Information Security Senior Analyst

Summary

Join Rubrik's Information Security team as a Senior Analyst, focusing on Public Sector Compliance. This role bridges technology and US government security requirements, involving hands-on testing, collaboration with engineers, and identifying/remediating control gaps. You will drive key compliance activities for certifications like Common Criteria and DISA STIG, perform technical analysis and testing, translate complex standards into actionable tasks, and develop essential documentation. The position requires strong technical aptitude, analytical problem-solving skills, and excellent communication and collaboration abilities. Success is measured by your ability to effectively identify control gaps and collaborate with others to facilitate their remediation. This is a hands-on role where you will rapidly develop expertise and become a go-to resource for public sector security.

Requirements

• Education: Bachelor’s degree or equivalent (preferably in a relevant field); supporting certifications (e.g., Security+, CISSP, CISA) a plus
• 5+ years of experience in a technical role such as Software/Systems Engineering, IT Infrastructure, Technical Program Management, Solutions Engineering, Backup Administration, or a similar field. Direct compliance experience is a plus, but not a prerequisite for a candidate with strong, transferable skills
• Technical Aptitude: You have a proven ability to learn and understand complex technical subjects. You enjoy digging into how things work and are comfortable with concepts related to software configuration, networking, operating systems (Linux preferred), AI, and enterprise software
• Analytical Problem-Solver: You are skilled at breaking down large, complex problems (like a government standard) into smaller, manageable parts and creating a plan to address them. You are transparent about your approach and rationale, and seek to involve others as needed so you can solve for a problem’s root cause(s) vs. chasing symptoms
• Strong Communicator & Collaborator: You can clearly articulate technical concepts both verbally and in writing, and have experience producing technical documentation, project plans, road maps, presentations, and reports. You build solid relationships and work effectively with cross-functional teams
• Organized & Driven: You are a proactive self-starter who can structure a work plan or road map and manage multiple project streams and assignments concurrently. You prioritize and set delivery expectations effectively, find answers, and hold yourself accountable to deliver high-quality work with minimal supervision

Responsibilities

• Drive Key Compliance Activities: Take ownership of critical work assignments for essential government certifications such as Common Criteria, DISA STIG, DoDIN APL, Section 508 accessibility, and secured personnel facility visit coordination
• Perform Technical Analysis & Testing: Conduct hands-on security testing and evaluation (ST&E) against product security baselines or standards. You will identify gaps, document findings, and partner with internal teams to close gaps and drive remediation
• Translate Requirements into Action: Work closely with Product Management and Engineering to translate complex compliance standards (like NIST SP 800-171 / CMMC) into clear, actionable Jira tickets and development requirements
• Develop Essential Documentation: Author and contribute to definitive compliance artifacts, including gap analyses, test plans, security control traceability matrices (SCTM), hardening guidance, and sections of our System Security Plans
• Become a Subject Matter Expert: Develop a deep understanding of selected Rubrik products and how to configure and operate them securely, becoming a trusted advisor on hardening best practices for federal environments
• Know, acknowledge, and follow system-specific security policies and procedures
• Protect data and individual privacy per requirements and regulations
• Perform ongoing activities in compliance with service and contractual obligations
• Participate in role-based training, completing assignments on a timely basis
• Report security issues promptly, and aid investigation when needed
• Support controlled changes and vulnerability remediation activities; and
• Work collaboratively with Information Security in designing, implementing, assessing or enhancing system-specific security and privacy controls

Preferred Qualifications

• Familiarity with compliance frameworks like NIST RMF, NIST SP 800-53, or FedRAMP
• Prior exposure to government security standards (STIGs, FIPS, CMMC)
• Experience with tools like Jira, Confluence, and LucidChart/Visio

Benefits

• Bonus potential
• Equity