Information Security Analyst Castlight Health
San Francisco, CA

Job Description

The Security Operations team uses cutting-edge security technology to collect and analyze thousands of data points per day, to protect millions of users' sensitive information. Our team has broad responsibility for information security, application security, security monitoring, and incident response across Castlight Health. We are motivated and proactive individuals woven into a collaborative business where teamwork and flexibility are critical to our success.

We are looking for a Information Security Analyst to bring fresh perspectives in all areas of security, including information retrieval, alert correlation automation, network and application penetration testing, as well as malware analysis. You will work closely with IT teams, data center operations personnel, and external business partners. You will play a key role in analyzing potential threats, as well as managing security tools and projects that align with Castlight Health's security strategy.

Responsibilities

* Manage and mature security tools for configuration, automation, SIEM integration, and availability
* Leverage tools to identify application and network vulnerabilities.
* Work with developers on code fixes
* Manage and coordinate cross-functional projects with Security team members
* Provide guidance and support to junior team members during security projects and day-to-day job responsibilities
* Assist with customer security requests and coordinate customer security audits
* Assess vendors against security requirements and execute periodic vendor security reviews
* Collect, review, analyze, and verify the design and effectiveness of technical security controls based on internal policy, compliance frameworks, and client expectations

Qualifications

* 5 years of experience in information security, network security, application security, and/or IT audit/compliance
* BA/BS in Computer Science, Information Systems, or equivalent degree
* CISA/CISM/CISSP or other relevant certification desired
* Must be action and results oriented, with excellent communication and presentation skills, and have the ability to present ideas in a collaborative team setting and in a user-friendly language
* Strong general business skills and an aptitude for critical thinking and intellectual curiosity.
* Great attitude, independent, and takes ownership of all tasks from start to end.

Required Skills

Technical understanding of Internet Protocol, distributed systems, and cloud architectures

* Experience of information security tools/systems: SIEM, DLP, IDS/IPS, etc.
* Unix and Bash
* Must be comfortable in a fast-paced, demanding, and dynamic work environment
* Experience with one or more of the following Information Security frameworks and standards: ISO/IEC 27000-series, SSAE16, SOC1/2, HITRUST, and rules/regulations related to privacy and data confidentiality (e.g. Privacy Shield, GDPR).

Travel

Up to 10% travel that may include international locations

Our Values

One team. On a mission. Making things happen.

Diversity and Inclusion

The Castlight culture values and celebrates different backgrounds, perspectives, and points of view. We believe our diversity helps drive creativity and innovation. We strive to make everyone feel included, valued, and engaged; enable them to do their best work; and build their careers here at Castlight. That is why diversity and inclusion are more than just words to us. Rather, they are a commitment to a culture where employees feel respected and empowered to share their ideas and deliver the best results.