Cybersecurity Analyst

The Cybersecurity Analyst is a hands-on role that involves evaluating and enforcing security and compliance controls. This position plays an integral role in protecting Cornerstone OnDemand from internal and external threats and works closely with our technology teams to define security best practices, perform architecture and design reviews, threat modeling, conduct security assessments, and support the identification, interpretation, and remediation of vulnerabilities across Cornerstone's tech stack. To be successful in this role, the Cybersecurity Analyst should have a strong background in information security and a proven track record of meeting deadlines.

**Preference for candidates to work hybrid in Santa Monica, California office but may consider other locations for remote role

• The Cybersecurity Analyst is a hands-on role that involves evaluating and enforcing security and compliance controls
• Conduct technical assessments using standard industry tools such as Nessus, Security Hub, Prisma Cloud, and Burp Suite Pro.

• Continuous Monitoring: Aid in the efforts of maintaining and enhancing current documentation, such as the POA&M and Deviation requests, as well aid in the development of strategies to ensure ongoing compliance

• Work closely with the Global Information Security and Compliance team to implement security standards across the organization
• Perform security and compliance assessments of IT systems and evaluate the design of technical controls and operating procedures against best practices
• Findings and evidence are collected, reviewed, presented in a clear and concise manner
• Build rapport with a cross-functional team of stakeholders to ensure findings are prioritized and addressed, balance business needs, security best practices, and compliance requirements effectively
• Assess and analyze cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards
• Document security related policies and procedures, and follow-up to validate accurate implementation
• Assist in response to internal and external audits, along with on-demand security assessments
• Research emerging technology in support of security enhancement and development efforts
• Facilitate use of cybersecurity tools such as eMASS, ZenGRC, RegScale to automate and manage compliance, risk assessments and continuous monitoring
• Embrace a culture of excellence, combining humility with ambition

• Have U.S. Citizenship, which is required to work in Cornerstone's U.S. Federal and DoD environments
• A willingness to obtain a US Government security clearance if required
• A bachelor's degree in IT/Computer Science or related field or equivalent experience
• Four or more years of experience in technology, IT security and/ compliance role
• Experience in working with compliance and regulatory program requirements, i.e., technical controls supporting SOC 2, ISO 27001, FISMA/FedRAMP, PCI, etc.
• Solid familiarity with general enterprise technology with focus on security and compliance such as architecture, firewall, router, load balancer, operating systems, SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, perimeter access controls, logical access controls, identity and access management, data loss prevention, application firewalls, vulnerability scanners, security incident response, Identity Access Management (IAM)
• Experience with application security tools and vulnerability management, such as SAST, DAST, penetration testing, container security, open-source vulnerability management
• Proven project management and organizational skills, specifically managing multiple concurrent projects and/ clients
• Excellent analytical, problem solving and decision-making skills, applied with a solution-focused attitude
• Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy