Senior Information Security Analyst

Summary

Join GoFundMe as a Senior Security Analyst and contribute to building a secure platform for global giving. You will build and improve vulnerability handling capabilities, coordinate with internal teams, maintain a knowledge base, and provide sales support. Responsibilities include conducting security assessments, collaborating on architecture decisions, handling vulnerability reports, delivering security training, and participating in incident response. The role requires 3+ years of experience in designing and building secure systems, experience with vulnerabilities, OWASP Top 10, cloud security, and secure code review. Excellent communication skills are essential. GoFundMe offers competitive benefits, including comprehensive healthcare, financial assistance, generous parental leave, flexible time-off, and wellness resources.

Requirements

• 3+ years designing and building secure systems with engineering teams
• Experience with VSQs and the overall state of the industry for handling them, as well as improving that state
• Experience with OWASP Top 10 and other industry standards
• Experience with securing cloud infrastructure
• Understanding of web application architecture and design principles
• Prior experience working in a regulated environment
• Experience in secure code review in languages such as: PHP, Python, Kotlin, JavaScript, and TypeScript
• Excellent written and verbal communication skills

Responsibilities

• Build and improve our VSQ handling capabilities
• Coordinate with many different internal teams for VSQs
• Maintain and iterate on a VSQ knowledge base
• Provide sales support for VSQ-related activities
• Conduct regular application security assessments with team members
• Collaborate with engineering teams on architecture decisions and review pull requests
• Help handle application vulnerability reports received through third-party sources, review, prioritize, and work with the relevant engineering teams to remediate them
• Assist with the delivery of secure coding training
• Participate in security initiatives from brainstorming sessions to implementation
• Work with incident response teams and participate in post-mortem investigation of security incidents
• Participate in on-call rotation

Benefits

• Make an Impact : Be part of a mission-driven organization making a positive difference in millions of lives every year
• Innovative Environment : Work with a diverse, passionate, and talented team in a fast-paced, forward-thinking atmosphere
• Collaborative Team : Join a fun and collaborative team that works hard and celebrates success together
• Competitive Benefits : Enjoy competitive pay and comprehensive healthcare benefits
• Holistic Support : Enjoy financial assistance for things like hybrid work, family planning, along with generous parental leave, flexible time-off policies, and mental health and wellness resources to support your overall well-being
• Growth Opportunities : Participate in learning, development, and recognition programs to help you thrive and grow
• Commitment to DEI : Contribute to diversity, equity, and inclusion through ongoing initiatives and employee resource groups
• Community Engagement : Make a difference through our volunteering and Gives Back programs