This job might no longer be available.

Information Security Analyst

Position Intro

Linden Research, Inc. dba Linden Lab develops platforms that empower people to create, share, and benefit from virtual experiences. Founded in 1999, the company first launched Second Life, the groundbreaking virtual world enjoyed by millions around the globe, in 2003, which has since gone on to boast nearly two billion user creations and a vibrant $500 million (USD) economy.

Tilia Inc. is a wholly-owned subsidiary of Linden Research, Inc., and a licensed money transmitter in the U.S. Tilia Pay enables publishers of video games and virtual worlds to create in-world economies and monetize user interaction. Built from the ground up to be robust, flexible, and secure, Tilia Pay powers virtual economies of leading and cutting edge publishers with hundreds of millions of dollars in circulation.

Primary Functions

As an Information Security Analyst you will work with engineering, product, legal and compliance teams to help provide a secure customer experience and to develop and enhance security solutions for Tilia Pay and Second Life.

You will:

• Support the security team, the compliance team, and an engineering team servicing nearly 200 employees and contractors.
• Facilitate vendor risk assessments and security reviews.
• Ticket and track vendor and cloud security maintenance work.
• Facilitate security training for cloud IaaS.
• Provide reporting on the security program for vendors and internal tools.

Responsibilities

• Perform third-party risk assessments and annual vendor reviews, verifying the implementation of Complementary User Entity Controls (CUECs/UCCs).
• Recommend and audit security configuration standards for cloud services to include, but not limited to, AWS, Google, and Azure.
• Ticket and track actionable information pertaining to risk discovery, and recommend alerting and reporting to support secure operations.
• Review technical team responses to information security reports and alerts, ensuring adequate triage, response, and escalation.
• Alerts include logs from LaceWork (IDS, HIDS, NIDS), web application firewalls, AWS CloudTrail, GCP Audit Logs, and proprietary vulnerability management and incident detection tools.
• Work with engineering teams to map all storage and processing of customer data, including but not limited to personally identifying information, authentication information, and payment data.
• Recommend and track AWS, GCP, and Azure security training for engineering teams; you will be required to evaluate training options and develop a basic understanding of the security requirements appropriate to each environment.
• Act as first point of contact for questions about vendor security, including AWS, GCP, and Azure environments. This requires that you maintain familiarity with corporate security policies and procedures.
• Assist with routine evidence collection for external audits and regulatory exams.

Knowledge, Skills, Abilities

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Deep networking knowledge in office, cloud IaaS, and public network contexts.
• In-depth knowledge of the security assessment lifecycle.
• Ability to identify and document security issues.
• Excellent written and verbal communication skills.
• Excellent organizational, analytical, and problem-solving skills.
• Strong interpersonal, oral and written communication skills.
• Self-driven education to stay abreast of security developments and threats.
• Detail-focused, adherent to procedures.
• Other duties may be assigned.

Completion of AWS Certified Security Specialty certification and Google Cloud Professional Security Engineer training are required for this position, but are not an initial requirement. Training will be provided by Tilia Inc.

The Security Team is highly supportive of additional ongoing training to help you stay abreast of new tools and technologies.

Education

• Bachelor’s degree or 4+ years industry experience.
• Cloud Engineering and Security certifications are a plus.
• IT Networking and Security certifications (e.g., Network+, Security+, CySA+, CISSP) are a plus.

Experience

• 4+ years experience in the data security principles needed to implement security controls and oversee data security practices.
• Understanding of NIST, DISA STIG and/or CIS frameworks and security best practices.
• Strong Linux fundamentals preferred.
• Proficiency in one or more programming languages is a plus.
• Experience with integrating security into development lifecycles and providing advice on secure product design is a plus (DevOps, SecDevOps, DevSecOps).
• Experience with Vulnerability Assessment tools and applications is a plus.
• Experience with privacy legislation, including GDPR and CCPA is a plus.
• Experience with PCI compliance (PCI-DSS) is a plus.

Travel Requirements

Although this is a fully remote position, there is a possibility of infrequent visits to our San Francisco headquarters, or our satellite offices in Seattle, Boston, and Virginia.

Physical Demands & Work Environment

The physical demands and work environment described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use the computer and communicate with coworkers in an office environment. The employee frequently is required to stand or sit to complete work and may occasionally lift and/or move up to 10 pounds.

Linden Lab seeks to maintain a diverse and welcoming workplace; therefore candidates from all backgrounds are encouraged to apply.

Fine Print :

The statements herein are intended to describe the general nature and level of work being performed by employees in this job. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.