Security Analyst
Capricor Therapeutics, Inc.
17 days ago
Remote friendly (San Diego, CA)
United States
$120,000 - $140,000 USD yearly
IT
Responsibilities:
- Monitor, triage, and respond to security alerts across endpoint, email, and SIEM.
- Investigate incidents impacting GMP/regulated environments and SOX in-scope systems.
- Execute incident response procedures; maintain audit-ready incident/remediation documentation.
- Administer CrowdStrike Falcon (EDR); manage Abnormal Security; perform vulnerability assessments with Rapid7 InsightVM.
- Oversee KnowBe4 security awareness and phishing simulations; coordinate SIEM log analysis and threat correlation.
- Support SOX ITGC execution/evidence (User Access Reviews, logical joiner/mover/leaver access, change management, logging/monitoring).
- Draft/review security policies/SOPs aligned to GxP (GMP/GCP/GLP), SOX ITGC, and 21 CFR Part 11 (as applicable); align to NIST CSF/800-53 or CIS.
- Support audits (SOX, FDA, SOC 2, regulatory inspections), prepare evidence packages, track findings/remediation.
- Conduct vulnerability management, prioritize remediation (GMP vs SOX risk), and track evidence.
- Administer security awareness/training and phishing metrics; develop security playbooks/runbooks; contribute to KPIs and improvement.
Requirements:
- 3+ years hands-on cybersecurity; 2+ years in regulated environment.
- 1+ year supporting SOX ITGC or similar compliance; security policy/SOP development experience.
Technical/Preferred Skills:
- EDR (CrowdStrike Falcon preferred); vulnerability mgmt (Rapid7 InsightVM preferred); email security (Abnormal/Proofpoint/Mimecast or similar).
- SIEM/log analysis (Splunk/Sentinel or similar); KnowBe4 or equivalent.
- SOX ITGC experience: UARs, logical provisioning/deprovisioning, change management oversight, audit evidence.
- Education: BS in related field; Security+ or equivalent; CISSP/CISA/CySA+/GSEC.
- Preferred: 21 CFR Part 11; NIST/CIS frameworks; FDA/pharma audit support; SOC 2; PowerShell/Python/Bash; IAM; cloud familiarity.
Application Instructions:
- No Skype interviews; candidates contacted only via official @capricor.com email. No requests to send checks/money.
- Monitor, triage, and respond to security alerts across endpoint, email, and SIEM.
- Investigate incidents impacting GMP/regulated environments and SOX in-scope systems.
- Execute incident response procedures; maintain audit-ready incident/remediation documentation.
- Administer CrowdStrike Falcon (EDR); manage Abnormal Security; perform vulnerability assessments with Rapid7 InsightVM.
- Oversee KnowBe4 security awareness and phishing simulations; coordinate SIEM log analysis and threat correlation.
- Support SOX ITGC execution/evidence (User Access Reviews, logical joiner/mover/leaver access, change management, logging/monitoring).
- Draft/review security policies/SOPs aligned to GxP (GMP/GCP/GLP), SOX ITGC, and 21 CFR Part 11 (as applicable); align to NIST CSF/800-53 or CIS.
- Support audits (SOX, FDA, SOC 2, regulatory inspections), prepare evidence packages, track findings/remediation.
- Conduct vulnerability management, prioritize remediation (GMP vs SOX risk), and track evidence.
- Administer security awareness/training and phishing metrics; develop security playbooks/runbooks; contribute to KPIs and improvement.
Requirements:
- 3+ years hands-on cybersecurity; 2+ years in regulated environment.
- 1+ year supporting SOX ITGC or similar compliance; security policy/SOP development experience.
Technical/Preferred Skills:
- EDR (CrowdStrike Falcon preferred); vulnerability mgmt (Rapid7 InsightVM preferred); email security (Abnormal/Proofpoint/Mimecast or similar).
- SIEM/log analysis (Splunk/Sentinel or similar); KnowBe4 or equivalent.
- SOX ITGC experience: UARs, logical provisioning/deprovisioning, change management oversight, audit evidence.
- Education: BS in related field; Security+ or equivalent; CISSP/CISA/CySA+/GSEC.
- Preferred: 21 CFR Part 11; NIST/CIS frameworks; FDA/pharma audit support; SOC 2; PowerShell/Python/Bash; IAM; cloud familiarity.
Application Instructions:
- No Skype interviews; candidates contacted only via official @capricor.com email. No requests to send checks/money.