Information Security Analyst

The Company:

VeSync is a portfolio company with brands that cover different categories of health & wellness products. We wouldn’t be surprised if you have one of our Levoit air purifiers in your living room or a COSORI air fryer whipping up healthy and delicious meals for you every night.

We’re a young and energetic company, we’ve had tremendous success, and we are constantly growing our team. As we garner more industry attention – just check out our accomplishments and awards by CES Innovation, iF Design, IGA, and Red Dot – we also need driven and talented people to join our team.

That brings us to you, and what you’ll be joining. Our teams are smart and diligent and take ownership of their work – they’re confident in their work but know how to collaborate with open ears and a spirit of learning. If you’re down-to-earth, approachable, and easy to strike up a conversation with, this may be a great fit for you.

Check out our brands:

The Opportunity:

The Information Security Analyst is responsible for supporting the organization’s security posture by implementing, monitoring, and maintaining security controls across systems, networks, and cloud environments. This role works closely with senior security team members to identify risks, respond to incidents, and ensure compliance with security standards and regulatory requirements.

What you will do at VeSync:

• Information Security Operations & Planning
• Support the implementation and maintenance of information security controls to protect company data and assets across on-premise and cloud environments.
• Assist in analyzing business processes, systems, and data flows to identify security gaps and improvement opportunities.
• Apply industry best practices and frameworks such as the NIST Cybersecurity Framework (CSF) to support confidentiality, integrity, and availability of information assets.
• Policy Support & Compliance
• Assist in the development, implementation, and maintenance of information security policies, standards, and procedures.
• Support compliance efforts with industry standards and regulations (e.g., ISO 27001, NIST, GDPR).
• Help track evidence and controls using compliance and GRC tools such as OneTrust, Drata, or similar platforms.
• Monitor regulatory and security trends and escalate relevant changes to senior team members.
• System, Network, and Cloud Security
• Monitor and help maintain security controls for systems, networks, and public cloud platforms (AWS, Azure, GCP).
• Assist with configuration, monitoring, and tuning of cloud security services and tools.
• Use security tools and dashboards (e.g., SIEM, security scorecards) to identify potential threats and vulnerabilities.
• Support AWS security services and baseline configurations.
• Security Monitoring & Incident Response
• Monitor security alerts and events using SIEM and security monitoring tools.
• Participate in incident response activities, including investigation, containment, remediation, and post-incident analysis.
• Assist with blue team activities, tabletop exercises, and response drills to improve readiness.
• Document incidents and lessons learned.
• Identity & Access Management
• Support user access reviews, permission audits, and access control processes.
• Assist with identity management systems to ensure appropriate authentication and authorization controls.
• Help identify and remediate excessive or inappropriate access.
• Risk Assessment & Vulnerability Management
• Participate in risk assessments and vulnerability identification efforts.
• Assist with vulnerability scanning, tracking, and remediation coordination.
• Support risk documentation and reporting aligned with frameworks such as NIST CSF.
• Help track and report basic security metrics and KPIs.
• Security Awareness & Documentation
• Support the delivery of security awareness training and phishing simulations.
• Assist in developing security documentation, including procedures, controls, detection rules, and response playbooks.
• Maintain clear and accurate security documentation for audits and operational use.

What you bring to the role:

• Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience).
• 3–6 years of experience in information security or a related IT/security role.
• Hands-on experience with security monitoring, incident response, vulnerability management, or risk assessment.
• Familiarity with cloud environments (AWS, Azure, or GCP) and basic cloud security concepts.
• Working knowledge of security frameworks and standards such as NIST CSF, ISO 27001, and CIS.
• Understanding of network security fundamentals, including firewalls, IDS/IPS, endpoint protection, and logging.
• Experience with SIEM or security monitoring tools such as Splunk, QRadar, Rapid7, or Wazuh.
• Strong analytical, troubleshooting, and communication skills.

Preferred Qualifications

• Experience supporting compliance or audit activities.
• Familiarity with GRC or compliance automation tools (OneTrust, Drata, or similar).
• Relevant security certifications such as Security+, CEH, GSEC, or progress toward CISSP/CISM.

Location:

• This is an on-site, office-based role in Tustin, CA.

Salary:

• Starting at $90K Annually

Perks and Benefits:

• 100% covered Medical/Dental/Vision insurance for employee AND spouse + dependents!
• 401K with 4% employer match (eligible after 90 days of employment) and immediate 100% vesting
• Generous PTO policy + paid holidays
• Life Insurance
• Voluntary Life Insurance
• Disability Insurance
• Critical Illness Coverage
• Accident Insurance
• Healthcare FSA
• Dependent Care FSA
• Travel Assistance Program
• Employee Assistance Program (EAP)
• Fully stocked kitchen