The Role

TripleLift is seeking a Security Analyst to join our team full-time. We are a fast-growing startup in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment. You will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You’ll help drive improvements in our security operations capability and support critical projects enhancing our detect-and-respond capabilities.

Responsibilities

• Play a critical role in building and maintaining a global security compliance program based on NIST CSF
• Support the execution and completion of external certification audits such as SOC2 and ISO 27001/2
• Develop and maintain security policy documentation, ensuring adherence to any updates to legal and contractual obligations
• Perform internal security risk assessments, as well as external vendor assessments, and facilitate remediation activities
• Fulfill partner requests for security due diligence questionnaires and audits
• Develop and implement process improvements around threat modeling and vulnerability assessments of applications and infrastructure
• Assess and improve the security posture of cloud-based infrastructure
• Create and manage security procedure documentation
• Evangelize security best practices and provide education and awareness to company employees
• Participate in security incident handling activities
• Evaluate and continuously improve the maturity of the security program through the deployment and management of various GRC tools and processes

Desired Skills and Attributes

• 1-3+ years as a security analyst or similar role
• Working in security audit, compliance, information security operations, or security consulting
• Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of PCI, SOC2, ISO 27001/2, or similar
• Designing and testing security controls, as well as documenting related risk findings and activities
• Working with external auditors or assessors and facilitating evidence and information gathering from internal stakeholders
• Understanding of how to achieve compliance objectives in a cloud-native environment
• Comfortable taking ownership of projects and showcasing key accomplishments
• Strives for continued learning opportunities to build upon craft
• Values correctness and efficiency and has an exceptional eye for detail
• Ability to work quickly and independently with minimal oversight
• Ability to work under pressure and multitask in a fast-paced start-up environment
• Desire to accept feedback and constructive criticism
• Holds a Cybersecurity certification or is in the process of achieving one, e.g. CEH, Security+, CISSP, CISA, etc.

Education Requirement

A Bachelor’s degree in a technical subject is preferred, although candidates with relevant experience who hold other degrees will be considered.

Experience Requirement

At least one year of experience working within a security role or related/adjacent role.

#LI-TP1