Information Security Specialist

Information Security Specialist Fremont, CA Job Details Full-time $128,700 - $160,900 a year 1 day ago Qualifications Penetration testing Endpoint Security Computer operation Computer science Azure GSEC Computer Science Incident management Cloud security engineering Technical documentation ISO standards CISSP Vulnerability assessment tools Compliance audits & assessments SOC 2 Data reporting Google Cloud Platform Training material drafting Windows 3 years Bash CISM Information security compliance AWS Training employees on security practices Policy & process development Information Security Bachelor's degree IT security architecture Incident Investigation Vulnerability scanning Third-party risk management macOS Vendor negotiation Vulnerability management IT Linux Threat intelligence VPN management HTTPS Root cause analysis Senior level CompTIA Security+ Bachelor's degree in computer science Incident response implementation Vendor risk management Information security auditing Communication skills Python PowerShell Proxy servers GCIH Training delivery IT security monitoring Full Job Description We are seeking a hands-on Information Security Specialist to serve as the primary individual contributor responsible for protecting the organization's digital assets, infrastructure, and data. This role operates within the Global IT team and reports directly to the Head of Global IT, providing expert guidance on security strategy, risk posture, and compliance initiatives. The ideal candidate is equally comfortable responding to a live security incident, rolling out endpoint protection across the fleet, and preparing documentation for an external audit.

ESSENTIAL DUTIES AND RESPONSIBILITIES

: To perform this job successfully, an individual must be able to perform essential duties and responsibilities satisfactorily. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Incident Detection & Response Monitor, triage, and respond to security alerts from SIEM, EDR, and cloud-native tools. Lead incident response activities including containment, eradication, root-cause analysis, and post-incident reporting. Maintain and continuously improve the incident response playbook and escalation procedures. Threat Hunting & Vulnerability Management Proactively scan accounts, endpoints, and network segments for indicators of compromise and emerging threats. Conduct regular vulnerability assessments and coordinate remediation with system owners. Stay current on threat intelligence feeds and integrate findings into defensive operations. Endpoint & Network Security Evaluate, deploy, and manage antivirus, EDR, and other endpoint threat-detection tools across all company devices. Configure and maintain firewalls, VPNs, web proxies, and other perimeter controls. Ensure consistent security baselines across Windows, macOS, and Linux endpoints. Security Awareness & Training Design, deliver, and track semi-annual security awareness training for all employees. Develop supplemental materials such as phishing simulations, quick-reference guides, and policy refreshers. Serve as a go-to resource for security questions from staff at all levels. Third-Party & Vendor Security Evaluate third-party security solutions, SaaS vendors, and cloud service providers against organizational requirements. Conduct vendor risk assessments and maintain an approved-vendor security register. Negotiate security terms and review vendor SOC reports, penetration test results, and certifications. Compliance & Audit Support Support the organization's pursuit and maintenance of ISO 27001 and/or SOC 2 Type II certifications. Draft, review, and maintain information security policies, standards, and procedures. Gather evidence, coordinate with auditors, and remediate findings during internal and external audits. Advisory Advise the Head of Global IT on security risks, investments, and strategic priorities. Provide security input on architecture reviews, new technology deployments, and change-management processes. Produce regular security metrics and executive-level reporting.

REQUIREMENTS & QUALIFICATIONS

The requirements listed below are representative of the knowledge, skill, and/or ability required. Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience). 3-5+ years of progressive experience in information security or cybersecurity operations. Demonstrated hands-on experience with SIEM platforms, EDR solutions, and vulnerability scanners. Working knowledge of ISO 27001 and/or SOC 2 Type II frameworks and audit processes. Strong understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, firewalls, VPN). Excellent written and verbal communication skills; able to translate technical risk into business language. Industry certifications such as CISSP, CISM, CompTIA Security+, or GIAC (e.g., GSEC, GCIH). Experience with cloud security in AWS, Azure, or GCP environments. Familiarity with scripting or automation (Python, PowerShell, Bash) for security workflows. Prior experience building or significantly contributing to a compliance program from the ground up. Experience conducting or managing penetration tests and red-team exercises.

PHYSICAL DEMANDS AND WORK ENVIRONMENT

The physical demands described here are representative of those that an employee must meet to perform the essential functions of this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. Frequently required to sit, stand, and move within the office environment. Regularly required to operate a computer and other office productivity machinery. The role may require occasional lifting of objects up to 20 pounds. Ability to travel between 5-10% of the time. Cytek is an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, gender identity, sexual orientation, national origin, genetic information, disability status, veteran status, or any other characteristic protected by law.