Information Security Analyst

About Fluxx:

At Fluxx our mission is to be the leading collaborative grantmaking platform in our global communities. We believe in building technology that drives positive impact in our world. Our platform helps foundations and agencies streamline the grantmaking process, making it easier to get funding to those that need it to support their mission. We are driven to help facilitate change through our solutions that automate grantmaking for organizations all over the world.  Over the past decade Fluxx has built a boundary-pushing community of 330+ grantmakers who work with more 150,000 nonprofits worldwide who are responsible for transacting $15.7B in investments last year alone! 

At Fluxx, our users trust us. They rely on us to keep their data, and the data of their customers, safe. This trust is paramount. That's why we're building a security-first culture, and that's where you come in.

As an Information Security Analyst, you will play a vital role in protecting Fluxx. You will be a critical member of our security team, responsible for proactively monitoring security threats, responding to incidents, and continuously improving our overall security posture.

We are looking for people who are curious, tenacious, intellectually honest, and have a bias toward action. We welcome diverse perspectives and encourage you to apply if you think you can bring value to  our team––even if your experience doesn’t perfectly match the job description.

This is a full-time exempt and remote position. Candidates must be located in the United States. 

How you will make an impact/What you will do:

Security Monitoring & Incident Response:

• Perform real-time monitoring of security events and alerts across various security tools (e.g., SIEM, EDR, DLP).
• Rapidly respond to security incidents, conduct root cause analysis, and implement containment and remediation measures.
• Assist in post-incident analysis and reporting to identify areas for improvement and prevent future occurrences.
• Security Operations:
• Administer, tune, and enhance security tools and technologies.
• Develop and maintain automation scripts and tools to improve security operations efficiency and effectiveness (e.g., threat hunting, incident response playbooks).
• Maintain comprehensive documentation on security incidents, vulnerabilities, and procedures.
• Vulnerability Management:
• Triage and analyze vulnerability scan results from various sources (e.g., penetration tests, and vulnerability scans).
• Prioritize vulnerabilities based on risk and impact, escalating critical issues as necessary.
• Collaborate with development teams and other stakeholders to drive the remediation of vulnerabilities.
• Regularly audit and refine vulnerability management processes, tools, and reports.
• Access Control & Auditing:
• Conduct regular access reviews and audits to ensure appropriate access levels for users and systems.
• Investigate and remediate access control violations.
• Assist in the implementation and maintenance of least privilege principles.
• Security Awareness & Training:
• Support internal users with security concerns and questions, providing guidance and assistance.
• Contribute to the development and delivery of security awareness training programs.
• Promote a strong security culture within the organization.
• Communication & Collaboration:
• Communicate effectively and empathetically with development teams, providing clear and actionable guidance.
• Effectively present security findings and recommendations to development teams and management.
• Collaborate with technology stakeholders across the organization.
• Documentation & Reporting:
• Write clear, concise, and effective technical documentation summarizing findings, risks, and recommendations.
• Deliver security metrics and identify areas for improvement.
• Research & Innovation:
• Conduct research on emerging security threats and technologies.
• Participate in industry events and conferences to stay abreast of the latest security trends.

What you bring to the team/ About you:

• 2+ years of experience in security operations or a related field.
• Basic understanding of networking, firewalls, and security protocols.
• Operational familiarity with Linux and containers.
• Understanding of K8s manifest files and package versioning.
• A passion for continuous learning and a proactive approach to security challenges.
• Exposure to cloud environments (AWS, Azure, or Google Cloud).
• Knowledge of managing IAM permissions with Terraform.
• Understanding of the principles of least privilege.
• Scripting language proficiency.
• Familiarity with security tools such as SIEM, endpoint protection, and vulnerability scanners.
• Analyze and document findings effectively, providing clear insights into key issues.
• Experience with GitHub Dependabot.

Salary:

The expected annual base salary for this role is $100k - $150k. The base pay range is subject to change in the future. 

The successful candidate’s starting salary will be determined based on, but not limited to (a) location; (b) individual candidate skills and qualifications; and (c) individual candidate experience. 

Fluxx is committed to fair and equitable compensation practices. We take a market-based approach to pay which may vary depending on your location. Locations are categorized into one of three zones based on a cost of labor index for that geographic location and our compensation philosophy.

Why Join Fluxx?

Fluxx is more than a tech company—we’re a community committed to making a difference. We celebrate diversity and inclusion, value collaboration, and are dedicated to creating a workplace where everyone can thrive. If you’re passionate about building relationships, driving engagement, and empowering customers, we’d love to hear from you.

Benefits:

Fluxx offers the following benefits for the position subject to applicable eligibility requirements: Medical, dental, and vision insurance; Flexible time off; Paid sick leave; 12 weeks of fully-paid parental leave; Annual learning and development stipend; Internet stipend; One-time home office set-up stipend; 401(k) retirement plan with company match. This position is also eligible for incentive stock options, subject to the terms of Fluxx’s applicable stock plans. 

More About Fluxx:                                                                                                                                                                 

We are a people-first and inclusive workplace committed to continuous learning. We pride ourselves on having a diverse workforce and we do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. We respect the gender, gender identity and gender expression of our applicants and employees. It is our policy to comply with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity.