DESCRIPTION

At ActiveState, we’re dedicated to helping DevOps, InfoSec, and Development teams improve their security and get secure applications to market faster. We’re the only solution that offers Intelligent Remediation, a process that helps organizations prioritize vulnerabilities, assess the impact of updates, and quickly get fixes into production.
We’re looking for an Information Security Analyst to join our team. This is a great opportunity for a hands-on individual who is eager to learn and grow in the information security field. You’ll play a crucial role in supporting our security program by assisting with the development, implementation, and maintenance of policies and controls that protect our systems and assets.

This is a unique opportunity to contribute to security research that will directly influence our products and help protect millions of developers worldwide.

• You’re focused on our customers—Developers and DevOps Engineers. You understand that your role is to help solve their problems.
• You’re passionate about open source and want to learn more about the communities that build the software we all rely on.
• You’re a problem-solver. You enjoy finding the best approach to a challenge, thinking about customer issues, not just the technology itself.
• You’re a great communicator. You can explain technical topics clearly and concisely to help others understand what needs to be done.
• You have good judgment. You’re learning to prioritize tasks and understand which problems need immediate attention and which can wait.
• You’re a collaborator. You work well with others across different teams like Research, Product, and Engineering.
• You’re enthusiastic about our mission and want to help our platform become a global success.

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in Computer Science/Information Technology, or equivalent through specialized coursework and/or training.
• Recent graduate in relevant field up to 3 years experience or demonstrated knowledge of infosec frameworks and methodologies in information security, with a desire to learn about security research.
• Currently pursuing or have obtained a relevant security certification (e.g., CompTIA Security+, CEH)
• Basic understanding of the software development lifecycle (SDLC), including concepts like CI/CD pipelines.
• Familiarity with GDPR is a plus
• Experience with SOC II is a plus
• Knowledge of theory and principles within a professional IT discipline and basic cybersecurity practices (e.g. Familiarity with industry standards such as ITIL).
• A foundational understanding of IT and cloud environments.
• An eagerness to learn how to translate technical security risks into business impact.
• Interest in or some experience with scripting and programming (Python is a plus).
• Good written and verbal communication skills.
• A genuine passion for open-source software and a commitment to security.
• The ability to work independently and manage your time effectively.

• Assist in managing the cross-functional InfoSec Squad to maintain and enhance compliance management and continually monitoring, assessing and strengthening ActiveState’s security posture.
• Collaborate with Product, Engineering, and Business teams to embed security into systems and processes, ensuring compliance with secure development frameworks and driving continuous security improvements.
• Assist in implementing and maintaining information security policies, standards and guidelines for data governance, privacy, and access controls and leading audits as required.
• Assist in the maintaining SOC 2 Type 2 compliance and achievement of additional certifications, ensuring alignment with evolving industry regulations and frameworks (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI-DSS), while staying ahead of evolving standards, and continuously strengthening the overall security posture.
• Assist in risk assessments, vulnerability management, and incident response, including 24/7 monitoring, alert triage, initial investigations, and maintaining detailed records of these along with remediation efforts.
• Facilitate and support the execution of SAST, DAST, penetration testing, and other industry-leading security assessments to achieve organizational security objectives.
• Support the evaluation and management of third-party vendors to ensure they meet compliance and certification requirements.
• Coordinate and support security awareness and training programs to strengthen the security culture across the organization.
• Coordinate responding to security questionnaires with internal and external parties.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Contribute to security reporting and metrics to inform leadership decisions and drive continuous improvement efforts.
• Assist in configuring and maintaining security tools and systems, such as SIEM platforms and endpoint protection solutions, to ensure optimal performance and coverage.
• Perform daily review of CVEs and other vulnerability data related to our product offerings and produce the reports required for our teams to action them, including VEX documents, risk register, etc.