About The Job Role
The Senior Information Security Analyst will drive the Product security track of world-class products for Gainsight, a growing Software as a Service innovator which takes Security seriously. This role will own the security posture of features being developed across the technology stack. This role is key to security since it encompasses activities such as code review, architecture/design reviews, testing vulnerabilities, threat modeling, technology/third-party library risks, liaising with Engineering on secure design patterns, and consulting with product teams on remediation patterns. The role takes pride in driving product security across Engineering by closely interacting with the Architecture Council and Security world.
What You’ll Do Here
- Perform secure design and/or code reviews for vulnerabilities.
- Understand product in and out for finding design, functional, and technical security vulnerabilities.
- Champion application security paradigms and help implement remediations.
- Review scan results and advise appropriate remediations.
- Perform code release reviews for new changes being introduced for vulnerabilities.
- Understand and keep in sync with evolving production cloud configuration, application configuration, technology standards, and frameworks.
- Use industry-leading tools for validating application security issues, and drive adoption of those tools.
- Respond to presales requests for prospect queries on product security.
- Enable production releases of Gainsight’s industry-leading SaaS product by reviewing releases, with coaching, for security issues and signing off on releases as appropriate.
- Perform Proof of Concepts for new technology proposals for security posture.
- Consult with the Product organization spread across several teams for secure product development, review of their security concerns/remediation.
- Lead the organization in setting standards, procedures, and processes around Product Security with Engineering.
- Drive security culture with Engineering and own product security function.
What We’re Looking For
- 5-8 years of hands-on experience in Product security functions.
- Minimum 2-3 years of hands-on experience in coding or product development across any technology stack.
- Solid expertise in application security including OWASP Top 10 and appropriate processes for signing off releases/features using industry known appsec tools.
- Hands-on experience performing Vulnerability Assessment on applications and cloud infrastructure by clearly understanding the business and threat landscape across the industry.
- Demonstrated expertise in identifying security vulnerabilities using leading tools either using SAST, DAST or IAST.
- Prior experience in Threat modeling is preferred.
- At least one industry certification: CEH, GSEC, CompTia Security+, CISSP, ECSA or OSCP.
- Nice to have skills: AWS Cloud security, TOGAF or Java Certified Professional.
Why You’ll Love It Here
- Our Attitude: We’ve created a new industry from scratch, and we’re on the fast track!
- Our Leadership: We offer the leading tech solution for driving Customer Success.
- Our ROI: Reduce customer churn, increase up-sell, and improve customer satisfaction.
- Our Technology: Deep Salesforce.com hooks, predictive analytics, and highly scalable product with a beautiful user interface.
- Our Impact: We help our customers make millions of dollars more per year.
- Our Clients: Big companies like Box, Adobe, Marketo, and many others.
- Our Team: Tech all-stars from Facebook, Box, and others (and top consulting firms like BCG and McKinsey!).
- Our Values: They are unique - Golden Rule, Success for All, Childlike Joy, Shoshin, and Stay Thirsty, My Friends.
- Our Office: If you showed up one day, you might find anything from karaoke performances to mini-golf championships.
Here are our 5 core values:
- Golden Rule: We believe in trusting each other, and our community by exercising reliability.
- Success for All: We believe that success for our stakeholders comes with making a difference in each other’s lives.
- Child-like Joy: We aspire to experience passion, optimism, and laughter in everything we do.
- Shoshin: We believe in a beginner’s mind, and that learning comes from everywhere.
- Stay Thirsty, My Friends: We believe in an internally-driven strive for greatness.
Individuals seeking employment at Gainsight are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.