Cyber Security Analyst

NeuroPace • Mountain View, CA, US • 6d ago

Based in Mountain View, CA., NeuroPace is a commercial-stage medical device company focused on transforming the lives of people suffering from epilepsy by reducing or eliminating the occurrence of debilitating seizures. Its novel and differential RNS System is the first and only commercially available, brain-responsive platform that delivers personalized, real-time treatment at the seizure source.

At NeuroPace, employees are our greatest asset. We are continually searching for solution-oriented individuals who can bring energy and creativity to our growing workforce. At NeuroPace, our success depends upon our ability to recruit and retain the most talented, enthusiastic and dedicated people we can find and providing them with a dynamic and challenging environment in which to thrive.

We are currently seeking an Cyber Security Analyst to join our team. This individual will manage and participate in the design and development of security measures for software applications and hardware devices while collaborating with cross-functional teams, including Research & Development, Quality and Regulatory affairs. The individual will integrate security measures into the NeuroPace design and development processes.

Key Responsibilities

Security Solution Development:
- Participate in the design and develop security measures for software applications and hardware devices.
- Assist with the security by design principles for enhancements and development of NeuroPace products.
- Collaborate with cross-functional teams, including Research & Development, Quality and Regulatory affairs to integrate security measures into the design and development processes.
- Works with the IT Operations, and the Research & Development teams to help cybersecurity strategy for enterprise security architecture and the implementation of appropriate safeguards and controls.
- Integrate security tools and frameworks into the development lifecycle.
Security Monitoring:
- Regularly monitor official CVE databases and Microsoft security advisories for new vulnerabilities related to Windows operating systems.
- Analyze CVE reports to assess the severity and potential impact on the organization's IT infrastructure.
- Prioritize CVEs based on risk, exposure, and relevance to the organization's environment.
- Coordinate with IT and Research & Development teams to schedule and deploy Windows updates and patches that address identified CVEs.
- Ensure timely application of security patches to mitigate vulnerabilities in the Windows ecosystem.
- Maintain detailed records of identified CVEs, remediation actions, and patch deployment activities.
Threat Analysis & Mitigation:
- Perform regular security assessments and vulnerability testing.
- Assist with comprehensive threat modeling and cybersecurity risk assessment for medical devices in alignment with FDA guidelines and best practices.
- Identify and recommend remediations for security vulnerabilities in systems and applications.
- Performs risk assessments of internal and external applications/solutions to determine their adherence to security controls, NeuroPace’s policies, standards and industry best practices, and maintain ongoing safeguards and controls.
- Stay updated with the latest security threats and develop strategies to counteract them.
Incident Response:
- Monitor security alerts with AWS Security Hub and other software, conduct thorough investigations, and respond to alerts in a timely manner.
- Conduct root cause analysis of security incidents and provide comprehensive reports.
- Develop and maintain incident response plans and procedures.
Collaboration & Training:
- Work closely with IT, development teams, and other stakeholders to ensure security best practices are followed.
- Provide training and guidance on security protocols and procedures.
- Assist in the development of security policies and compliance initiatives.
- Support the advancement of NeuroPace’s Cybersecurity program to ensure consistent detection, analysis, response, and monitoring of cybersecurity threats.
Documentation & Reporting:
- Maintain detailed documentation of security measures, incidents, and solutions.
- Generate regular reports on security status, vulnerabilities, and remediation efforts.

Requirements

Education:
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
- Relevant certifications (e.g., CISSP, CISM, CEH) are highly desirable.
Experience:
- Minimum of 2-4 years of experience in information security or related field.
- Knowledge of security tools and platforms (AWS Security Hub, Microsoft Purview).
- Proven experience with security tools and technologies (e.g., IDS/IPS, SIEM).
- Understanding of information security regulatory requirements (e.g., HIPAA, FDA, CISA)
Skills:
- Strong understanding of encryption methods, authentication, and access control.
- Experience with cloud security solutions (e.g., AWS, Azure).
- Familiarity with security frameworks (e.g., NIST, ISO 27001).
- Understanding of security certifications (e.g., HITRUST, SOC 2).
- Excellent analytical and problem-solving abilities.
- Strong communication and interpersonal skills.
- Ability to work independently and as part of a team.
- Compensation Range: $115K-$140K

Benefits

Medical, Dental & Vision Insurance
Voluntary Life
401K
RSU
529 plan
ESPP Program
Health & Wellness Program
Generous Paid Time Off plus eleven paid holidays
FSA & Commuter Benefits

NeuroPace is proud to be an equal opportunity employer and values the contributions of our culturally diverse workforce.

San Francisco and Los Angeles applicants: The Company will consider for employment qualified applicants with Criminal Histories in a manner consistent with the requirements of the Los Angeles Fair Chance in Hiring Ordinance or the San Francisco Fair Chance Ordinance (as applicable)

PRIVACY NOTICE: NeuroPace takes its responsibility to protect your personal information seriously, and it uses reasonable safeguards to avoid unauthorized use or disclosure of it, and inadvertent loss or impermissible alteration of it. NeuroPace complies with all applicable federal and state laws and regulations that govern the handling of your personal information. If you would like more detailed information on NeuroPace’s privacy policies, please refer to neuropace.com/privacy/ for reference. NeuroPace retains candidate resumes and applications in its files for future reference and/or consideration for other available job postings. If you do not wish for your resume and applications materials to be retained in NeuroPace files, or wish to obtain a listing of any personal information that NeuroPace has stored about you, please contact us at privacy@neuropace.com.

Apply