Information Security Technical Analyst
Remote / Online - Candidates ideally in
Oakland, Alameda County, California, 94612, USA
Listed on 2026-06-27
Oakland, Alameda County, California, 94612, USA
Listing for:
LanceSoft Inc
Contract, Remote/Work from Home
position Listed on 2026-06-27
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below
Duration: 1 year contract with possible extension
pay Range: 50
-54.80/hour on w2
Description:
- This role is within the Security Governance, Risk, and Compliance (SGRC) team, within
** Information Security Org. The SGRC team collaborates with cross-functional teams across *** (Security, Counsel, Engineering, Industry Relations, Procurement, and Product teams) to ensure
** products can launch anywhere in the world while maintaining compliance with industry, partner, regulatory information security standards, requirements, and obligations. - As an Information Security Technical Analyst, you will partner with various teams across
** in support of the execution of
** Information Security programs which primarily focuses on risk-reduction through vulnerability management, vendor security monitoring and reviews, development & implmentation of automated controls assessments. - You will report to the Security Risk, and V2 (Vulnerability & Vendor Security) Lead, and collaborate across
** as you contribute to the evolution and automation of security risk reduction programs across the organization to enable
** to take principled risks and unlock velocity. - This role is responsible for driving down the potential risks and impact of vulnerabilities by making expert-informed decisions regarding remediation guidance.
- Manage and maintain the flow of incoming vulnerability cases, including CVE notifications, cloud-based vulnerabilities, cloud misconfigurations, access control issues, web application vulnerabilities, and source code vulnerabilities.
- Conduct technical assessments of vulnerabilities to assist engineering teams and DRIs with remediation efforts, including the implementation of available patches where possible.
- Partner across security and product teams to identify and burn down vulnerabilities and security issues using a prioritized approach that is grounded in risk management principles.
- Research and report vendor advisories, zero days, bug trackers, and other sources for Client to analyze any potential impact to **.
- Manage the risk exception process by partnering across Security teams to identify areas of risk and collaborate with business units to make informed, risk-based decisions.
- Proactively identify opportunities to reduce toil by suggesting and championing the automation of manual triage, case management, and escalation workflows.
- Minimize recurring vulnerabilities by collaborating with partners to identify and solve root causes, ensuring long-term remediation.
- Monitor vulnerability metrics, including backlog status, historical trends, and remediation rates, to assess the overall security posture of the organization.
- Maintain runbooks or playbooks and document any new processes or procedures.
- Collaborate with Engineering and Compliance teams to manage pentest results and address PCI-related vulnerabilities.
- Support ongoing bug bounty programs with a third-party vendor and internal stakeholders to prioritize and fix vulnerabilities.
- Support ongoing and periodic security risk assessment exercises that involves identifying, evaluating and monitoring cybersecurity risks using both quantitative and qualitative methodologies
- Collaborate with cross-functional teams (engineering, product, others) to gather relevant data required for risk analysis, provide domain and subject matter expertise in security and risk.
- Support risk mitigation and control improvement actions to drive risk remediation.
- Support the adoption, evolution, and continuous improvement of a risk program.
- Five or more years of demonstrated security, intelligence, and risk management experience in a technology-focused company
- General understanding of cloud infrastructure (AWS, GCP, Azure), networking, and containerization
- Experience with scripting skills in designing and implementing security automation workflows
- Experience with multiple vulnerability scanning tools
- Deep technical understanding of common security vulnerabilities such as web application vulnerabilities, OWASP top 10, cloud vulnerabilities plus misconfigurations, and source code vulnerabilities
- Strong knowledge of risk countermeasures and compensating controls
- Ability to work independently and in a collaborative environment with excellent communication and interpersonal skills
- Fundamental knowledge of information security principles, including threats, vulnerabilities, and risk management
- Proficient in utilizing AI agents and workflows automation for process improvements
- Technical problem-solving mindset with strong work ethic, motivation, and results-driven attitude
- Hold security certifications such as CISSP, Security+, CySA+, or GIAC equivalent
- Minimum of 5 years of experience in Information Security, Information Technology, or a related field.
- Information Security degree prefered.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×