Senior Information Security Analyst II – Remote Position Available In Montgomery, Pennsylvania

Job Description:

Freenome is a high-growth biotech company developing tests todetect cancer using a standard blood draw. To do this, Freenomeuses a multiomics platform that combines tumor and non-tumorsignals with machine learning to find cancer in its earliest,most-treatable stages. Cancer is relentless. This is why Freenomeis building the clinical, economic, and operational evidence todrive cancer screening and save lives. Our first screening test isfor colorectal cancer (CRC) and advanced adenomas, and it’s justthe beginning. Founded in 2014, Freenome has ~400 employees andcontinues to grow to match the scope of our ambitions to provideaccess to better screening and earlier cancer detection. AtFreenome, we aim to impact patients by empowering everyone toprevent, detect, and treat their disease. This, together with ourhigh-performing culture of respect and cross-collaboration, is whatmotivates us to make every day count. Become a Freenomer Do youhave what it takes to be a Freenomer? A “Freenomer” is adetermined, mission-driven, results-oriented employee fueled by theopportunity to change the landscape of cancer and make a positiveimpact on patients’ lives. Freenomers bring their diverseexperience, expertise, and personal perspective to solve problemsand push to achieve what’s possible, one breakthrough at a time.

About this opportunity: At Freenome, the Senior InformationSecurity Analyst plays a key role in protecting the organizationsinformation assets by implementing, maintaining and monitoringsecurity related events and incidents. This role investigates,analyzes, and responds to cyber incidents within the Freenomeslocal and cloud networks, or enclaves and will provide expertiseregarding collecting evidence and do forensic analysis. This rolewill also define and implement security controls, ensuringcompliance with relevant regulations and standards, and providingexpertise in securing cloud of office environments. This positionrequires a blend of technical security skills, complianceknowledge, and a proactive approach to identifying and mitigatingrisks. This position will report directly to the Director ofInformation Security. This role will be a Remote role. What you’lldo:

Security Operations:

Implement, maintain, monitor and improvesecurity systems (e.g., SIEM, IDS/IPS) to detect, alert and respondto security incidents. Conduct security investigations and performroot cause analysis. Ensure that incidents are correctly reported,documented, investigated and concluded in accordance withoperational policies and procedures. Manage security events as partof security operations, responding to urgent alerts, which mayinclude off-hours investigation activities. Manage and maintainsecurity infrastructure (e.g., cloud firewalls, VPNs). Performvulnerability assessments and penetration testing. Excellentknowledge of Endpoint protection. Provide technical securityexpertise and guidance to other teams. Evaluate and recommend newsecurity technologies and solutions. Provide ideas and feedback toimprove the overall SOC capabilities and maturity. Perform allother Information Security related duties as assigned andcontribute to the success of the Information Security Team.

Compliance:

Participate in internal and external security audits.

Perform regular asset, account and access reviews. Assist in thedevelopment, maintenance, and implementation of security policies,standards, and procedures. Ensure compliance with relevantregulations and standards (e.g., HITRUST, NIST 800-53r5 and SOC 2Type 2). Track and remediate compliance findings.

Cloud Security:

Design, implement, and maintain security controls for cloudenvironments. Collaborate with IT to ensure the security of Cloudservices, including virtual machines, storage, networking, anddatabases. Conduct security assessments of cloud configurations anddeployments. Develop and maintain cloud security best practices andguidelines. Stay up-to-date on security best practices and emergingthreats Must haves: Bachelors degree in Information Security, or arelated field. 8 years of experience working in InformationSecurity. Current CISSP certification. Strong understanding ofsecurity principles, technologies, and best practices. At least 3years hands-on experience in SIEM tools implementing, operating,maintaining, and incident management in mission criticalenvironments. Experience with vulnerability management andpenetration testing. Familiarity with relevant regulations andstandards (HITRUST, NIST 800-53r5, SOC 2 Type 2). Strong analyticaland problem-solving skills. Ability to work independently and aspart of a team.

Nice to haves:

Other Security certifications (e.g.,CCSP, CCAK, CCSK, CISM, GCIH, GCIA, GSEC, Azure Security EngineerAssociate, GCP Cloud Security Engineer). Experience with scriptinglanguages (e.g., Python, PowerShell, Bash). In-depth knowledge ofMicrosoft Azure security services and best practices. Experiencewith security automation and orchestration. Experience withGovernance, Risk, and Compliance (GRC) tools. Can-Do attitude.

Knowledge and expertise in a myriad of Information SecuritySolutions across cloud and IT security. Excellent analytical,interpersonal and communication skills both oral and written. Anunwavering personal integrity and work ethic. A systematicproblem-solving approach, coupled with effective communicationskills and a sense of ownership and drive.

Benefits and additionalinformation:

The US target range of our base salary for new hiresis $131,325 – $201,000. You will also be eligible to receivepre-IPO equity, cash bonuses, and a full range of medical,financial, and other benefits depending on the position offered.

Please note that individual total compensation for this positionwill be determined at the Company’s sole discretion and may varybased on several factors, including but not limited to, location,skill level, years and depth of relevant experience, and education.

Freenome is proud to be an equal-opportunity employer, and we valuediversity. Freenome does not discriminate on the basis of race,color, religion, marital status, age, national origin, ancestry,physical or mental disability, medical condition, pregnancy,genetic information, gender, sexual orientation, gender identity orexpression, veteran status, or any other status protected underfederal, state, or local law.