Homeoffice Product Security Sr. Analyst na RunBuggy OMI Inc.

Description

About Us:

RunBuggy is the most technically advanced automotive logistics platform on the market. Period.

Backed by Porsche Ventures and Hearst Ventures, RunBuggy is transforming the way cars move. Our cutting-edge technology is trusted by some of the largest OEMs, captive finance companies, and automotive lenders in the world to streamline vehicle transportation at scale.

RunBuggy’s end-to-end platform connects car shippers and haulers in real time - eliminating the friction of traditional load boards and costly custom software. For shippers, RunBuggy integrates directly into existing management systems, reducing transportation costs and accelerating delivery timelines. For transporters, we offer a smarter, more profitable way to find, accept, and manage loads - all from a single app.

Since launching in 2019, RunBuggy has grown to over 150 team members, facilitated the movement of hundreds of thousands of vehicles, and attracted tens of thousands of transporters across the U.S.

We’re not just building a better logistics platform - we’re redefining the future of automotive transportation.

About the Role:

The Senior Analyst for Product Security plays a critical role in safeguarding our products and supporting infrastructure. This position is responsible for identifying and mitigating emerging threats, managing product-related security issues, and leading the vulnerability management program across the product lifecycle.

Requirements

What You Will Be Doing::

• Responsible primarily for day-to-day product vulnerability management services and supporting infrastructure.
• Ensure product vulnerabilities are identified, prioritized, and remediated, in particular, decreasing the backlog of existing product vulnerabilities.
• Ensure that releases and product changes are reviewed and approved by the Security Team.
• Collaborate with engineering teams to understand product vulnerability management needs and assist with remediation and mitigation strategies.
• Build relationships with various teams and technology owners to decrease the likelihood of friction or roadblocks.
• Schedule and assist with remediation efforts from external and internal penetration tests and assessments.
• Perform analysis of scan results, assign risk ratings for product vulnerabilities, and help prioritize remediation efforts.
• Help establish and operationalize key performance indicators, reporting, and metrics to track the maturity of the product vulnerability program.
• Oversee and help execute manual code review of key product components for security improvements.
• Help drive the security and privacy product requirements process across RunBuggy’s product lines, implementing security early in the product roadmap.
• Execute on an agreed-upon risk prioritization framework in conjunction with engineering, product, development, operations, and the Sr. Director of Security and Audit who outlines the highest risk items for action to improve RunBuggy’s product security.
• Collaborate with product and sales engineering teams for hardening applications, APIs, and micro services with security built into the services.
• Help influence new deployment models, including containers, cloud platforms, SaaS, etc., with security built into the platform.
• Help drive identification of software security findings throughout the lifecycle and the reduction of risk, working with relevant stakeholders.
• Maintain current knowledge of the RunBuggy threat landscape, including attacker tactics, techniques, and procedures.
• Other duties as assigned.

What You Bring to the Team by Way of Skills and Experience:

• Demonstrated understanding of cybersecurity threats and vulnerability management and related IT domains.
• 3+ years’ relevant experience as a Vulnerability Analyst.
• A degree in Computer Science, IT, Systems Engineering, or a cybersecurity-related qualification is preferred.
• Experienced as a security analyst supporting product vulnerability management processes in a cloud environment, such as AWS, EKS, Docker, etc.
• Hands-on experience with vulnerability management tools such as AWS Inspector, SonarCube, etc.
• Knowledge of containerized web application architecture and related vulnerabilities and issues.
• Deep understanding of vulnerability management, including risk assessment and remediation planning.
• Knowledge of the latest trends and awareness of current hacking techniques and cybercrime.
• Understanding of secure cloud network architectures, including CloudFormation, Kubernetes, and MongoDB.
• Experience with software development and delivery for a SaaS company.
• Familiarity with cyber security frameworks, such as NIST CSF.
• Attention to detail, QA skills, the ability to “think forward,” adept at problem solving and addressing issues and complications before they expand.

Certificates, Licenses, and/or Registrations:

• Professional certifications such as Certified Ethical Hacker (CEH), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Cloud Security Professional (CCSP) are preferred.

What is in it for You and Why you Should Apply:

• Market-competitive pay based on education, experience, and location. 
• Highly competitive medical, dental, vision, Life w/ AD&D, Short-Term Disability insurance, Long-Term Disability insurance, pet insurance, identity theft protection, and a 401(k) retirement savings plan.
• Employee wellness program. 
• Employee rewards, discounts, and recognition programs.
• Generous company-paid holidays (12 per year), vacation, and sick time.
• Paid paternity/maternity leave.
• Monthly connectivity/home office stipend if working from home 5 days a week.
• A supportive and positive space for you to grow and expand your career.

Pay Range Disclosure: 

The advertised range represents the expected pay range for this position at the time of posting based on education, experience, skills, location, and other factors. 

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

RunBuggy is an equal-opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination, harassment, and retaliation on the basis of race, color, religion, sex (including gender identity and sexual orientation), pregnancy, parental status, national origin, age, disability, genetic information, or any other status protected under federal, state, or local law.