Information Security Analyst
Pleasanton, California, United StatesDevOps
OpenVPN is seeking a skilled and motivated Information Security Analyst to join our team. This role will be responsible for protecting our information assets, and facilitating compliance with industry best practices. The ideal candidate will have strong communication skills, technical knowledge, and experience in policy development and compliance management.
- Take direction from and provide feedback to the Security Review Committee.
- Effectively communicate cybersecurity plans and policies to team members and stakeholders.
- Maintain a working understanding of modern industry security best practices and stay updated on emerging threats and trends.
- Review new infrastructure/architecture proposals to ensure they meet the company's security policies and industry best practices.
- Implement, and continuously improve security policies and procedures company-wide, based on current industry standards and best practices.
- Collaborate with third-party companies to achieve and maintain industry compliance certifications and ensure adherence to relevant regulations.
- Provide remediation recommendations and support in the event of security incidents, and work with stakeholders to address vulnerabilities and improve overall security posture.
- 3-5 years of experience in information security.
- Strong knowledge of industry security best practices, frameworks, and regulations ( NIST, ISO 27001, SOC2, GDPR, HIPAA, etc.).
- Experience working with various security technologies, such as firewalls, intrusion detection/prevention systems, encryption, and endpoint protection (Wazuh, Netbox).
- Experience working with a variety of cloud infrastructure (AWS, GCP, Azure).
- Strong analytical and problem-solving skills, with the ability to identify and resolve complex security issues.
- Excellent communication and interpersonal skills, with a proven ability to effectively convey security concepts to both technical and non-technical audiences.
- Willingness to work fully remotely except for occasional business trips (approximately 2-3 per year)
- Relevant security certifications, such as CISSP, CISM, or CompTIA Security+, are preferred but not required.
- 3-5 experience in a SaaS and/or software company is desired.