InfoSec - Security Assurance Analyst EMEA
Principal Information Security Analyst
At Elastic, we have a simple goal: to solve the world's data problems with products that delight and inspire. As the company behind the popular open source projects — Elasticsearch, Kibana, Logstash, and Beats — we help people around the world do great things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. The Elastic family unites employees across 32 countries into one coherent team, while the broader community spans across over 100 countries.
We’re always on the search for amazing people. People who have deep passion for what they do and are masters at their craft. Right now we are looking for a Senior Security Assurance Engineer to join our Information Security (InfoSec) team. The InfoSec team leads the strategy, policy, and programs for information security company-wide. The team’s responsibilities include risk management, implementing a holistic security program, driving compliance initiatives, recommending and implementing security controls, preventing and detecting security threats, and managing incident response. It is doing all of this in a globally distributed company, thinking differently about how to best achieve critical information security objectives.
You will thrive in navigating ambiguity, adapt quickly to a changing environment, take a global view, be data driven and have a passion for optimizing process and structure. You balance in-depth individual solution design with the broader control environment, articulating how all the components are connected and working together to manage risk. We’re looking for people with strong influencing and customer service skills who are effective collaborating with multiple teams and building strong relationships with stakeholders.
What you will be doing:
- Continuously innovate new methods to design, implement, monitor and assess the Elastic control environment with a focus on automation and continuous control monitoring
- Dive deep into the Elastic control environment to develop a technical understanding of control implementations. Visualize and articulate conformance implications to internal and external stakeholders
- Set strategic direction, drive knowledge management, coordinate improvement efforts, and monitor process improvement effectiveness for continuous control monitoring and governance
- Provide broad domain and technical knowledge in AWS, GCP, and Azure security and control solutions
- Monitor, evaluate, and continuously improve the organization’s control environment by being a trusted advisor, facilitator, and creative problem solver in partnership with other teams across the organization
- Share tools and best practices that can be embraced throughout the organization
- Contextualize control implementation and impact, describe considerations for applying security and control concepts to a technical cloud environment and globally distributed organization
- Apply a working knowledge of global information security regulation and policy to design effective and relevant technical controls
- Be an integral part of a highly technical team with high expectations on their ability to deliver quality work on a regular basis
What you bring along:
- Minimum 4 years, architecting, designing, and implementing security efforts in a complex, global, cloud-based enterprise environment
- Minimum 6 years experience with information security and controls (CISSP or CISA certification a plus)
- Demonstrated ability to think innovatively about solving critical security problems
- Have experience in automating control monitoring, mitigation, visualization, and reporting to measure control conformance and risk exposure impact
- Have a clear understanding of cloud computing services/deployment architecture
- Have a working knowledge of NIST 800-53, ISO 27001/27002, PCI DSS, Sarbanes-Oxley, and SOC standards
- Have an understanding of evaluating the design and effectiveness of IT controls; experience in working directly with auditors for these types of assessments
- Experience defining certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule
- Experience with scripting a plus
- Experience with using the Elastic stack a plus
- BS/BA degree (MBA or Masters is a plus)
- Be Great!
We're looking to hire team members invested in realizing the goal of making real-time data exploration easy and available to anyone. As a distributed company, we believe that diversity drives our vibe! Whether you're looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life.
- Competitive pay based on the work you do here and not your previous salary
- Stock options
- Global minimum of 16 weeks of paid in full parental leave (moms & dads)
- Generous vacation time and one week of volunteer time off
- Your age is only a number. It doesn't matter if you're just out of college or your children are; we need you for what you can do.
Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.
Vacancy page : https://boards.greenhouse.io/elastic/jobs/1258735