Home › Companies › Capricor Therapeutics › Security Analyst
Security Analyst
Capricor Therapeutics · San Diego, CA · On Site · Deleted · $120,000–$140,000 / year · Lever
Job facts
| Field | Value |
|---|---|
| Company | Capricor Therapeutics |
| Title | Security Analyst |
| Normalized title | - |
| Department / team | Capricor Therapeutics / IT |
| Location | San Diego, CA, United States |
| Work model | On Site |
| Employment type | Full Time (Exempt) |
| Salary | $120,000–$140,000 / year |
| Status | deleted |
| ATS provider | Lever |
| Posted / first seen | 2026-05-19 / 2026-05-29 |
| Changed / last seen | 2026-06-04 / 2026-06-02 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Capricor Therapeutics. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Lever. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in San Diego. | Open |
| Department jobs | Active postings in Capricor Therapeutics. | Open |
| Work model jobs | Active On Site postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Capricor Therapeutics |
| Source | 2c7239d6-fc4c-4e27-958a-efe2d4c24305 |
| ATS provider | Lever |
Description
Capricor Therapeutics (NASDAQ: CAPR) is a biotechnology company dedicated to advancing transformative cell and exosome-based therapies for rare diseases. At the forefront of our innovation is Deramiocel (CAP-1002), our lead cell therapy in late-stage development for Duchenne muscular dystrophy. We are also harnessing our proprietary StealthX™ exosome platform to unlock new possibilities in targeted delivery and vaccinology. Every program reflects our commitment to pushing the boundaries of science and delivering life-changing treatments to patients and families who need them most.
We are seeking a detail-oriented Security Analyst to protect our cybersecurity operations within our regulated biotech/pharmaceutical environment. This role combines hands-on security operations with compliance governance, focusing on protecting GMP systems, regulated data, and financially relevant systems in scope for SOX compliance.
This is a unique opportunity to work at the intersection of threat operations and regulatory compliance, ensuring adherence to GMP, SOX IT General Controls (ITGCs), and industry security frameworks while actively defending against evolving cyber threats.
Why Capricor?
Capricor Therapeutics, a trailblazer in cell and exosome therapy, is dedicated to redefining standards of care with innovative treatments rooted in scientific excellence. Guided by integrity and a passion for patient-centered impact, our team is shaping a brighter future for healthcare. Join us and contribute to a mission-driven group that’s transforming lives with every breakthrough.
Come Work With Us!
At Capricor, you’ll thrive in a collaborative environment that nurtures your professional growth and innovation. Join a dedicated team fueled by a passion for advancing medical science and transforming patient lives through our cutting-edge therapies.
Please note that Capricor does not use Skype for interviews or recruiting activities. Candidates will only be contacted by an official Capricor email address which is @capricor.com. Additionally, Capricor will never ask potential employees to send a check or money to the Company for any reason.
Notice to Recruiting Agencies
Capricor Therapeutics does not accept candidate submissions or referrals from recruiting agencies, staffing firms, or third-party recruiters without expressed consent from Talent Acquisition management and a prior written agreement. Agencies that contact hiring managers directly, solicit business, or submit candidates without this approval will not be considered for any engagement. All such submissions become the property of Capricor Therapeutics, and no fees will be paid for any candidates hired as a result. We appreciate your cooperation and respect for this policy.
Responsibilities
Monitor and Respond to Security Threats
Monitor, triage, and respond to security alerts across endpoint, email, and SIEM platforms
Investigate security incidents impacting:
GMP systems and regulated environments
SOX in-scope systems (financial applications, identity systems, etc.
