WHO WE ARE
Braze delivers customer experiences across email, mobile, SMS, and web. Customers, including Burger King, Delivery Hero, HBO Max, Mercari, and Venmo, use the Braze platform to facilitate real-time experiences between brands and consumers in a more authentic and human way. And we do it at scale – each month, hundreds of billions of messages are sent to a network of over 3 billion active users through Braze.
Need more proof? Braze was named a Leader in the Forrester Wave™: Cross-Channel Campaign Management (Independent Platforms), Q3 2021, and was named to the Forbes Cloud 100 list for the fourth consecutive year. The company has also been selected as one of Fortune’s Best Workplace for Millennials in 2021, and was ranked #20 on Fortune’s Best Medium Sized Workplaces in 2021. Braze is certified as a Great Place to Work in the UK and the U.S. and is recognized as one of the UK's Best Workplaces for Women.
WHAT WE'RE LOOKING FOR
We're seeking a Security Analyst to join our NYC-based Security Engineering team to help Braze achieve and maintain authorization and certifications that enable us to be competitive.The GRC team is responsible for audit readiness and risk mitigation across the organization. You will be able to help build compliance programs and make an impact at Braze. As a Security Analyst at Braze, you will be exposed to a wide range of security controls protecting (but not limited to) endpoint infrastructure, modern cloud-based containerized application deployments, and Web applications/API’s. You will work directly on the Security Engineering team, a technical team, exposing you to technical concepts and work, and the ability to have questions answered/evidence procured easily. In addition to helping guide the organization through compliance and risk frameworks, you will be a customer-facing advocate for the Braze security program, interacting with internal pre- and post-sales teams to meet client expectations for compliance, technical controls, policy, and governance.
WHAT YOU'LL DO
- Evaluate security controls on new and existing systems, processes, and technology to ensure the adequacy and the effectiveness and provide value-added recommendations.
- Collaborate with cross-functional teams to gather evidence in support of internal and external audits such as ISO27001, SOC 2, HIPAA, and other compliance frameworks.
- Collaborate to define Information Security requirements and develop/update policies and standards.
- Work with security engineers to implement the enterprise-wide strategy and key initiatives focused on the reduction of technology risk.
- Work with internal pre- and post-sales teams, as well as the Legal and Privacy team, to meet client expectations for compliance, technical controls, policy, and governance.
- Conduct vendor security reviews prior to onboarding.
WHO YOU ARE
- You have at least 2-3 years of formalized experience in compliance or risk in the context of the tech industry.
- You are familiar with ISO 27001, SOC 1 and 2, NIST and other Security frameworks.
- You are able to write policies and procedures that satisfy customer and internal requirements.
- You know how to conduct risk assessments and manage risk across multiple teams and assets.
- You enjoy evangelizing about security and risk to anyone who will listen, be it Braze employees, Braze customers, or contractors.
- You have a background in threat modeling.
WHAT WE OFFER
- Competitive compensation that includes equity
- Generous time off policy to balance your work and life, including paid parental leave
- Competitive medical, dental, and vision coverage for you and your dependents
- Collaborative, transparent, and fun loving office culture
If you are a California resident subject to the California Consumer Privacy Act, click here to understand how Braze processes your personal information and how you can exercise your rights.
Explore more Information Security career opportunities
- Open Senior Information Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Personnel Security Officer jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Incident Response Analyst jobs
- Open Information Security Architect jobs
- Open Chief Information Security Officer jobs
- Open SOC Analyst jobs
- Open Sr. Product Security Engineer jobs
- Open Azure Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open Staff Engineer, Cloud Security jobs
- Open Security Officer 3 jobs
- Open Software Security Engineer jobs
- Open Privacy Manager jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open Clearance-related jobs
- Open IDS-related jobs
- Open Machine Learning-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Open Source-related jobs
- Open Splunk-related jobs
- Open Intrusion detection-related jobs
- Open Encryption-related jobs
- Open Ruby-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open IPS-related jobs
- Open HIPAA-related jobs
- Open DevSecOps-related jobs
- Open TCP/IP-related jobs
- Open Unix-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs