Job Title: Product Security Senior Analyst
Contract Duration: 6-month contract with strong potential for extension
Location: St. Paul, MN
Work Arrangement: Onsite
Work Schedule: 40 hours/week, flexible start times between 6:30 AM and 9:30 AM
Pay Range: $40-$45/hour
Summary
The Product Security Senior Analyst is responsible for identifying and managing security risks across developed, marketed, and fielded products, with a focus on patient safety and data protection. This role supports the development and execution of a comprehensive product security program, including vulnerability risk management, security testing, incident response, and regulatory compliance.
Responsibilities
- Lead and manage the Rapid7 InsightVM environment, including assessment, rebuild, and ongoing scanning (scheduled and ad hoc)
- Perform vulnerability risk assessments and proactively monitor product vulnerabilities in accordance with FDA post-market guidance
- Collaborate with internal teams and stakeholders to prioritize and remediate security risks
- Participate in company-wide product security initiatives and continuous monitoring efforts
- Develop and maintain technical documentation and project plans
- Communicate product security messaging across the organization
- Support web application scanning, threat intelligence, and container security initiatives
- Ensure compliance with national and international regulatory frameworks (e.g., NIST, ISO 27001, HIPAA/HITECH, EU DPD)
- Provide guidance to junior security professionals as needed
- Maintain cooperative communication with employees, customers, contractors, and vendors
Required Qualifications
- Bachelor’s degree in Computer Science, MIS, Information Assurance, or related field (Associate degree required; equivalent experience considered)
- 6+ years of experience in cybersecurity, with a focus on vulnerability risk management
- Proficiency with industry-standard tools such as Rapid7 (InsightVM), Tenable, or similar
- Strong organizational, time management, and multitasking skills
- Ability to work independently and within a team in a fast-paced, matrixed environment
- Excellent written and verbal communication skills for both technical and non-technical audiences
Preferred Qualifications
- Experience with container scanning and web application security
- Relevant certifications: CISSP, Security+, CEH, CISA, CISM, CRISC, CPP, or CFE
- Demonstrated success in cross-functional projects and compliance initiatives