Execute incident response procedures aligned with validated and auditable processes
Maintain detailed, audit-ready documentation of all incidents and remediation actions
Manage Security Technology Stack
Administer and implement CrowdStrike Falcon for endpoint detection and response (EDR)
Manage Abnormal Security for phishing, business email compromise (BEC), and account takeover threats
Perform vulnerability assessments using Rapid7 InsightVM
Oversee KnowBe4 security awareness training and phishing simulations
Coordinate with SIEM platforms for log analysis and threat correlation
SOX IT General Controls (ITGCs)
Support SOX ITGC control execution and evidence collection, including:
User Access Reviews (UARs)
Logical access controls (joiner/mover/leaver processes)
Change management controls
Logging and monitoring controls
Prepare and maintain audit-ready documentation for SOX compliance testing
Coordinate with Finance and IT teams on control execution and remediation
Policy Development & Regulatory Compliance
Draft, review, and maintain information security policies, standards, and SOPs aligned with:
GxP requirements (GMP, GCP, GLP)
SOX IT General Controls
21 CFR Part 11 (where applicable)
NIST CSF, NIST 800-53, or CIS Controls
Ensure all policies are version-controlled, formally approved, and audit-ready
Partner with IT, Finance, QA, and Compliance to align controls across regulated and financial systems
Audit Support
Support internal and external audits including SOX, FDA, SOC 2, and regulatory inspections
Prepare control evidence and documentation packages
Track audit findings and coordinate remediation activities
Maintain relationships with internal audit and external assessors
Vulnerability Management
Conduct regular vulnerability scans across the environment
Prioritize remediation based on:
Regulatory impact (GMP systems)
Financial/reporting risk (SOX systems)
Threat landscape and exploitability
Coordinate remediation through appropriate change control processes
Track and document remediation evidence for compliance reporting
Security Awareness & Training
Administer security awareness training programs for all staff
Deliver targeted training for users with access to:
Regulated systems
Financial/SOX in-scope systems
Conduct phishing simulation campaigns and analyze results
Track training metrics and maintain compliance records
Continuous Improvement
Develop and maintain security playbooks, SOPs, and runbooks
Contribute to security metrics, KPIs, and executive reporting
Identify gaps in controls, detection capabilities, and governance processes
Recommend and implement security improvements aligned with business objectives
Requirements
Required Experience
Minimum 3 years of hands-on cybersecurity experience
At least 2 years in a regulated environment (biotech, pharma, healthcare, or financial services)
At least 1 year supporting SOX ITGC controls or similar compliance frameworks
Demonstrated experience with security policy and SOP development
Technical Skills
Strong experience with Endpoint Detection & Response (EDR) platforms
CrowdStrike Falcon highly preferred, or equivalent (Carbon Black, SentinelOne, Microsoft Defender for Endpoint)
Hands-on experience with vulnerability management tools
Rapid7 InsightVM preferred, or equivalent (Qualys, Tenable, Nexpose)
Experience with email security platforms
Abnormal Security, Proofpoint, Mimecast, or similar
Familiarity with security awareness platforms
KnowBe4 or equivalent
Working knowledge of SIEM tools and log analysis (Splunk, Microsoft Sentinel, or similar)
Compliance & Governance
Proven experience with SOX ITGC controls including:
User access reviews and recertifications
Logical access provisioning and deprovisioning
Change management oversight
Audit evidence collection
Understanding of GMP (Good Manufacturing Practice) requirements and regulated system controls
Experience supporting security and compliance audits
Strong documentation and evidence management skills with an audit-ready mindset
Core Competencies
Exceptional attention to detail and commitment to process adherence
Analytical and investigative thinking for threat analysis
Strong written and verbal communication skills
Ability to translate technical security concepts for non-technical stakeholders
Proven collaboration skills across IT, Finance, QA, and Compliance teams
Self-motivated with ability to manage multiple priorities in a dynamic environment
Education & Certifications
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Security+ certification or equivalent
Advanced certifications such as:
CISSP or CISSP Associate
CISA (Certified Information Systems Auditor)
CySA+ (Cybersecurity Analyst)
GIAC Security Essentials (GSEC) or similar
Preferred Experience
Deep familiarity with 21 CFR Part 11 (electronic records and signatures)
Experience with additional security frameworks:
NIST Cybersecurity Framework (CSF)
NIST 800-53 controls
CIS Critical Security Controls
Prior experience supporting FDA inspections or pharmaceutical regulatory audits
Experience with SOC 2 attestation and controls
Basic scripting or automation experience (PowerShell, Python, Bash)
Experience with identity and access management (IAM) platforms
Familiarity with cloud security (Azure, AWS, or GCP)
Full job record
| Job ID | ad7cc8b37750064ee50e550fb5a2d58515d3c0ea |
| Org ID | 06827b08-e077-436c-8800-21c4b43bf549 |
| Source ID | 2c7239d6-fc4c-4e27-958a-efe2d4c24305 |
| Board ID | 2c7239d6-fc4c-4e27-958a-efe2d4c24305 |
| Provider | lever |
| Provider Job Key | 47a257c7-2b7d-4997-9857-5412f5b0eae7 |
| Title | Security Analyst |
| Normalized Title | — |
| Status | deleted |
| Active | no |
| Location Text | San Diego, CA |
| Department | Capricor Therapeutics |
| Team | IT |
| Employment Type | Full-time (exempt) |
| Workplace Type | on_site |
| Remote Policy | — |
| Country | United States |
| Region | CA |
| City | San Diego |
| Salary Raw | USD 120000-140000 per-year-salary |
| Salary Min | 120,000 |
| Salary Max | 140,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://jobs.lever.co/capricor/47a257c7-2b7d-4997-9857-5412f5b0eae7 |
| Apply URL | https://jobs.lever.co/capricor/47a257c7-2b7d-4997-9857-5412f5b0eae7/apply |
| First Seen At | 2026-05-29 07:08:24Z |
| Last Seen At | 2026-06-02 10:37:53Z |
| Last Checked At | 2026-06-04 11:26:46Z |
| Last Changed At | 2026-06-04 11:26:46Z |
| Inactive At | 2026-06-04 11:26:46Z |
| Source Posted At | 2026-05-19 17:48:29Z |
| Source Updated At | — |
| Raw Payload Uri | s3://bluework-jobs-prod-raw-590183727216/raw/provider=lever/board=capricor/date=2026-06-02/2026-06-02T10-37-53-586Z-b9ad641f78ceedf4286fd59195720aa4cb7f8fca0a1092d8d7bb540c498c1a45.json |
Event Fields
{
"content_hash": "8de90e3ffd580d497d49dfe18b31544605577c491850b02510b134f524cf162f",
"source_hash": "d330af44b31b232be25b331bc3e4eac4e6a92350fbce69e9f00b5f5b66755373",
"last_changed_at": "2026-06-04T11:26:46.754Z",
"active_status": "deleted"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "San Diego, CA",
"city": "San Diego",
"region": "CA",
"country": "United States",
"is_remote": false,
"confidence": 0.9
},
"salary_max": 140000,
"salary_min": 120000,
"inferred_at": "2026-06-02T10:37:53.858Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "San Diego, CA",
"city": "San Diego",
"region": "CA",
"country": "United States",
"is_remote": false,
"confidence": 0.9
},
"countries": [
"United States"
]
},
"remote_policy": null,
"salary_period": "year",
"workplace_type": "on_site",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"lists": [
{
"text": "Responsibilities",
"content": "<div>\n<div><span style=\"text-decoration: underline;\"><strong>Monitor and Respond to Security Threats</strong></span></div>\n\n<li>Monitor, triage, and respond to security alerts across endpoint, email, and SIEM platforms</li>\n<li>Investigate security incidents impacting:\n\n</li><li>GMP systems and regulated environments</li>\n<li>SOX in-scope systems (financial applications, identity systems, etc.