Security Analyst, Compliance

Everpure•Santa Clara, CA

6h•$110,000 - $165,000•Onsite

About The Position

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry. This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us. THE ROLE At Pure Storage, Information Security is a foundational business priority. The Security team is a core engineering-focused group deeply embedded in ensuring the security of our corporate environment and Pure Storage services. We are dedicated to staying on the cutting edge of security technology and proactively addressing the evolving threat landscape. We are seeking a proactive, detail-oriented Security Analyst, Compliance to independently run compliance certification programs with minimal supervision and actively support the broader compliance efforts of the team.

Requirements

5+ years of experience in IT audit, risk management, or IT compliance roles, with demonstrated experience running compliance certification programs.
In-depth understanding of security controls and key compliance frameworks (e.g., NIST, SOC2, ISO 27001, FedRAMP, FIPS, Common Criteria) as well as cloud platforms (e.g. AWS, Azure, GCP, etc.)
Strong written and verbal communication skills, with the ability to engage effectively with both internal teams and external auditors.
Ability to identify and recommend tools, processes, and software to improve and automate compliance practices.

Nice To Haves

Security Operations or Engineering background preferred but not required
Relevant certifications such as CISSP, CISA, or CISM, ISO/IEC 27001 Lead Implementer or Lead Auditor are preferred but not required.

Responsibilities

Execute and support compliance certification programs (e.g., SOC 2, ISO 27001, FedRAMP, Common Criteria), ensuring all security and regulatory requirements are met.
Collaborate and maintain communication with cross-functional teams (e.g., Engineering, Legal, Product) and external auditors/stakeholders to ensure smooth project execution and successful outcomes.
Assist and support internal teams through independent assessments and audits. Translate complex security and compliance controls into actionable technical solutions and implementation strategies.
Develop, track, and report on key compliance metrics (KCMs), continuously driving process improvements to align with evolving industry standards and best practices.
Author and maintain comprehensive compliance documentation, including control narratives, audit evidence, and supporting materials, ensuring they are accurate, up-to-date, and audit-ready.
Independently drive on recurring tasks and events such as access reviews and vulnerability scanning across multiple business units with differing scopes.
We are primarily an in-office environment and therefore, you will be expected to work from the Lehi, UT office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.