Information Security Senior Analyst, PubSec Product Certification & Compliance

The Information Security organization advances the overall state of security at Rubrik through purposeful initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

At Rubrik, our mission is to secure the world's data. Within our Information Security team, the Public Sector Compliance Team plays a critical role in unlocking strategic US government markets. We're the team that builds trust by proving our platform's integrity against the highest standards of security. 

We are looking for a proactive, technically-minded problem-solver to join us. This InfoSec Senior Analyst role is a unique opportunity for a talented individual from a background in engineering, technical program management, IT, or systems analysis to pivot their career into the high-demand field of cybersecurity compliance. You will leverage your existing skills in a new context, learning the intricacies of U.S. Public Sector security controls while making a tangible impact on our products and business from day one.

Where can you make an impact?

You'll be a bridge between our technology and the stringent requirements of the U.S. government. You won't just be checking boxes; you'll be deconstructing complex technical standards, testing our product(s) against security benchmarks, and working directly with engineering to ensure our platform is hardened and compliant. This is a hands-on, mostly tactical role where your analytical abilities and technical curiosity will be paramount. Success is measured by your ability to effectively identify control gaps and collaborate with others to facilitate their remediation.

For example, you might be tasked with running security evaluation tests for our DISA STIG, collaborating with engineers on meeting FIPS 140-2 cryptographic requirements, or managing the work plan for our next third-party Common Criteria evaluation. You will develop expertise rapidly, learning from top talent and growing into a go-to resource for public sector security at Rubrik. 

• Drive Key Compliance Activities: Take ownership of critical work assignments for essential government certifications such as Common Criteria, DISA STIG, DoDIN APL, Section 508 accessibility, and secured personnel facility visit coordination.
• Perform Technical Analysis & Testing: Conduct hands-on security testing and evaluation (ST&E) against product security baselines or standards. You will identify gaps, document findings, and partner with internal teams to close gaps and drive remediation.
• Translate Requirements into Action: Work closely with Product Management and Engineering to translate complex compliance standards (like NIST SP 800-171 / CMMC) into clear, actionable Jira tickets and development requirements.
• Develop Essential Documentation: Author and contribute to definitive compliance artifacts, including gap analyses, test plans, security control traceability matrices (SCTM), hardening guidance, and sections of our System Security Plans.
• Become a Subject Matter Expert: Develop a deep understanding of selected Rubrik products and how to configure and operate them securely, becoming a trusted advisor on hardening best practices for federal environments.

We encourage you to apply even if you don't meet every single requirement. We value aptitude, a relentless drive to adapt, learn, and contribute, and a commitment to excellence in all the work you perform. 

• Education: Bachelor’s degree or equivalent (preferably in a relevant field); supporting certifications (e.g., Security+, CISSP, CISA) a plus
• 5+ years of experience in a technical role such as Software/Systems Engineering, IT Infrastructure, Technical Program Management, Solutions Engineering, Backup Administration, or a similar field. Direct compliance experience is a plus, but not a prerequisite for a candidate with strong, transferable skills.
• Technical Aptitude: You have a proven ability to learn and understand complex technical subjects. You enjoy digging into how things work and are comfortable with concepts related to software configuration, networking, operating systems (Linux preferred), AI, and enterprise software. 
• Analytical Problem-Solver: You are skilled at breaking down large, complex problems (like a government standard) into smaller, manageable parts and creating a plan to address them. You are transparent about your approach and rationale, and seek to involve others as needed so you can solve for a problem’s root cause(s) vs. chasing symptoms. 
• Strong Communicator & Collaborator: You can clearly articulate technical concepts both verbally and in writing, and have experience producing technical documentation, project plans, road maps, presentations, and reports. You build solid relationships and work effectively with cross-functional teams.
• Organized & Driven: You are a proactive self-starter who can structure a work plan or road map and manage multiple project streams and assignments concurrently. You prioritize and set delivery expectations effectively, find answers, and hold yourself accountable to deliver high-quality work with minimal supervision. 
• Helpful:
•  Familiarity with compliance frameworks like NIST RMF, NIST SP 800-53, or FedRAMP.
•  Prior exposure to government security standards (STIGs, FIPS, CMMC).
•  Experience with tools like Jira, Confluence, and LucidChart/Visio.

Security and Privacy Responsibilities: 

This position carries special Security and Privacy Responsibilities for protecting the U.S. Federal Government’s interests:

• Know, acknowledge, and follow system-specific security policies and procedures;
• Protect data and individual privacy per requirements and regulations;
• Perform ongoing activities in compliance with service and contractual obligations;
• Participate in role-based training, completing assignments on a timely basis; 
• Report security issues promptly, and aid investigation when needed;
• Support controlled changes and vulnerability remediation activities; and
• Work collaboratively with Information Security in designing, implementing, assessing or enhancing system-specific security and privacy controls. 

Position Risk Designation:

This position carries duties and responsibilities involving the U.S. Federal Government’s interests. The selected incumbent may be subject to one or both of the additional background checks with periodic re-screening as noted below:

Position Risk Designation: Non-Sensitive, Low Risk, Tier 1 

Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. (Baseline screening; formerly National Agency Check and Inquiries (NACI)).

Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2 (Public Trust)

Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk.

Position Risk Designation:Moderate Risk Law Enforcement (CJIS)

When hired for a position where access to Moderate Risk criminal justice information is required, the employee must complete a fingerprint-based national criminal history background check within 30 days after the employee’s start date.