Security Analyst

Job Description

Company Description
UserTesting enables every organization to deliver the best customer experience powered by human insight. With UserTesting’s on-demand Human Insight Platform, companies across industries make accurate customer-first decisions at every level, at the speed business demands. With UserTesting, product teams, marketers, digital and customer experience executives confidently and quickly create the right experiences for all target audiences, increasing brand loyalty and revenue. UserTesting has over 1,200 subscription customers, including 48 of the top 100 brands in the world, and has delivered human insights to over 35,000 companies to-date. Founded in 2007 and backed by Accel and OpenView, UserTesting is headquartered in San Francisco with offices in Atlanta and Edinburgh. To learn more, visit www.usertesting.com.Job Description
Join our passionate information security team and help us drive cutting edge security technologies and be part of exciting security projects and initiatives for a high growth and fast-moving SaaS company that’s devoted to data protection and believes our customers should be able to see, hear and talk to their customers to EMPATHIZE & UNDERSTAND their perspectives and gain fast feedback and insights to make decisions at the speed of business today. Key duties

• Keep current with the latest trends in security risk analysis, assessment, and associated methodologies.
• Identify and communicate current and emerging security threats
• Identify security gaps in existing and proposed technologies and recommend changes or enhancements
• Assist in developing and maintaining enterprise information security policies, technical standards, guidelines, and procedures.
• Assist in the process of conducting risk assessments of internal/external applications and solutions, ensuring adherence to regulations, policies, and frameworks.
• Assist in the process of conducting vendor information security risk reviews and communicate the results.
• Review security language in contracts, work orders and other customer agreements to make sure it aligns with and can be met by company policies and practices.
• Assist in maintaining compliance with internal controls and certifications
• Provide ongoing, up-to-date security awareness training.
• Respond to security incidents and help keep track of post-incident tasks
• Participate in managing the phishing awareness and buy bounty programs
• Contribute to the design and implementation of enterprise-class security systems.
• Participate in internal audits and support external audits
  

Skills and competencies

Two or more years of security experience, including:

• Implementing security controls, performing ongoing maintenance on security technologies, and prevent, detect analyze and respond to security incidents.
• Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Consulting in the development and design of security best practices and implementation of solid security principles across an enterprise organization.
• Providing security and awareness training.
  

Experience with and knowledge of:

• LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems.
• Knowledge of security vendor landscape for antivirus, data loss prevention, vulnerability scanning, and network security technologies.
• Understanding of standards and frameworks such as Committee of Sponsoring Organizations of the Treadway Commission (COSO), Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST).
• Privacy regulations to include the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
  

General skills include:

• Strong communication skills (verbal and written)
• Organizational skills, ability to multitask, strong attention to detail, excellent problem solving, and follow-up skills required.
• Work in a team environment and independently, make decisions and multitask effectively in a very diverse, project-oriented environment.
• Ability to complete high-quality deliverables and is a team player.
• Provides extraordinary customer service.
• To learn and comprehend basic instructions, understand the meanings of words and respond effectively, and perform basic arithmetic accurately and quickly.
• Critical thinking and analytical skills.
• Demonstrated ability to identify risks associated with information security programs and technology projects.
  

Relevant experience, education, and certifications:

• Minimum of two years of cumulative paid work experience in information security, information technology, or technology risk management related work.
• Minimum of one-year college completed in coursework related to information security, engineering, mathematics, or a related area. An associate’s degree in an IT field is a plus, and a Bachelor’s degree in cybersecurity is an even more significant plus.
• Holds an active certification from the International Information System Security Certification Consortium (ISC)2 or the Information Systems Audit and Control Association (ISACA), or can pass the CISSP certification within 12 months of hire.
  

Additional Information
Besides a great work environment and the opportunity to change the world, we offer competitive salaries, benefits, plenty of perks, as well as stock options.