Information Security Analyst

Summary

Join Fluxx as an Information Security Analyst and play a vital role in protecting our collaborative grantmaking platform. You will be responsible for monitoring security threats, responding to incidents, and improving our security posture. This full-time, remote position requires 2+ years of experience in security operations and a basic understanding of networking, firewalls, and security protocols. You will work with various security tools and technologies, conduct vulnerability management, and maintain access control. Fluxx offers a competitive salary, comprehensive benefits, and a supportive work environment.

Requirements

• 2+ years of experience in security operations or a related field
• Basic understanding of networking, firewalls, and security protocols
• Operational familiarity with Linux and containers
• Understanding of K8s manifest files and package versioning
• A passion for continuous learning and a proactive approach to security challenges
• Analyze and document findings effectively, providing clear insights into key issues

Responsibilities

• Perform real-time monitoring of security events and alerts across various security tools (e.g., SIEM, EDR, DLP)
• Rapidly respond to security incidents, conduct root cause analysis, and implement containment and remediation measures
• Assist in post-incident analysis and reporting to identify areas for improvement and prevent future occurrences
• Administer, tune, and enhance security tools and technologies
• Develop and maintain automation scripts and tools to improve security operations efficiency and effectiveness (e.g., threat hunting, incident response playbooks)
• Maintain comprehensive documentation on security incidents, vulnerabilities, and procedures
• Triage and analyze vulnerability scan results from various sources (e.g., penetration tests, and vulnerability scans)
• Prioritize vulnerabilities based on risk and impact, escalating critical issues as necessary
• Collaborate with development teams and other stakeholders to drive the remediation of vulnerabilities
• Regularly audit and refine vulnerability management processes, tools, and reports
• Conduct regular access reviews and audits to ensure appropriate access levels for users and systems
• Investigate and remediate access control violations
• Assist in the implementation and maintenance of least privilege principles
• Support internal users with security concerns and questions, providing guidance and assistance
• Contribute to the development and delivery of security awareness training programs
• Promote a strong security culture within the organization
• Communicate effectively and empathetically with development teams, providing clear and actionable guidance
• Effectively present security findings and recommendations to development teams and management
• Collaborate with technology stakeholders across the organization
• Write clear, concise, and effective technical documentation summarizing findings, risks, and recommendations
• Deliver security metrics and identify areas for improvement
• Conduct research on emerging security threats and technologies
• Participate in industry events and conferences to stay abreast of the latest security trends

Preferred Qualifications

• Exposure to cloud environments (AWS, Azure, or Google Cloud)
• Knowledge of managing IAM permissions with Terraform
• Understanding of the principles of least privilege
• Scripting language proficiency
• Familiarity with security tools such as SIEM, endpoint protection, and vulnerability scanners
• Experience with GitHub Dependabot

Benefits

• Medical, dental, and vision insurance
• Flexible time off
• Paid sick leave
• 12 weeks of fully-paid parental leave
• Annual learning and development stipend
• Internet stipend
• One-time home office set-up stipend
• 401(k) retirement plan with company match
• Incentive stock options