Overview
Our mission is simple. We make business travel less complicated for travelers, less costly for employers and more profitable for service providers. Using our industry-leading software solutions, employees book travel and car service and report those expenses faster and more easily than ever before. Corporations control costs more effectively. Travel management companies deliver more engaging customer experiences. Car service operators benefit from new efficiencies and widen their customer reach. In other words, everybody wins. We've helped thousands of forward-thinking companies modernize their systems, improve travel management and save money. Deem is backed by leading venture capital funds as well as corporate and private equity investors. The company is headquartered in San Francisco, CA and has an office in Bangalore, India.
We are seeking an experienced, talented, energetic, hands-on, and proactive Information Security Analyst to maintain and operate Deem's Information Security programs. You will be responsible for developing policies and driving processes based on a combination of threat intelligence and regulatory compliance.
Responsibilities

• Advise senior management in the development, implementation and maintenance of a company-wide information security infrastructure, and ensure appropriate control objectives for system integrity, confidentiality, accountability and assurance within the context of the company's risk tolerance.
• Ensure conformance with enterprise policy standards, which include monitoring metrics, response integration and escalation, and various risk analysis.
• Maintain internal governance and recommend adjustments as threats and practices evolve.
• Operate the information protection effort to comply with industry standard audits including (SSAE-18, SOC , PCI 3.2).
• Determine security violations and inefficiencies by conducting periodic internal audits.
• Develop a prioritized plan to close security gaps. Work with engineering teams (product & operations) to implement solutions.
• Be hands-on where/when appropriate, in installing and evaluating security tools.
• Install and maintain security management and monitoring tools in corporate and production environments, including vulnerability scanning, SEIM, IDS, etc.
• Make sound, well-reasoned recommendations on vendor and tool selection.
• Provide security consultation as needed for product development and industry marketing solutions.
• Manage Internal Penetration Testing & Vulnerability Assessment Tools and Programs.
• Investigate security incidents and recommend actions needed to resolve situations.
• Work with product engineering to test for and fix vulnerabilities in the product code.
• Develop content for and administer Employee Security Training Programs.

Skills & Requirements
Qualifications

• 3 years in the technology industry, 3 in an information security role
• Expert knowledge of identity management, IDS, SEM/SIEM, WAF
• Industry-standard certifications: CISSP, or equivalent
• Expertise in compliance standards, most notably PCI and SSAE16
• Experience leading security and compliance audits
• Thorough understanding and up-to-date knowledge of the web security threats (XSS, code injection, etc.)
• Strong troubleshooting and forensic skills and ability to effectively work in cross functional teams as needed to resolve issues
• Strong written, oral, and interpersonal communications skills
• Capable of performing penetration tests and collaborating with Engineering on the static security analysis and remediation
• Coding experience with Ruby, Java, Python, Javascript, Bash, or C# are nice to have

Qualifications