Information Security Analyst

• Develop and implement comprehensive information security plans to safeguard the security of company data and assets, including on-premise and cloud environments
• Thoroughly analyze the company's business processes and data characteristics, and combine industry best practices and frameworks such as NIST Cybersecurity Framework (CSF) to create customized security plans, ensuring the confidentiality, integrity, and availability of information assets in various scenarios
• Create security policies and ensure that the company's operations are in strict compliance with industry standards (e.g., ISO 27001, NIST, GDPR) and regulatory requirements
• Continuously monitor industry trends and regulatory changes, and adjust security policies in a timely manner to provide a solid security and compliance framework for the company's business operations
• Maintain and enhance security measures for systems, networks, and public cloud platforms (e.g., AWS, Azure, GCP) to prevent potential threats
• Utilize advanced technical means and tools to conduct real-time monitoring and risk early warning of systems, networks, and cloud environments, promptly detect and block various attack behaviors, and ensure the stable and secure operation of IT infrastructure
• Monitor security events in real-time, respond promptly to emergencies, and effectively mitigate risks
• Build an efficient security monitoring platform, use intelligent analysis technology to promptly capture abnormal behaviors, activate emergency response plans, and minimize the impact of security incidents
• Develop and deliver security training programs to enhance employees' security awareness and encourage their adherence to best practices
• Design targeted training courses according to the needs of different positions and use diverse training methods to ensure that employees have a deep understanding of and implement security requirements
• Oversee user access controls, regularly review permissions, and ensure secure identity management
• Implement a strict access control mechanism, Conduct regular audits of user permissions, and use reliable identity management systems to prevent unauthorized access and ensure the security of company resources
• Conduct comprehensive risk assessments, identify vulnerabilities, and implement effective mitigation strategies
• Use scientific risk assessment methods and frameworks such as NIST CSF to evaluate potential threats and vulnerabilities, formulate corresponding mitigation measures based on the assessment results, and continuously improve the company's security defense capabilities

• Bachelor’s degree in Information Security, Computer Science, or a related field
• Minimum of 5 years of experience in information security, with a strong background in security event analysis, incident response, vulnerability management, and risk assessment
• Hands-on experience with public cloud security (e.g., AWS, Azure, GCP), including cloud-native security tools and best practices
• Familiarity with security regulatory compliance standards and frameworks such as NIST CSF, ISO 27001, and CIS
• Knowledge of network security principles, intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection
• Strong analytical and problem-solving skills, with the ability to quickly identify and mitigate security threats

Relevant security certifications such as CISSP, CISM, CEH

• medical
• vision
• dental
• life and disability insurance
• eligibility to enroll in company 401(k) plan