Security Analyst

New York, NY

Spotify logo
Spotify
Apply now Apply later

Posted 4 weeks ago

Spotify listeners, creators and employees trust us to provide a safe digital platform that protects any sensitive information they share with us. Spotify Security is a distributed team that champions and delivers on initiatives with Spotify’s autonomous teams to ensure that our organization keeps information security appropriately prioritized and that the trust we have with these stakeholders is well-deserved. We focus on raising security awareness, providing security intelligence and building tools to enable these teams to feel a shared sense of responsibility for security and privacy concerns. We aim to constantly improve the security posture of our organization by iterating on our tooling and process.
We are looking for a security analyst to join our vulnerability management team that helps teams make informed decisions on their security posture based on security vulnerabilities and continuously improve their security and engineering practices. You will play a key role in ensuring we discover and manage vulnerabilities before attackers can use them to harm Spotify.

What you’ll do

  • Drive improvements and the smooth operation in Spotify’s Vulnerability Management program, which notifies teams about vulnerabilities discovered on their technical assets and supervises their resolution. 
  • Support development teams in their usage of the Vulnerability Management Program, such as onboarding new teams and technical assets onto the program, understanding findings from the program and the vulnerability issue lifecycle, and generally ensuring that they realize value from the program.
  • Provide security expertise regarding vulnerabilities, exploitation/attack scenarios, and the risk in terms of likelihood and impact.
  • Coordinate the resolution of outstanding vulnerability findings that require human intervention.
  • Imagine and propose improvements to our vulnerability management systems, which automate the most common aspects of vulnerability management lifecycle and provide a simple interface for asset owners to self-manage their vulnerability findings.
  • Collaborate with other security teams and partners to ensure the vulnerability management program and systems align with our overall security program.

Who you are

  • You have hands-on experience working in an agile security team and can point to your impact in how you’ve helped improve security posture, preparedness, or maturity.
  • You can point to multiple instances where you’ve helped development teams understand the risk vulnerabilities pose, and determined a path forward to eliminate or manage the risks stemming from them in light of competing priorities.
  • You have a deep understanding of security vulnerabilities in at least one technical domain. You are at ease communicating the details about them to technical and non-technical audiences.
  • You are familiar with modern cloud-based technologies used to deliver rapidly-changing products at scale.
  • You have a keen eye for identifying problems and opportunities in large-scale distributed organizations, and understand where and when to apply your attention to detail.
You are welcome at Spotify for who you are, no matter where you come from, what you look like, or what’s playing in your headphones. Our platform is for everyone, and so is our workplace. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be forward-thinking! So bring us your personal experience, your perspectives, and your background. It’s in our differences that we will find the power to keep revolutionizing the way the world listens.
Spotify transformed music listening forever when we launched in 2008. Our mission is to unlock the potential of human creativity by giving a million creative artists the opportunity to live off their art and billions of fans the chance to enjoy and be passionate about these creators. Everything we do is driven by our love for music and podcasting. Today, we are the world’s most popular audio streaming subscription service with a community of more than 320 million users.
Job tags: Vulnerabilities Vulnerability management
Job region(s): North America
Share this job: