Sr Information Security Analyst (Hopkins, MN - Hybrid)

Digi International (Digi) is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services. We help our customers create next generation connected products, deploy, and manage critical communications infrastructures in demanding environments. Our embedded modules and off-the-shelf routers, gateways and network products are designed for relentless reliability and deliver unquestioned performance and security. Our cloud-based software and professional services help customers put their connected products and assets to work across a broad range of mission-critical industry applications. Founded in 1985, we have helped our customers connect over 100 million things and growing.

 

Location: Hybrid to Hopkins, MN global headquarters. 

 

Digi International is seeking a highly skilled and motivated Information Sr. Security Analyst to lead efforts to develop, deploy, and maintain robust security controls and defenses across the organization’s applications, products and services. Digi’s Information Sr. Security Analyst role is critical to ensure our information, applications, and products maintain high security standards throughout the lifecycle, meet industry standards, and protect our customers’ trust.

 

The ideal candidate will have a strong understanding of security best practices, risk management, and secure development processes, along with a passion for driving security excellence in a collaborative environment.  The Information Sr. Security Analyst will provide expertise direction, lead initiatives, and execute to safeguard the company’s information, applications, products and services against evolving security threats. 

 

• Participate in driving the overall security strategy for Digi International’s information, application, and product portfolio, ensuring alignment with company goals and industry best practices.
• Conduct comprehensive threat modeling, risk assessments, and security reviews including penetration testing for information, application, and products during the development lifecycle.
• Proactively identify potential cybersecurity risks and threats to Digi's landscape and utilize vulnerability management processes to further Digi’s security.
• Ensure information, applications and products meet regulatory and industry security standards (e.g., ISO 27001, OWASP, NIST, SOC2, PCI DSS, FIPS or GDPR). Maintain knowledge of emerging regulations and adapt strategies accordingly.
• Collaborate with IT, product, engineering, and development teams to ensure adherence to security protocols.
• Lead and coordinate efforts to incorporate artificial intelligence into software development and management.
• Coordinate with incident response teams to investigate and address security vulnerabilities or incidents. Act as the point of escalation for security issues and coordinate cross-functional response efforts.
• Stay up to date with emerging threats and vulnerabilities, recommending new solutions or technologies as needed.
• Provide advice and training to IT, business management, product development, and R&D teams about cybersecurity best practices and standards.
• Re-examine, improve, and modify information, application, and product development and management procedures to ensure they meet the company’s security requirements.
• Define and track security KPIs and metrics to continuously evaluate and improve the security posture of Digi’s products.
• Support Digi’s product security policies, standards, monitoring and exception processes.

 

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 7 years of experience in cybersecurity, with a focus on information, application, and/or product security.
• Strong understanding of cybersecurity principles, risk management, and threat mitigation.
• Ability to stay current with evolving security threats and industry trends.
• Experience with security audits, risk assessments, and penetration testing.
• Knowledge of secure system development lifecycle processes including security architectures, encryption technologies, and secure coding techniques.
• Understanding of security frameworks, compliance standards, and regulatory requirements (e.g., OWASP, NIST, SOC2, ISO, PCI DSS, GDPR, FIPS).
• Excellent communication, relationship management, and the ability to collaborate across business units and functions within complex organizations.

• Relevant certifications such as CISA, CISSP, CISM, or CEH.
• Experience in the IoT industry.
• Experience working within cloud security.
• Experience working within AI security.

 

Travel: <10% of the time.