Staff Security Analyst -Federal
San Francisco
Applications have closed
Harness
Harness is a modern software delivery platform that allows engineers and DevOps to build, test, deploy, and verify software, on-demand.Harness is led by technologist and entrepreneur Jyoti Bansal, who founded AppDynamics and sold it to Cisco for $3.7B. We’re backed with $425M in venture financing from top-tier VC and strategic firms, including J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, Adage Capital Partners, Balyasny Asset Management, Gaingels, Harmonic Growth Partners, Menlo Ventures, IVP, Unusual Ventures, GV (formerly Google Ventures), Alkeon Capital, Battery Ventures, Sorenson Capital, Thomvest Ventures and Silicon Valley Bank.
POSITION SUMMARY
Using industry standards and best practices, a Staff Security Analyst is responsible for delivering security projects, programs, and building continuous compliance at scale. We’re looking for candidates with experience implementing and managing FedRAMP, and with a drive to elevate security controls across the estate.
As a Staff Security Analyst, you will lead efforts to discover and reduce risk, implement business and technical processes, and acquire and maintain compliance certifications. You’ll use technology to design solutions that enable Harness’ security goals, and collaborate directly with engineering teams to Get Ship Done. You will be responsible for defining, documenting, and implementing technical security and compliance controls, and measuring the effectiveness of Harness’ security programs.
Key Responsibilities
- Lead the security design and delivery of Harness’ Federal service offerings.
- Lead and deliver risk assessments and technical advisory across our technical environments and business processes.
- Lead and facilitate engagement with external suppliers, auditors, and federal prospects.
- Partner with security and engineering colleagues to continuously monitor and manage security controls.
- Own and improve components of the supply chain security and vendor risk management process.
- Drive security and compliance across the business through empathetic partnership.
- Contribute precise and actionable analysis to enable security and privacy by design for engineering and business initiatives.
- Measure control and program effectiveness, and recommend new strategies to manage risk.
- Manage relationships with key partners, including the FedRAMP PMO, 3PAO and the AO.
About You
- You have at least 10 years of relevant industry experience.
- You have previous experience implementing or managing a FedRAMP compliant service offering.
- You have deep expertise with NIST 800-53 and related SPs.
- You have professional knowledge of enterprise SaaS applications and infrastructure.
- You have previous experience in a cloud-native environment (AWS, GCP, or Azure).
- You want to work in a high-growth environment and build new programs from scratch.
- You care about the details, and are willing to ask questions when you’re unsure.
- You are comfortable handling the unknown, and seek to bring clarity in ambiguous situations.
Bonus Points!
- You’ve led or played a primary role in achieving an ATO from scratch.
- Experience or familiarity with Platform One / Iron Bank.
- You are familiar with what’s going on under the hood of an AWS or GCP console, and can speak to best practices for configuration and management.
- You have exposure to industry regulations and compliance certifications (ISO 27001, SOC 2, SOX, etc.)
- You hold relevant security or technical certifications (CISA, CISSP, AWS/GCP Professional).
- You are eager to learn, and to share your knowledge with colleagues.
- You like to automate the boring stuff.
What You Will Have At Harness
- Competitive salary
- Comprehensive healthcare benefits
- Flexible Spending Account (FSA)
- Flexible work schedule
- Employee Assistance Program (EAP)
- Paid Time Off and Parental Leave
- Monthly, quarterly, and annual social and team building events
- TGIF-Off program - 10 extra days off! Awesome, right!
- Remote office stipend
- Monthly internet reimbursement
- Monthly Food & Beverage Reimbursement Program
Harness In The News
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, or national origin. #LI-Remote* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Azure CISA CISSP Cloud Compliance FedRAMP GCP ISO 27001 NIST Privacy Risk management SaaS SOC 2 Splunk
Perks/benefits: Career development Competitive pay Flex hours Flexible spending account Flex vacation Parental leave Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs