Staff Information Security Analyst - Security Assurance

About Druva

You won’t just join a company at Druva, you’ll help shape the future of data security at the moment it matters most. We are building a modern standard with our cloud-native solutions, designed to simplify the toughest challenges in cyber resilience for our customers. As the pioneer and market leader in fully managed SaaS data protection, we help organizations secure and recover their data from ransomware, cyberattacks, and operational disruptions without the complexity, cost, or risk of legacy infrastructure.

Our momentum is backed by the market: Druva was named a Leader in the 2025 Gartner® Magic Quadrant™ for Backup and Data Protection Platforms, a Leader in the 2025 IDC MarketScape for Cyber-Recovery, and a Leader & Outperformer in the 2025 GigaOm Cloud Data Protection Radar. Even better, customers validate that leadership every day through strong Gartner Peer Insights ratings, standout Net Promoter Scores (NPS), and top willingness-to-recommend results.

Visit druva.com and follow us on LinkedIn, X and Facebook.

Summary:-

The Staff Technical Security Analyst, Security Assurance will be responsible for all activities directed at building trust and confidence in Druva’s data security, privacy, and compliance posture with prospects and customers. 

Additionally, they will be responsible for Druva’s Third-Party Risk Management program and drive execution and improvement in Druva’s security culture improvement initiatives around phishing and security awareness. 

Preferred Qualifications/Skills:-

1. Exceptional communication skills, critical thinking ability and strong bias for ownership & learning
2. Working protocol level understanding of At-Rest and In-Motion Encryption fundamentals (TLS/SSL, BCrypt, PKI, SHA1, AES etc) and Key Management principles 
3. Demostrable knowledge of MITRE ATT@CK framework, OWASP Top-10 Web Application Vulnerabilities and related risks and countermeasures
4. Knowledge of AWS, Azure services  and security controls native to them
5. Technical Understanding of SaaS Multi-tenant architectures
6. Knowledge of technical domains such as network security, cloud security & application security
7. Ability to threat model and assess security risk of interconnected systems and data flows
8. Background in or strong understanding of security compliance and Privacy frameworks (SOC 2, ISO27001, HIPPA, CSA STAR, NIST 800-53, NIST CSF), tools to develop SBOM and information gathering frameworks like SIG and CAIQ
9. Proven experience collaborating with sales, legal and engineering teams
10. At least 10  years of experience in a technology discipline, preferably 6+ years in the cyber security domain
11. Experience implementing or using any TPRM tools or platforms (for e.g. KY3P, ProcessUnity, ServiceNow, CyberGRX etc), familiarity with tools like Security Scorecard, Bitsight etc.
12. Experience in automating workflows
13. Demonstrable customer communication experience around security matters is a plus

Responsibilities:-

1. Own and drive the processes to provide expert internal support for security and compliance due diligence requests
2. Work and co-ordinate with internal security teams (Cyber Defence, Product Security, Compliance), Engineering, Legal  functions and customer account teams to provide timely and high-quality responses to security queries from prospects and customers
3. Manage incoming security support requests including security focused questionnaires, customer audits, and client-driven penetration tests as needed
4. Develop and maintain customer facing security policies and documentation and manage the Druva's online trust portal
5. Ensure customer security documentation and external artifacts are up to date and accurate as per current state security policies 
6. Evaluate and set the strategy for Druva’s third-party risk management program
7. Conduct holistic security assessments of Druva’s existing & new vendors to identify and mitigate potential risks.
8. Stay informed about current security vulnerabilities, incidents and assess exposure through Druva’s vendor landscape 
9. Own and drive risk-reduction in Druva’s External attack surface
10. Develop and execute on improvement strategy for phishing simulations and security training of our employees