Senior Information Security Analyst

We’re the technology leader building the modern home management platform. Today, millions of people use Thumbtack to effortlessly manage their homes. We help them confidently know what to do, when to do it and who to hire. 

Our goal is simple: to be the only platform homeowners need to fix, maintain and improve their homes. As a long-term partner for homeowners, our promise is to turn what was once confusing and intimidating into something straightforward — and a lot less stressful.

At Thumbtack, we're not just creating a new era of homeownership. We’re supporting local economies and building stronger communities. Each day, we connect local professionals across America with busy homeowners so they can grow their businesses. 

Thumbtack is for everyone. Our customers and pros come from all walks of life and every county in the country. We want our team to reflect that. If you come from an underrepresented background in tech, we strongly encourage you to apply. 

Our North Star is bright and our ambitions are big. We’ve been at this for over a decade, but the way we see it: we’re just getting started.

Thumbtack by the Numbers

• Available in all 3,143 U.S. counties.
• Nearly 4.5 million customers in the last 12 months
• Hundreds of thousands of local professionals on our platform
• 65 million projects started on Thumbtack
• Over 7.5 million 5-star reviews left for stellar pros

About the Engineering Team

At Thumbtack, engineers at every level build products and systems that directly impact our customers and professionals. Our challenges span a wide variety of areas, ranging from building search and booking experiences to optimizing pricing systems, to building tools to help professionals grow their businesses. We believe in tackling these hard problems together as a team, with strong values around collaboration, ownership, and transparency. To read more about the hard problems that our team is taking on, visit our engineering blog.

About the Role

Our Security Engineering team acts as an internal cybersecurity consultation and audit team for Thumbtack. Our mission is to provide industry security best practices to the organization, access potential security threats, and vulnerabilities, and develop practical, cost-conscious risk-adjusted mitigation and prevention plans for Thumbtack. We oversee the development and execution of all cybersecurity programs; we sometimes implement the necessary changes. The Security team works closely with many cross-functional stakeholders, such as Legal, IT, Finance, Communication, Trust and Safety, Product development teams. 

In this role, you will be leading the vulnerability identification/mitigation, threat analysis, risk assessment aspects of cybersecurity. You are the domain expertise in vulnerability management, threat modeling, and risk registry. You are responsible for accessing Thumbtack’s current cybersecurity posture, developing a timeline and tactical plan to improve the posture, continuously and quantifiably. 

Responsibilities

Take ownership of all cybersecurity-related vulnerability management initiatives; taking initiatives from conception to completion, for both proactive management to reactive mitigation.

Must-Have Qualifications 

• Experience in managing bug-bounty programs, common vulnerabilities and exposures (CVE) systems, and common vulnerability scoring system (CVSS), 
• Member of the incident response team and/or security operation center
• Working experience with cybersecurity frameworks such as NIST CSF, ISO 27001, COBIT
• Managed or led penetration testing and/or vulnerability scanning
• Developed quantitative security posture metrics to track progress, manage vulnerabilities, and compose dashboards/reports regularly and consistently.

Nice-to-Have Qualifications

• Have formal security training and/or certification, such as CompTIA Security+, Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Global Information Assurance Certification Penetration (GPEN)
• Previous project and program management experience and/or certifications, such as PMP
• Experience in agile development, software deployment pipeline, service reliability engineering / DevOps
• Knowledge of OWASP Top 10, DevSecOps, computer forensics analysis
• Working experience with cybersecurity tools such as Wireshark, Metasploit, Nikto, Burp Suite. 
• Working experience with SAST, DAST, WAF, SIEM, SOAR, IDS, IPS.

Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada, or the Philippines. When it is safe to gather, we will begin to host in-person events on a regular basis. Remote employees will be expected to travel occasionally for these events to a Thumbtack library or offsite team-building location. In cities with 5+ employees, we are establishing local communities, where employees can gather for local events. Additionally, employees in the San Francisco, Salt Lake City, Toronto, and Manila areas will have opt-in access to communal workspace at one of our Thumbtack libraries. We always prioritize the health and safety of our employees. Currently, participation in these events and Thumbtack library use are optional. Both require employees to be fully vaccinated.

#LI-REMOTE

More About Us

Thumbtack is a technology leader building the modern home management platform. Through the Thumbtack app, homeowners can effortlessly manage their homes — confidently knowing what to do, when to do it, and who to hire. Bringing the $500 billion home services industry online, Thumbtack empowers millions of homeowners to fix, maintain, and improve their most valuable asset. 

Founded in 2008, Thumbtack is backed by over $500 million in funding from folks that include Sequoia Capital, CapitalG, Tiger Global Management, Javelin Investment Partners, Baillie Gifford. 

• See what it’s like to work here  
• Meet the pros who inspire us
• Follow us on LinkedIn  
• Discover our virtual first plan

Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, sexual orientation, gender identity, religion, national origin, citizenship, marital status, veteran status, or disability status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack’s Privacy policy available at https://www.thumbtack.com/privacy/.

*Currently, Thumbtackers can live anywhere in Ontario, Canada or the Philippines or in any of the following US states: AZ, CA, CO, CT, FL, GA, HI, IL, IN, KY, MD, MA, MI, MN, MO, NV, NH, NJ, NY, NC, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA. Our long term vision is to hire across all of the United States and Canada, but this expansion will take a few years.