Senior Information Security Analyst
Gainsight™ is a venture-backed, fast-growing tech company revolutionizing Customer Success for businesses. The Customer Success company helps businesses grow faster by reducing churn, increasing upsell, and driving customer advocacy. Gainsight provides a complete, end-to-end Customer Success solution through its services and technology. The industry-leading platform helps companies manage customer relationships effectively, track customer health, and transform the way organizations orient around the customer. Gainsight is the platform of choice for many leading companies like Box, Adobe, and Workday. The company has been recognized as one of the top 100 private cloud companies in the world by Forbes, one of the fastest-growing private companies in America by Inc. Magazine, and as one of 20 Great Workplaces in Tech by Fortune Magazine. Gainsight’s CEO, Nick Mehta, has been recognized as one of the Top SaaS CEOs in America. Gainsight India has also been certified as one of the Great Places to Work. The company has offices in California, Phoenix, St. Louis, London, Israel, and India.
About The Job Role
The Senior Information Security Analyst will drive the Product security track of world-class products for Gainsight, a growing Software as a Service innovator which takes Security seriously. This role will own the security posture of features being developed across the technology stack. This role is key to security since it encompasses activities such as code review, architecture/design reviews, testing vulnerabilities, threat modeling, technology/third-party library risks, liaising with Engineering on secure design patterns, and consulting with product teams on remediation patterns. The role takes pride in driving product security across Engineering by closely interacting with the Architecture Council and Security world. This role will report to the Product Security Manager and is based out of Hyderabad, India.
What You’ll Do Here
- Perform secure design and/or code reviews for vulnerabilities.
- Understand product in and out for finding design, functional, and technical security vulnerabilities.
- Champion application security paradigms and help implement remediations.
- Review scan results and advise appropriate remediations.
- Perform code release reviews for new changes being introduced for vulnerabilities.
- Understand and keep in sync with evolving production cloud configuration, application configuration, technology standards, and frameworks.
- Use industry-leading tools for validating application security issues, and drive adoption of those tools.
- Enable production releases of Gainsight’s industry-leading SaaS product by reviewing releases, with coaching, for security issues and signing off on releases as appropriate.
- Perform Proof of Concepts for new technology proposals for security posture.
- Consult with the Product organization spread across several teams for secure product development, review of their security concerns/remediation.
- Improve DevSecOps posture by incrementally automating and adopting seamless functions on SAST and DAST within deployment pipelines by working with release teams.
- Lead the organization in setting standards, procedures, and processes around Product Security with Engineering.
- Drive security culture with Engineering and own product security functions.
What We’re Looking For
- 5-8 years of hands-on experience in Product security functions.
- Minimum 2-3 years of hands-on experience in coding or product development across any technology stack.
- Solid expertise in application security including OWASP Top 10 and appropriate processes for signing off releases/features using industry known appsec tools.
- Hands-on experience performing Vulnerability Assessment on applications and cloud infrastructure by clearly understanding the business and threat landscape across the industry.
- Demonstrated expertise in identifying security vulnerabilities using leading tools either using SAST, DAST or IAST.
- Prior experience in Threat modeling is preferred.
- Understanding of network and security analysis tools, penetration testing, firewalls, VPCs, VPNs is desirable.
- At least one industry certification: CEH, GSEC, CompTia Security+, CISSP, ECSA or OSCP.
- Nice to have skills: AWS Cloud security, TOGAF or Java Certified Professional.
Why You’ll Love It Here
- Our Attitude: We’ve created a new industry from scratch, and we’re on the fast track!
- Our Leadership: We offer the leading tech solution for driving Customer Success.
- Our ROI: Reduce customer churn, increase up-sell, and improve customer satisfaction.
- Our Technology: Deep Salesforce.com hooks, predictive analytics, and highly scalable product with a beautiful user interface.
- Our Impact: We help our customers make millions of dollars more per year.
- Our Clients: Big companies like Box, Adobe, Marketo, and many others.
- Our Team: Tech all-stars from Facebook, Box, and others (and top consulting firms like BCG and McKinsey!).
- Our Values: They are unique - Golden Rule, Success for All, Childlike Joy, Shoshin, and Stay Thirsty, My Friends.
- Our Office: If you showed up one day, you might find anything from karaoke performances to mini-golf championships.
Here are our 5 core values:
- Golden Rule: We believe in trusting each other, and our community by exercising reliability.
- Success for All: We believe that success for our stakeholders comes with making a difference in each other’s lives.
- Child-like Joy: We aspire to experience passion, optimism, and laughter in everything we do.
- Shoshin: We believe in a beginner’s mind, and that learning comes from everywhere.
- Stay Thirsty, My Friends: We believe in an internally-driven strive for greatness.
Individuals seeking employment at Gainsight are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
Explore more Information Security career opportunities
- Open Senior Information Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Incident Response Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Azure Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Personnel Security Officer jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Penetration Tester jobs
- Open Information Security Architect jobs
- Open Information Security Officer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Sr. Product Security Engineer jobs
- Open SOC Analyst jobs
- Open Cybersecurity Engineer jobs
- Open Security Officer 3 jobs
- Open Privacy Manager jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open DevOps-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Clearance-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open Open Source-related jobs
- Open Splunk-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open HIPAA-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open Unix-related jobs