At Elastic, we have a simple goal: solve the world's data problems with products that delight and encourage. As the company behind the popular open source projects — Elasticsearch, Kibana, Logstash, and Beats — we help people around the world do great things with data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are reinventing what's possible with data and delivering on the promise that good things come from connecting the dots. The Elastic family unites 1000+ Elasticians across 30+ countries into one closely knit team, while the broader community spans over 100 countries.
We’re always on the search for amazing people. People who have a real passion for what they do and are masters at their craft. We are looking for a Senior Risk and Compliance Analyst - US Fed to join our Information Security (InfoSec) team. The InfoSec team leads the strategy, policy, and programs for information security company-wide. Our responsibilities include risk management, implementing a holistic security program, driving compliance initiatives, recommending and implementing security controls, preventing and detecting security threats, and handling incident response. We do all of this in a globally distributed company, thinking differently about how to best achieve critical information security objectives.
Are you an experienced and passionate risk and compliance analyst with a focus on public sector security compliance?
Do you want to work on a sophisticated, distributed platform for collecting, enriching, and analyzing data, and with over 120 million downloads and it is powering critical use-cases for startups and the Fortune 500 alike?
Do terms like FIPS, STIG, and FedRAMP excite you?
What you will be doing:
Updating and improving existing STIG product guidance
Updating and expanding RMF product guidance
Guiding engineering to acquire and maintain FedRAMP authorization for services
Partnering with Engineering to build roadmaps and plans to support and maintain FIPS compliance
Assisting across the organization to support additional compliance activities, such as ISO, HIPAA, and PCI
What you've done:
Defined hardening standards for complex systems
Implemented and/or audited NIST 800-53 controls
Developed processes and materials to support the adoption of a COTS product in regulated US government environments
Shepherd a product’s security artifacts through government review, such as the DISA STIG process
Gain a deep understanding of current industry security practices and trends
Defined secure coding and auditing practices
We're looking to hire team members invested in realizing the goal of making real-time data exploration easy and available to anyone. As a distributed company, we believe that diversity drives our vibe. Elastic is the type of company where you can balance great work with great life.
Competitive pay based on the work you do here and not your previous salary
Global minimum of 16 weeks of paid in full parental leave (moms & dads)
Generous vacation time and one week of volunteer time off
Your age is only a number. It doesn't matter if you're just out of college or your children are; we need you for what you can do.
Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.