InfoSec - Sr. Risk & Compliance Analyst (US Federal)
Elastic (NYSE: ESTC) is a search company with a simple goal: to solve the world's data problems with products that delight and inspire. As the creators of the Elastic Stack, we help thousands of organizations including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, Verizon, and many more use Elastic to power mission-critical systems. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. We have a distributed team of Elasticians across 30+ countries (and counting), and our diverse open source community spans over 100 countries. Learn more at elastic.co
At Elastic, we have a simple goal: solve the world's data problems with products that delight and encourage. As the company behind the popular open source projects — Elasticsearch, Kibana, Logstash, and Beats — we help people around the world do great things with data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are reinventing what's possible with data and delivering on the promise that good things come from connecting the dots. The Elastic family unites 1000+ Elasticians across 30+ countries into one closely knit team, while the broader community spans over 100 countries.
We’re always on the search for amazing people. People who have a real passion for what they do and are masters at their craft. We are looking for a Senior Risk and Compliance Analyst - US Fed to join our Information Security (InfoSec) team. The InfoSec team leads the strategy, policy, and programs for information security company-wide. Our responsibilities include risk management, implementing a holistic security program, driving compliance initiatives, recommending and implementing security controls, preventing and detecting security threats, and handling incident response. We do all of this in a globally distributed company, thinking differently about how to best achieve critical information security objectives.
- Are you an experienced and passionate risk and compliance analyst with a focus on public sector security compliance?
- Do you want to work on a sophisticated, distributed platform for collecting, enriching, and analyzing data, and with over 120 million downloads and it is powering critical use-cases for startups and the Fortune 500 alike?
- Do terms like FIPS, STIG, and FedRAMP excite you?
What you will be doing:
- Updating and improving existing STIG product guidance
- Updating and expanding RMF product guidance
- Guiding engineering to acquire and maintain FedRAMP authorization for services
- Partnering with Engineering to build roadmaps and plans to support and maintain FIPS compliance
- Assisting across the organization to support additional compliance activities, such as ISO, HIPAA, and PCI
What you've done:
- Defined hardening standards for complex systems
- Implemented and/or audited NIST 800-53 controls
- Developed processes and materials to support the adoption of a COTS product in regulated US government environments
- Shepherd a product’s security artifacts through government review, such as the DISA STIG process
- Gain a deep understanding of current industry security practices and trends
- Defined secure coding and auditing practices
We're looking to hire team members invested in realizing the goal of making real-time data exploration easy and available to anyone. As a distributed company, we believe that diversity drives our vibe. Elastic is the type of company where you can balance great work with great life.
- Competitive pay based on the work you do here and not your previous salary
- Global minimum of 16 weeks of paid in full parental leave (moms & dads)
- Generous vacation time and one week of volunteer time off
- Your age is only a number. It doesn't matter if you're just out of college or your children are; we need you for what you can do.
Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.
Additional Information - We Take Care of Our People
At Elastic, we strive to have parity of benefits across regions. While regulations differ from place to place, we believe taking care of people is the right thing to do.
- Health coverage for you and your family.
- Flexible location and schedule for many roles.
- Generous number of vacation days each year.
- Double your charitable giving — we match up to 1% of your salary.
- Up to 40 hours each year to use toward volunteer projects you love.
When you apply to a job on this site, the personal data contained in your application will be collected by Elasticsearch, Inc. (“Elastic”) which is located at 800 W. El Camino Real, Suite 350 Mountain View, CA 94040 USA, and can be contacted by emailing email@example.com. Your personal data will be processed for the purposes of managing Elastic’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by Elastic, which are the solicitation, evaluation, and selection of applicants for employment. Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Elastic to help manage its recruitment and hiring process on Elastic’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the standard contractual clauses. You can obtain a copy of the standard contractual clauses by contacting us at firstname.lastname@example.org. Elastic’s data protection officer is Daniela Duda, who can be contacted at email@example.com. We plan to keep your data until our open role is filled. We cannot estimate the exact time period, but we will consider this period ended when a candidate accepts our job offer for the position for which we are considering you. When that period is over, we may keep your data for an additional period no longer than 3 years in case additional opportunities present themselves in which yours skills might be better suited. For additional details, please see our Elastic Privacy Statement https://www.elastic.co/legal/privacy-statement.
Notify Me of Open Positions
Sign up to receive emails when Elastic posts open positions you might be interested in: