Senior Security Analyst

Revolution Medicines is a clinical-stage precision oncology company focused on developing novel targeted therapies to inhibit frontier targets in RAS-addicted cancers.  The company’s R&D pipeline comprises RAS(ON) Inhibitors designed to suppress diverse oncogenic variants of RAS proteins, and RAS Companion Inhibitors for use in combination treatment strategies. As a new member of the Revolution Medicines team, you will join other outstanding professionals in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway.

The Opportunity:

We are seeking an experienced Senior Security Analyst to join our team in ensuring the security and integrity of our systems and data. The ideal candidate will leverage experience in security processes, capabilities, and technologies to design and implement solutions that protect systems, data, people, and processes.

This role will help execute a strategic vision for security solutions that align with the company's overall business goals and objectives. Executing in an iterative fashion, this position will be involved in evaluating and managing solutions for threat detection, incident response, and risk management across all threat surfaces (endpoints, servers, email, social, Cloud etc.). This role will be both hands-on as well as adept at working with multiple internal and external teams including managing vendor relationships. This person will be well-versed in security metrics and performance measurement, working closely with other InfoSec colleagues to update reports and dashboards necessary for continuously monitoring, measuring, and learning from our tactics.

The Security Analyst will be a key member of the IS Security, Risk, and Compliance team, reporting to the Senior Manager, Information Security and is expected to develop and nurture close partnerships with a wide range of stakeholders, particularly in the Information Sciences department.  The successful candidate will draw upon their experience to:

• Contribute to the design, implementation, and maintenance of security platforms and tools.

• Help develop and execute a strategic vision for security solutions that align with the company's overall business goals and objectives.

• Ensure the reliability and compliance of data across all digital systems and processes.

• Foster a culture of continuous improvement and innovation within the Information Security team.

• Monitoring and identifying potential threats from vulnerabilities via an Exposure Management platform. Triaging remediation efforts through patch management (bigfix) or manual intervention.

• Implement and manage cloud security configurations to protect sensitive data and ensure compliance with ISO and NIST standard.

• Utilizing token security and SaaS Security Platforms review alerts and monitoring non-human identity posture and SaaS application configurations to verify proper IT hygiene and best practice recommendations.

• Deploying and maintaining Endpoint Security solutions to detect and respond to threats, device control events (USB). Additional Threat hunting may be required to validate incidents.

• Daily validation of Identity Threat Protection data to safeguard user identities and prevent unauthorized access.

• Perform regular security assessments and audits of production to ensure the effectiveness of security controls.

• Daily monitoring and response to daily alerts captured by the on prem network detection and response.

• Stay up to date with the latest cybersecurity trends, threats, and technologies.

Required Skills, Experience and Education:

• Hands-on experience with Astrix Security, Darktrace, CrowdStrike's Endpoint Security, Exposure Management, and Identity Threat Protection modules is a plus. Other EDR, NHI and NDR experience is acceptable.

• Proven experience in cloud security within Azure and AWS.

• Experience in runbook development via a SOAR (Security Orchestration Automation Response) platform is preferred.

• Excellent communication and teamwork abilities.

• Strong analytical and problem-solving skills.

Preferred Skills:

• Experience with patch management platforms like BigFix.

• Relevant certifications such as CISSP, CISM, Security+ or CrowdStrike University certificates.

• Familiarity with security frameworks and standards such as ISO and NIST.

• Ability to work in a fast-paced environment and manage multiple tasks simultaneously.

The base salary range for this full-time position is $116,000 to $145,000 for candidates working onsite at our headquarters in Redwood City, CA. The range displayed on each job posting is intended to be the salary for an individual working onsite in Redwood City and will be adjusted for the local market a candidate is based in. Our salary ranges are determined by role, level, and location. Individual pay is determined by multiple factors, including job-related skills, experience, market dynamics, and relevant education or training.

Please note that base salary is one part of the overall total rewards program at RevMed, which includes competitive cash compensation, robust equity awards, strong benefits, and significant learning and development opportunities.

Revolution Medicines is an equal opportunity employer and prohibits unlawful discrimination based on race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, disability, marital status, medical condition, and veteran status.

Revolution Medicines takes protection and security of personal data very seriously and respects your right to privacy while using our website and when contacting us by email or phone. We will only collect, process and use any personal data that you provide to us in accordance with our CCPA Notice and Privacy Policy. For additional information, please contact privacy@revmed.com.

#LI-Hybrid   #LI-YG1