Security Analyst

Workrise is hiring a Senior Security Analyst that will be responsible for the day-to-day analysis of security threats, vulnerabilities, and detections. Our ideal candidate for this role will be someone who has a passion for proactive security, seeks understanding through data, and can engage a variety of stakeholders across the Workrise enterprise.   

This role will report to the Director of Security Engineering.

What you’ll be doing:

The Security Analyst is a dynamic role that requires strong analytical skills, scripting skills (we leverage python for detections), a solid offensive security mindset, ability to tell stories with data, and ability to take a heuristic approach to vulnerability management. Some of they day to day include:

• Bug Bounty Program Triage - You will be responsible for triaging and reproducing reports that come in from our Bug Bounty and Vulnerability Management programs.
• SIEM Detection & Response - You will be responsible for creating and running playbooks for critical alerts
• Vulnerability Management - Security tools are inherently noisy, you will be responsible for assessing vulnerability priorities and tuning vulnerability management heuristics.
• Incident Response - You will start and lead security investigations, determine indicators of compromise and bring in stakeholders for awareness.
• Data mining & report building - Because we are a data-minded organization, you will tell stories with data and build interactive dashboards (Tableau, Google Data Studio, Juypter)
• Creating & tuning SIEM detections - You will help create and tune detections to reduce signal to noise, and surface critical and actionable events.
• Collaboration  - You won’t do any of this in a vacuum. You will have a team of Security Engineers, Privacy Officers, and an organization that will support you in these efforts by building best-in-class security solutions to give your work the ultimate impact.

Essential Job Functions:

• Data, data, data. You will need to have demonstrated analytic experience and ability to generate metrics and insights across logs and multiple disparate data sets.
• Solid experience with SQL. Doing mental pivot tables and joins should come easily for you.
• Solid scripting experience. Experience in a scripting language for scraping, data analysis, small web apps, and a willingness to learn Python if it is not your primary scripting language.
• Data Visualization - You experience being able to create visualizations (time series, stacked bar, etc) and tell a story with it. You have created self-service dashboards for other colleagues to consume.
• Some exposure to vulnerability scoring and management (CVSS, EPSS)
• Understanding of CVE, CWE and how to read and interpret them for business context. 
• Understanding the OWASP Top 10 and experiencing seeing them in the wild.
• Experience working with a client-side proxy tool such as Burp or ZAP Proxy.
• Excellent written communication and ability to summarize complex information for non-technical audiences.
• Experience with vulnerability management for SAST tools like SonarCloud, GitHub Advanced Security, Snyk.
• Any experience with cloud security, identity lifecycle management, IAM, patch management is good to have.
• Experience working in early or late stage start-ups is helpful.

Experience and Education Requirements:

• Bachelor's degree in a program with a technical or mathematics focus. 
• 2-3 years working in a Security setting such as a SOC.
• 3-5 years professional IT, Software Engineering and/or Security experience.

More than a job:

At Workrise you can feel good about supporting our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of our workers and the clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

In appreciation for your contributions, we support you with:

• Working alongside talented peers who will bring out the best in you
• The opportunity to significantly impact the growth curve of an already high-growth business
• Benefits for full-time employees, flexible paid time off, 401k with company matching, medical, dental and vision insurance

Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team.

Who we are:

In 2014, we set out to create a better way to manage and deploy Oil & Gas workers at scale through technology. Over time, we’ve grown to add Renewables in service of the energy industry. 

We’re a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, and Baillie Gifford. To date, we’ve placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially.

We’d love to share more through the interview process and look forward to learning more about your journey.

To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.