Information Security Analyst
As a hands-on Information Security Analyst, you will be part of a small but highly motivated Information Systems team that designs, builds and maintains all of the infrastructure that is the foundation for all ShotSpotter services.
Working closely with the Information Systems team you will be responsible for installing, monitoring and maintaining systems to improve both the security of the applications we develop and the systems we use.
Working closely with our application development team you will mentor software engineers on AppSec best practices and assist in audit, review and remediation of security weaknesses within our growing suite of software solutions.
- Evaluating applications we develop to determine possible security weaknesses and mentoring the Application Teams on best practices for secure software development.
- Installing and operating tool suites to assist in the above task, tools can include static and dynamic code analysis, cloud security scanning solutions, application pen testing tools and others as required.
- Perform application pen testing on our application and prepare reports that document security of the applications we create.
- Monitor ShotSpotter’s SIEM, networks and systems for security breaches and assist in investigate any violations as they occur.
- Prepare reports that document security breaches and the extent of the damage caused by the breaches.
- Install and use software, such as firewalls, data encryption and endpoint protection, to protect sensitive information.
- Perform security audits on third party vendors and libraries.
- Research the latest information technology (IT) security trends.
- Help drive our information security standards and best practices across the organization.
- Recommend security enhancements to management or senior IT staff.
- Help users and developers when they need to install or learn about new security products and procedures.
- Ensure onboarded and offboarded computer systems are correctly installed, archived and wiped for arriving or departing employees.
You will be heavily involved with creating ShotSpotter’s disaster recovery plan, that will be followed in case of emergency. The plan should ensure the continued operation of ShotSpotter’s key systems. The recovery plan should include preventive measures such as regular backups to offsite location and plans to restore proper functional systems after a disaster or ransomware attack. You will be responsible for continually testing the plan and auditing that all necessary data copies are made on a regular basis.
You will be expected to stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. You will need to research new security technology and help decide what will most effectively protect ShotSpotter.
- Bachelor’s in computer security, Computer Science or similar degree.
- 3 or more years operational experience with computer security and some software development background.
- Extensive experience with Linux and Windows operation systems.
- Strong knowledge of AppSec tools and best practices
- Some knowledge of AWS and cloud computing environments.
- A strong understanding of modern system, network and service-related security best practices.
- Firm technical grasp on the usual suspect services and protocols such as DNS, LDAP, SMTP, HTTP, TCP/IP, SSL, etc.
- Solid understanding of networking and distributed computing concepts.
- Superior troubleshooting skills.
- Immaculate attention to detail.
- Strong English communication skills.
- Willingness to stand in an on-call Tier 3 rotation as part of the engineering experts supporting our 24/7 operation.
- CISSP or Security+ certified beneficial.
- Experience with Kubernetes and micro service based architecture.
- Experience of any of the following languages; NodeJS, Angular, Python or Perl.
- Experience with AlienVault.
- Experience with Palo Alto and Juniper SRX firewalls.
- Knowledge of NIST 800-53 moderate controls.
- Knowledge of CJIS.
REPORTS TO: VP of Operational Engineering
LOCATION: Newark California
The company reserves exclusive right in its sole discretion to modify, adjust, delete, add or otherwise change the above at any time.
ShotSpotter provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, ShotSpotter complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
ShotSpotter expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of ShotSpotter’s employees to perform their job duties may result in discipline up to and including discharge.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact ShotSpotter at +1.510.794.3183 or firstname.lastname@example.org for assistance.