Senior Information Security Analyst
Vesync
- Tustin, California, United States
- Tustin, California, United States
Über
We’re a young and energetic company that has achieved tremendous success and is constantly growing our team. Our industry accolades include CES Innovation, iF Design, IGA, and Red Dot awards, and we need driven, talented people to join us.
The Opportunity We are seeking a highly skilled and strategic Senior Information Security Analyst to spearhead the protection of our enterprise data, systems, and hybrid infrastructure (On-Premise and Multi-Cloud). In this role, you will balance technical execution with strategic planning—developing comprehensive security plans, establishing robust compliance frameworks, and engineering real‑time monitoring solutions. As a senior member of the team, you will act as a defender, a strategist, and a mentor, utilizing advanced technologies to mitigate risk, drive security awareness, and foster a culture of continuous improvement.
Must be bilingual in Mandarin (read, write, speak).
What you will do at VeSync Information Security Planning
Develop and implement comprehensive information security plans to safeguard the security of company data and assets, including on-premise and cloud environments.
Analyze the company’s business processes and data characteristics, and combine industry best practices and frameworks such as the NIST Cybersecurity Framework (CSF) to create customized security plans, ensuring the confidentiality, integrity, and availability of information assets in various scenarios.
Policy Development and Compliance
Create security policies and ensure that the company’s operations are in strict compliance with industry standards (e.g., ISO 27001, NIST, GDPR) and regulatory requirements.
Continuously monitor industry trends and regulatory changes, adjusting security policies in a timely manner to provide a solid security and compliance framework for the company’s business operations.
System, Network and Cloud Security
Maintain and enhance security measures for systems, networks, and public cloud platforms (e.g., AWS, Azure, GCP) to prevent potential threats.
Utilize advanced technical means and tools to conduct real‑time monitoring and risk early warning of systems, networks, and cloud environments, promptly detect and block various attack behaviors, and ensure the stable and secure operation of IT infrastructure.
Security Monitoring and Incident Response
Monitor security events in real‑time, respond promptly to emergencies, and effectively mitigate risks.
Build an efficient security monitoring platform, use intelligent analysis technology to promptly capture abnormal behaviors, activate emergency‑response plans, and minimize the impact of security incidents.
Conduct red/blue team exercises.
Security Awareness and Training
Develop and deliver security training programs to enhance employees’ security awareness and encourage their adherence to best practices.
Design targeted training courses according to the needs of different positions and use diverse training methods to ensure that employees have a deep understanding of and implement security requirements.
Access Control and Identity Management
Oversee user access controls, regularly review permissions, and ensure secure identity management.
Implement a strict access control mechanism, conduct regular audits of user permissions, and use reliable identity management systems to prevent unauthorized access.
Risk Assessment and Management
Conduct comprehensive risk assessments, identify vulnerabilities, and implement effective mitigation strategies.
Use scientific risk assessment methods and frameworks such as NIST CSF to evaluate potential threats and vulnerabilities, formulate corresponding mitigation measures, and continuously improve the company’s security defense capabilities.
Develop risk KPIs and metrics.
Documentation and Mentorship
Document cyber security controls, detection rules, and playbooks.
Mentor team members.
What you bring to the role
Bachelor’s degree in Information Security, Computer Science, or a related field.
8+ years of experience in information security, with a strong background in security event analysis, incident response, vulnerability management, and risk assessment.
Must be bilingual in Mandarin (read, write, speak).
Hands‑on experience with public cloud security (e.g., AWS, Azure, GCP), including cloud‑native security tools and best practices.
Familiarity with security regulatory compliance standards and frameworks such as NIST CSF, ISO 27001, and CIS.
Familiar with AWS security suites.
Familiar with security scorecards, SIEM tools and dashboards (Splunk, QRadar, Rapid7, Wazuh).
Experience with OneTrust, Drata or similar tools.
Knowledge of network security principles, intrusion detection/prevention systems (IDS/IPS), firewalls, and endpoint protection.
Understanding of network security principles to ensure the company’s security compliance and build a robust security defense system.
Strong analytical and problem‑solving skills, with the ability to quickly identify and mitigate security threats.
Relevant security certifications such as CISSP, CISM, CEH are a plus.
Location
This is an on‑site, office‑based role in Tustin, CA.
Salary
Starting at $125K
Perks and Benefits
100% covered Medical/Dental/Vision insurance for employee and spouse + dependents.
401K with 4% employer match (eligible after 90 days of employment) and immediate 100% vesting.
Generous PTO policy + paid holidays.
Life Insurance.
Voluntary Life Insurance.
Disability Insurance.
Critical Illness Coverage.
Accident Insurance.
Healthcare FSA.
Dependent Care FSA.
Travel Assistance Program.
Employee Assistance Program (EAP).
Fully stocked kitchen.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.