Senior Security Analyst
San Francisco, CA (HQ) & Remote: CA, IL, MI, NY, PA, TX, CO, WA, UT, OR
Lob is building a suite of APIs for the enterprise. Our most popular API is our print and mail API that enables companies to send physical mail as effortlessly as sending emails. We are growing our customer base and product offerings quickly and are looking for a talented Senior Security Analyst to bolster our go to market efforts and build long term revenue.
As a GRC Analyst, you will help Lob strengthen our compliance program to ensure adherence with regulatory requirements, customer contracts, industry best practices, etc. In this role, you will assist with answering customer RFPs and due diligence questionnaires, help Lob successfully complete annual audits, author policies, work with all internal teams to improve and create new processes and much much more.
A successful candidate for this role is someone who is detail oriented, data-driven, and experienced in policy writing. Someone who can manage competing priorities, translate regulatory and customer requirements into solid and secure processes and is energized from a fast-paced start-up environment. If you are someone looking for first-hand experience in building and improving a great compliance program at a high growth start-up company, this role would provide you an opportunity to make an impact every day.
We offer remote working opportunities in California, Texas, Michigan, Pennsylvania, New York, Illinois, Colorado, Washington State, Utah, and Oregon. You can also work onsite at our San Francisco headquarters.About The Role
Lob is building a suite of APIs for the enterprise. Our most popular API is our print and mail API that enables companies to send physical mail as effortlessly as sending emails. We are growing our customer base and product offerings quickly and are looking for a talented Security Analyst to strengthen our security program, bolster our go to market efforts and help build long term revenue.
As a Senior Security Analyst, you will ensure Lob adheres to regulatory requirements, customer contracts, industry best practices, etc. In this role, you will be responsible for safeguarding Lob’s assets, building processes and procedures to reduce risks, working with multiple teams to ensure Lob’s infrastructure and code is secure and much more!
A successful candidate for this role is someone who is very analytical, a true self-starter, is detail oriented, has the ability to learn quickly, can manage multiple projects and works with minimal supervision in a fast-paced start-up environment. If you’re someone looking to build a great security program at a high growth company, this role would provide you an opportunity to make an impact every day.
Aa a Senior Security Analyst, you'll
- Be responsible for the hands-on configuration and support of a wide range of security and networking technologies such as: IPS/IDS, SIEM, vulnerability scanners, identity and access management, access control, DLP, firewalls, endpoint security, email filtering, routers, switches, etc.
- Working closely with various teams, to evaluate the current architecture and security related processes such as vulnerability management, patch management, endpoint security, cloud environment, etc. looking for ways to design and implement improvements
- Designing and deploying security solutions to enhance security monitoring and improve alerting capabilities while minimizing application development friction.
- Develop metrics and various controls to monitor and report on the security program’s progress and health status
- Assist in leading security incident response efforts to gather required evidence and remediate incidents
- Partner with various teams to perform risk assessments on production and test environments, data center/cloud environments, proposed changes, APIs, networks, applications, etc. to ensure they are free from security vulnerabilities and follow industry best practices as well as design security controls and safeguards
- Manage Lob’s vulnerability management and patch management programs to include our bug bounty program, annual penetration tests, etc.
- Configure log collection and analyst tools (SIEM) to monitor networks and systems for issues as well as design alerts to notify teams of potential problems
- Be responsible for planning and managing security related projects
- Utilize a variety of informational sources such as threat intelligence reports/feeds, NIST NVD, vendor advisories, etc., to assess potential threats and vulnerabilities then recommend reasonable improvements
What you will bring to this role...
- 5+ years of experience in a technical security role
- A self-starter with a high level of initiative, attention to detail and ability to work independently and effectively under minimal supervision
- Strong technical skills with experience configuring and managing: network devices (e.g. routers, switches, etc.), a variety of operating systems, data centers/cloud environments, identity and access management systems, endpoint security, email filters, SIEMs, IPS/IDS, firewalls, vulnerability scanners, encryption algorithms, etc.
- Must be able to plan, manage and implement security related tools and projects alone while also working with operations and data intelligence teams as needed
- Experience planning and managing security risk assessments such as penetration tests, third party audits, vulnerability assessments, etc. as well as creating and tracking remediation plans to completion
- Ability to communicate complex issues, vulnerabilities and security recommendations to other teams, senior management, external vendors, etc.
- Experience analyzing design requirements, infrastructure changes, etc. to identify security weaknesses, risks and areas of improvement with the ability to recommend safeguards, risk mitigations, etc.
- Ability to develop metrics and various reports to monitor and report on the security program’s progress and health status
- Experience building security solutions and performing vulnerability and threat assessments on web applications, SaaS environments, APIs, cloud environments, end points, networks, etc.
- Ability to analyze logs, packet captures, malicious files, etc. looking for indicators of compromise, anomalous behavior or threats with the ability to design and implement appropriate safeguards
- Ability to implement controls from a variety of frameworks, regulations, etc. such as: HIPAA, NIST, ISO 27001, COBIT, CIS Controls, OWASP Top 10, etc.
- Experience with or understanding of software development and the software development lifecycle
Lob was built by technical co-founders with a vision to make the world programmable. We offer two flagship APIs (print & mail and address verification) that enable companies to send postal mail as effortlessly as sending emails. Lob is venture-backed by the most reputable investors in tech, and we are rapidly growing our team to shape the future of our company and meet the demands of a quickly growing customer base and dynamic product offerings.
We give our employees a lot of responsibility and ownership of their work. You will have fun at work while engaging in challenging projects with the best and brightest.
- Health benefits for you and your dependent(s)
- Healthcare Care Flexible Spending Accounts
- Unlimited vacation policy
- Commuter & Parking benefits (includes monthly stipend)
- Wellness program (includes monthly stipend or free Barry’s Bootcamp classes!)
- Paid parental leave
- Free lunch, dinner, and snacks
- Dog-friendly office
- Ground floor opportunity as an early member of the Lob team; you’ll directly shape the direction of our company
Our Commitment to Diversity
Lob is an equal opportunity employer and values diversity of backgrounds and perspectives to cultivate an environment of understanding to have greater impact on our business and customers. We encourage under-represented groups to apply and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.
Forbes 30 Under 30 - Enterprise Technology 2017
#132 on Y Combinator's Top Companies List 2021
#26 2018 Fastest-Growing Private Companies, The Business Journals