About Gusto
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 300,000 businesses nationwide.
Our mission is to create a world where work empowers a better life, and it starts right here at Gusto. That’s why we’re committed to building a collaborative and inclusive workplace, both physically and virtually. Learn more about ourTotal Rewards philosophy.
About the Role:
The Security Operations team at Gusto is on the front lines of protecting Gusto and our customers from a wide range of threats—phishing attacks, insider risks, data loss, and the latest sophisticated attack techniques. Every day, our distributed team across Eastern and Pacific time zones works in sync to strengthen our monitoring and response capabilities, ensuring swift and effective threat detection and mitigation.
We’re looking for an ambitious Security Analyst with 2+ years of experience to join us in advancing our security operations and vulnerability management initiatives. In this role, you’ll split your time between driving our Vulnerability Management Program and supporting essential security operations. If you have hands-on experience in cloud environments (AWS etc), a proactive approach to incident response, and familiarity with scripting languages (Python, Bash, Ruby), and collaborate with multiple areas of the company. This is an exceptional chance to grow your expertise in a dynamic setting.
Here’s what you’ll do day-to-day:
- Security Monitoring & Incident Response: Perform real-time monitoring, respond to security incidents, and assist with post-incident analysis. This could include the following:
- Administer, tune, and enhance security tools such as SIEM, endpoint detection & response, data loss prevention, etc.
- Develop and maintain automation scripts and tools to enhance security operations efficiency and effectiveness.
- Maintain documentation on security incidents, vulnerabilities, and procedures to support continuous improvement and compliance.
- Support internal users with security concerns and questions, helping to strengthen and promote Gusto’s security culture.
- Triage and analyze vulnerability results to identify and prioritize security weaknesses, escalating as necessary for immediate response.
- Collaborate with cross-functional teams to drive the remediation of vulnerabilities.
- Regularly audit and refine vulnerability management processes, tools, and reports to maintain accuracy, and ensure compliance with security policies.
Here’s what we're looking for:
Minimum Requirements:
- 2+ years of experience in security operations or a related field. Examples of required experience may include:
- Monitoring security tools for alerts and investigating suspicious activity.
- Conducting regular vulnerability assessments, triaging risks, and tracking remediation efforts.
- Identifying, analyzing, and responding to security incidents, which includes root cause analysis and remediation.
- Gathering and applying threat intelligence to proactively address potential security threats.
- Documenting procedures and creating incident reports to improve response processes and compliance.
- Basic understanding of networking, firewalls, and security protocols.
- Operational familiarity with Linux and containers.
- Understanding of K8s manifest files and package versioning.
- A passion for continuous learning and a proactive approach to security challenges.
- Exposure to cloud environments (AWS, Azure, or Google Cloud).
- Knowledge of managing IAM permissions with Terraform.
- Understanding of the principles of least privilege.
- Scripting language proficiency.
- Familiarity with security tools such as SIEM, endpoint protection, and vulnerability scanners.
- Analyze and document findings effectively, providing clear insights into key issues.
Preferred Qualifications:
- Experience with log analysis and digital forensics.
- Experience leading an incident response investigation.
- Understand vulnerabilities and how to patch them.
- Experience with GitHub Dependabot.
- Understanding of industry standard security frameworks and benchmarking.
- Coding experience in one or more general purpose programming languages.
- Security certifications (e.g., CISSP, CompTIA Security+, AWS Certified Cloud Practitioner) are a plus.
- Interest in the landscape of security and its impact across multiple industries and tactics, techniques, procedures of threat actors.
Our cash compensation amount for this role is targeted at $112,000-125,000 in Denver & most remote locations, and $140,000-157,000 for San Francisco & New York. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.
Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 daysper week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale.
Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas.
When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required.
Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.
Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. We want to see our candidates perform to the best of their ability. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you.
Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer.