Job Title: Senior Security Risk Management Analyst (Third-Party/ Vendor Risk Assessment)

Location: Cork, Ireland

Position Type: Full-time

Rubrik is seeking an experienced professional to join our Third-Party/ Vendor Risk Assessment team. This team focuses on analyzing and managing risks associated with our vendors, service providers, and other third parties, ensuring our organization upholds the highest standards of compliance, security, and business resilience. While your primary responsibility will be Third-Party Risk Management, you will also collaborate on other cybersecurity risk management initiatives. Building strong cross-functional relationships across the company is a key component of this role. To excel, you must showcase exceptional leadership, communication, and decision-making skills, and have a proven track record in managing third-party risk, vendor governance, or related domains.

Responsibilities:

• Lead and conduct comprehensive risk assessments of new and existing third-party vendors and service providers, focusing on cybersecurity, and regulatory compliance.
• Evaluate third-party security questionnaires, audit reports (e.g., SOC 2, ISO 27001), and risk documentation.
• Coordinate with vendors to request and verify security controls, remediation plans, and ongoing compliance.
• Oversee facilitation of risk remediation efforts agreed upon with suppliers, ensuring timely resolution.
• Collaborate during supplier contract development, reviewing deviations from security requirements and offering subject matter expertise on risk remediation.
• Classify vendors according to risk tiers and maintain a comprehensive database of vendor risk profiles.
• Participate in continuous security monitoring of existing suppliers to track changing risk profiles.
• Partner with Procurement, Legal, Privacy, and InfoSec teams to improve supplier security management processes.
• Identify opportunities to automate parts of the assessment process, thereby reducing manual work and enhancing efficiency.
• Keep abreast of emerging risks, industry standards, and regulatory requirements affecting third-party vendors.
• Manage and mentor contractors and junior team members, fostering professional growth and maintaining a collaborative team environment.

Preferred Qualifications:

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Risk Management, or a related field.
• 6-8 years of professional experience in third-party risk assessment within cybersecurity or information risk management.
• Understanding of relevant information security frameworks, including related regulatory compliance requirements, such as ISO 27001/2 (including ISO 27017 & 18), FedRAMP, SOC 2 Trust Services Criteria, PCI DSS, NIST CSF.
• Solid understanding of risk assessment methodologies and best practices.
• Ability to synthesize and communicate complex risk findings to both technical and non-technical audiences.
• Detail-oriented, process-driven, and capable of managing multiple vendor assessments concurrently.
• Experience with tools such as Coupa, OneTrust, JIRA and Coverbase is a plus.
• Professional certifications in Information Security or Risk Management (e.g. CISA, CISM, CISSP, CRISC) is a plus.

Company Description 

Rubrik is one of the fastest growing companies in Silicon Valley, revolutionizing data protection and management in the emerging multi-cloud world. We are the leader in cloud data management, delivering a single platform to manage and protect data in the cloud, at the edge, and on-premises. Enterprises choose Rubrik to simplify backup and recovery, accelerate cloud adoption, enable automation at scale, and secure against cyberthreats. Rubrik has raised over $553 million in venture funding, most recently at a valuation of $3.3 billion. We’ve been recognized as a Forbes Cloud 100 Company five years in a row and as a LinkedIn Top 10 startup. 

About the team 

The Information Security organization advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our assets, provides awareness education to teams on security best practices for data protection, and ensures data governance and data sharing relationships with third parties in order to securely protect Rubrik information. 

About the Role

We’re looking for a Junior Security Operations Engineer who is AI-Forward to help scale and modernize our SecOps program. This is a hands-on, builder role for someone who will design and ship the security tooling that powers our triage, investigations, and response workflows.

You’ll report to the Technical Operations Director and work alongside our GRC lead to improve our vulnerability intake, threat response, darkweb posture, and internal security tooling. A core part of this role is building AI-assisted security tooling: triage agents that pre-classify bug bounty reports, investigation copilots that pull context from logs and SIEM data, response workflows that draft remediation steps and track them to closure. You’ll spend as much time wiring up that tooling as you will reproducing vulnerabilities and working incidents.

This role suits someone who thrives in a lean, high-impact environment, has strong opinions on where humans add value versus where tooling should take over, and wants to shape how a modern security team operates.

What You’ll Do

Triage & Vulnerability Management

• Review incoming vulnerability reports from our bug bounty intake; reproduce and document valid issues for engineering teams.
• Build the tooling that improves signal-to-noise: automate duplicate detection, spam filtering, and abuse flagging so humans only touch what’s worth touching.
• Act on DAST findings: coordinate remediation, verify fixes, and re-test.
• Track remediation timelines for critical vulnerabilities and keep stakeholders honest on SLAs.

Threat Response & Monitoring

• Monitor and respond to EDR and cloud security alerts; investigate, contain, and document.
• Analyze darkweb findings and credential exposures; shape our darkweb monitoring practices and tooling over time.
• Improve detection coverage: tune noisy rules, close gaps, and enrich alerts with context so responders spend time on decisions, not data gathering.
• Help configure and tune DLP, SIEM, and AI security tooling.

Security Tooling (core to this role)

• Build AI-assisted triage tooling that pre-classifies bug bounty reports, flags duplicates, and routes real issues to the right engineering team with reproduction context attached.
• Build investigation tooling: LLM-backed copilots and Slack bots that pull alert context, correlate signals across sources, and surface what actually matters.
• Build response tooling: workflows that draft remediation steps, generate evidence artifacts, and track issues to closure across the teams that own them.
• Evaluate emerging AI security tooling and bring what’s genuinely useful into the stack; retire what isn’t.
• Apply a security-minded lens to our own AI usage: prompt injection, data exfiltration, model misuse, and the guardrails that go around them.

Compliance & Cross-Functional

• Support audit evidence collection for SOC 2, ISO 27001, and PCI DSS.
• Partner with ITOps to verify patches, endpoint coverage, and access hygiene.

You May Be a Good Fit If You Have

• Previous experience in a SecOps, Security Analyst, or Threat Response role.
• Proven ability to understand and reproduce technical vulnerabilities. You can read a bug report and tell whether it’s real.
• Experience with bug bounty triage (HackerOne, Bugcrowd, or similar).
• Hands-on exposure to SIEM, EDR, and DLP tools in production environments.
• A genuine, demonstrated interest in applying AI/LLMs to security work: side projects, internal tooling, prompt engineering, agent frameworks, anything that shows you’ve actually built with this stuff.
• Scripting and automation skills in Python, Bash, or similar. You reach for code before you reach for a checklist.
• Comfort working autonomously across time zones and asynchronously.
• Strong written communication. You can turn a messy investigation into a clear, defensible writeup.

Bonus Points For

• Experience building LLM agents, RAG pipelines, or Slack bots backed by OpenAI / Anthropic / open-source models.
• Detection engineering experience (Sigma rules, custom Falcon queries, Grafana/Loki dashboards).
• Cloud security depth in AWS or GCP (IAM, workload posture, cloud-native logging).
• Prior work in regulated environments (SOC 2, ISO 27001, PCI DSS) from the practitioner side.
• Exposure to AI/ML security concerns such as prompt injection, model evals, and data leakage through LLMs.
• Public contributions: blog posts, CVEs, open-source tools, CTF writeups.

Engagement & Logistics

• Full-time contract.
• Remote-first and async-friendly. We have hubs in San Francisco, Denver, Dublin, and Amsterdam. If you’re near one, we’d love to see you in the office regularly; if you’re elsewhere in the world, that works too.
• Potential to extend or convert based on fit.
• Reports to the Technical Operations Director; works closely with the GRC lead and IT Operations.

How We Work

We’re a lean, high-trust team. We value people who ship, who can operate independently, and who treat security as an engineering problem rather than a checklist. If you’re someone who sees a repetitive task and immediately thinks “this should be a script, or better yet, an agent,” you’ll fit in here.

To Apply

Tell us about a time you used AI, automation, or custom tooling to meaningfully change how a security workflow ran. What was manual before, what it looked like after, and what you learned. Links to code, writeups, or demos are welcome.