record of successful high visibility deliverables.
- Experience with vulnerability management, CVD programs and CVSS based risk scoring and management
- Experience with standards and compliance frameworks including IVDR, ISO13485, ISO27001, CIS, NIST, SOC1/SOC2, FedRAMP, GDPR, ITIL, etc.
- Project management skills, sense of ownership and ability to lead and define clear actions for the team and broader stakeholders that results in the accomplishment of shared goals across the organization
- Experience with penetration testing and embedded/IoT systems highly valuable
- Familiarity and experience with agile software delivery methodologies
- Familiarity with technical terminology focused on medical device and cloud technologies.
- Knowledge of common cybersecurity threats.
- Effective communicator delivering key messages that leads team, engage business partners and inform stakeholders using informative clear verbal and written communications
- Strong communication and documentation skills
- Strong risk analysis and problem-solving skills
Education:
- Professional qualifications are preferred: CSPM, CISM, CISA, CISSP etc.
- Bachelor's degree in computer science, engineering or similar and relevant work experience
Benefits:
- Base Salary
- Bonus/Commission
- Equity Awards
- 401k Matching
- Employee Stock Purchase Plan
- Education Assistance
- Paid Holidays
- Flexible Time Off (FTO)
- Paid Time Off (PTO)
- Volunteer Time Off (VTO)
- Health Plans