Senior Information Security Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Granicus India · 2 months ago

Senior Information Security Analyst

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date7+ years exp

Granicus is a leading company in the Govtech industry, dedicated to connecting governments with their constituents through innovative technology solutions. They are seeking a Senior Information Security Analyst to enhance their information security and compliance team, focusing on vulnerability management and NIST 800-53 controls, while also improving processes and reporting metrics.

Computer Software

Responsibilities

Assess and improve current process to increase automation and effectiveness
Analyze vulnerability scan reports and tickets created, with an eye for trend analysis and improvements. This may include discussions with system owners about patching cadence, inventory management, system hardening, and change control processes
Provide guidance to control owners. Work with control owners to identify opportunities to improve control implementation and scalability
Collaborate with Security Engineering to improve ticket automation, including ticket assignments, components, labels, and other ticket fields
Assign tickets, append appropriate labels, and triage vulnerability tickets. This may include findings from vulnerability scans, penetration testing, customer security testing, threat intelligence findings, applicable CISA alerts, or other vulnerability notices
Lead improvements in metrics reporting. This will include internal security metrics and reporting as well as engaging product owners for improvements in product vulnerability reporting and tracking
Participate in change control review meetings to provide Security feedback and decisions
Partner with system and product owners to guide improved rationale and security impact analysis for deviation requests. Create playbooks for the system and product owners to utilize for improved deviation rationales
Author control implementation summaries and deviation rationales that support Granicus’ security posture and meet quality and content requirements
Support the information security team to track and maintain overall compliance with audited controls (which include controls from FedRAMP Moderate, TxRAMP, StateRAMP, ISO 27001, SOC 2, PCI, HIPAA, CJIS, and FISMA)
Support compliance audits, including FedRAMP and ISO 27001. This will include participation in audit discussions, evidence collection and review, and planning

Qualification

NIST 800-53FedRAMP ConMon reportingVulnerability managementJira query languageCloud security auditsSecurity frameworks knowledgeTrend analysisAWSAzureGCPRelevant security certificationsCommunication skillsCollaboration with teams

Required

Experience with vulnerability management and NIST 800-53 controls
Experience with FedRAMP ConMon reporting, including completion of the PO&AM, DR tracker, and other ConMon documents
Experience working with software development and cloud operations teams at a SaaS and software company
Experience with container vulnerability scans
Direct experience with third party cloud security audits, such as FedRAMP
Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, and/or Cyber Essentials
Understanding of audit frameworks and translating the control descriptions to system owners as actionable internal controls
Strong communication skills, written and verbal
Expertise with Jira query language and excel
Drive to identify trends, inconsistencies, or other issues in order to resolve issues for effective vulnerability management, tracking, and reporting
Experience working with a robust product set, including software and cloud services
Ability to work with technical teams and non-technical teams
Familiarity with AWS, Azure, and/or GCP cloud security and infrastructure
7+ years in information security and compliance
5 years experience analyzing and tracking vulnerability scan reports

Preferred

Relevant security certifications are a plus, such as CISSP, SEC+, or equivalent

Benefits

Paid Time Off– Take the time you need to rest, recharge, and live your life.
Company-Wide Wellbeing Days – Paid days off to unplug and focus on your mental health.
Work From Home Reimbursement – Support a productive home office environment.
Private healthcare benefits - Comprehensive coverage for you and your family.
On-Demand Mental Health Support – Access to Headspace and other wellness tools.
Fitness Reimbursement & Cycle Program – Stay active, your way.
Critical Illness and Life Insurance Benefits
Paid Parental Leave - For both birthing and non-birthing parents.
Pension plan with employer contributions
Online Learning Platforms – Fuel your professional development.
Competitive Salary & Bonuses – Your contributions are valued and rewarded.

Company

Granicus India

twitter
company-logo
people-size1001-5000 employees
web-link
https://granicus.com/india/

Funding

Current Stage
Late Stage
Company data provided by crunchbase