Who we are:
We are a leader in fraud prevention and AML compliance. Our platform uses device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens. Today, over 300 banks, retailers, and fintechs worldwide use Sardine to stop identity fraud, payment fraud, account takeovers, and social engineering scams. We have raised $145M from world-class investors, including Andreessen Horowitz, Activant, Visa, Experian, FIS, and Google Ventures.
Our culture:
We have hubs in the Bay Area, NYC, Austin, and Toronto. However, we maintain a remote-first work culture. #WorkFromAnywhere
We hire talented, self-motivated individuals with extreme ownership and high growth orientation.
We value performance and not hours worked. We believe you shouldn't have to miss your family dinner, your kid's school play, friends get-together, or doctor's appointments for the sake of adhering to an arbitrary work schedule.
About the role:
Sardine is seeking a versatile and driven Security Analyst to join our team. This role blends the critical functions of Security Operations (SOC) and Governance, Risk, and Compliance (GRC), offering a unique opportunity to contribute to both the proactive defense and strategic management of our security posture. This position requires a strong understanding of security operations, incident response, risk management frameworks, and regulatory compliance.
This role will focus on facilitating the reduction of risk to our environment through effective communications and partnerships. You will be responsible for communicating information to auditors, regulators and leaders while partnering with internal teams to facilitate successful compliance and review exercises across multiple domains.
You will also be responsible for monitoring, analyzing, and responding to security events and incidents, ensuring the confidentiality, integrity, and availability of our critical systems and data. You will play a key part in protecting our organization from evolving cyber threats by proactively identifying vulnerabilities, implementing security controls, and contributing to the continuous improvement of our security posture.
Key Responsibilities:
Develop, implement, and maintain security policies, standards, and procedures in line with regulatory requirements (e.g., NIST, ISO 27001, HIPAA, PCI DSS, GDPR).
Conduct risk assessments to identify and mitigate threats to information assets.
Monitor and report on compliance, tracking the effectiveness of security controls.
Manage security audits, coordinate with external auditors, and address findings.
Maintain security documentation and ensure alignment with evolving regulations.
Provide security awareness training and support incident response planning.
Monitor SIEM systems and security tools for threats and vulnerabilities.
Investigate and respond to security incidents, documenting analysis and remediation steps.
Perform vulnerability scanning, penetration testing, and security assessments.
Collaborate with IT teams to implement security controls and remediate risks.
Stay informed on emerging threats and contribute to threat intelligence initiatives.
Participate in incident response exercises and develop security reports for management.
An ideal candidate has:
3+ years working in a fast-paced role.
Strong understanding of security frameworks and standards (e.g., NIST, ISO 27001, SOC 2).
Knowledge of relevant regulations and compliance requirements (e.g., HIPAA, PCI DSS, GDPR).
Experience with security tools and technologies, such as SIEM, vulnerability scanners, intrusion detection/prevention systems, and firewalls.
Familiarity with risk assessment methodologies and frameworks.
Experience in developing and implementing security policies, standards, and procedures.
Strong analytical, problem-solving, and incident response skills.
Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders.
Ability to work independently and as part of a team.
Ability to travel if needed.
Working knowledge of MacOS.
Nice to have qualifications:
Experience with scripting languages (e.g., Python, Bash) or automation tools.
Knowledge of cloud security best practices (e.g., AWS, Azure, GCP).
Experience with penetration testing and ethical hacking.
Familiarity with threat intelligence platforms and data feeds.
Experience in fintech.
Exposure to HR Software such as Rippling.
The compensation offered for this role will depend on various factors, including the candidate's location, qualifications, work history, and interview performance, and may differ from the stated range.
Benefits we offer:
Generous compensation in cash and equity
Early exercise for all options, including pre-vested
Work from anywhere: Remote-first Culture
Flexible paid time off, Year-end break, Self care days off
Health insurance, dental, and vision coverage for employees and dependents - US and Canada specific
4% matching in 401k / RRSP - US and Canada specific
MacBook Pro delivered to your door
One-time stipend to set up a home office — desk, chair, screen, etc.
Monthly meal stipend
Monthly social meet-up stipend
Annual health and wellness stipend
Annual Learning stipend
Unlimited access to an expert financial advisory
Join a fast-growing company with world-class professionals from around the world. If you are seeking a meaningful career, you found the right place, and we would love to hear from you.
Yearly based
US / Canada - Remote