</li>\n\n\n<li>Execute incident response procedures aligned with validated and auditable processes</li>\n<li>Maintain detailed, audit-ready documentation of all incidents and remediation actions</li>\n\n<div><span style=\"text-decoration: underline;\"><strong>Manage Security Technology Stack</strong></span></div>\n\n<li>Administer and implement CrowdStrike Falcon for endpoint detection and response (EDR)</li>\n<li>Manage Abnormal Security for phishing, business email compromise (BEC), and account takeover threats</li>\n<li>Perform vulnerability assessments using <strong>Rapid7</strong> <strong>InsightVM</strong></li>\n<li>Oversee <strong>KnowBe4</strong> security awareness training and phishing simulations</li>\n<li>Coordinate with SIEM platforms for log analysis and threat correlation</li>\n\n<div><span style=\"text-decoration: underline;\"><strong>SOX IT General Controls (ITGCs)</strong></span></div>\n\n<li>Support SOX ITGC control execution and evidence collection, including:\n\n</li><li>User Access Reviews (UARs)</li>\n<li>Logical access controls (joiner/mover/leaver processes)</li>\n<li>Change management controls</li>\n<li>Logging and monitoring controls</li>\n\n\n<li>Prepare and maintain audit-ready documentation for SOX compliance testing</li>\n<li>Coordinate with Finance and IT teams on control execution and remediation</li>\n\n<div><span style=\"text-decoration: underline;\"><strong>Policy Development & Regulatory Compliance</strong></span></div>\n\n<li>Draft, review, and maintain information security policies, standards, and SOPs aligned with:\n\n</li><li>GxP requirements (GMP, GCP, GLP)</li>\n<li>SOX IT General Controls</li>\n<li>21 CFR Part 11 (where applicable)</li>\n\n\n<li>NIST CSF, NIST 800-53, or CIS Controls</li>\n<li>Ensure all policies are version-controlled, formally approved, and audit-ready</li>\n<li>Partner with IT, Finance, QA, and Compliance to align controls across regulated and financial systems</li>\n\n<div><span style=\"text-decoration: underline;\"><strong>Audit Support</strong></span></div>\n\n<li>Support internal and external audits including SOX, FDA, SOC 2, and regulatory inspections</li>\n<li>Prepare control evidence and documentation packages</li>\n<li>Track audit findings and coordinate remediation activities</li>\n<li>Maintain relationships with internal audit and external assessors</li>\n\n<div><span style=\"text-decoration: underline;\"><strong>Vulnerability Management</strong></span></div>\n\n<li>Conduct regular vulnerability scans across the environment</li>\n<li>Prioritize remediation based on:\n\n</li><li>Regulatory impact (GMP systems)</li>\n<li>Financial/reporting risk (SOX systems)</li>\n<li>Threat landscape and exploitability</li>\n\n\n<li>Coordinate remediation through appropriate change control processes</li>\n<li>Track and document remediation evidence for compliance reporting</li>\n\n<div><span style=\"text-decoration: underline;\"><strong>Security Awareness & Training</strong></span></div>\n\n<li>Administer security awareness training programs for all staff</li>\n<li>Deliver targeted training for users with access to:\n\n</li><li>Regulated systems</li>\n<li>Financial/SOX in-scope systems</li>\n\n\n<li>Conduct phishing simulation campaigns and analyze results</li>\n<li>Track training metrics and maintain compliance records</li>\n\n<div><strong><span style=\"text-decoration: underline;\">Continuous Improvement</span></strong></div>\n\n<li>Develop and maintain security playbooks, SOPs, and runbooks</li>\n<li>Contribute to security metrics, KPIs, and executive reporting</li>\n<li>Identify gaps in controls, detection capabilities, and governance processes</li>\n<li>Recommend and implement security improvements aligned with business objectives</li>\n\n</div>"
},
{
"text": "Requirements",
"content": "<div><span style=\"text-decoration: underline;\"><strong>Required Experience</strong></span></div>\n\n<li>Minimum 3 years of hands-on cybersecurity experience</li>\n<li>At least 2 years in a regulated environment (biotech, pharma, healthcare, or financial services)</li>\n<li>At least 1 year supporting SOX ITGC controls or similar compliance frameworks</li>\n<li>Demonstrated experience with security policy and SOP development</li>\n\n<div>\n<div><span style=\"text-decoration: underline;\"><strong>Technical Skills</strong></span></div>\n\n<li>Strong experience with <strong>Endpoint Detection & Response (EDR) </strong>platforms\n\n</li><li>CrowdStrike Falcon highly preferred, or equivalent (Carbon Black, SentinelOne, Microsoft Defender for Endpoint)</li>\n\n\n<li>Hands-on experience with vulnerability management tools\n\n</li><li>Rapid7 InsightVM preferred, or equivalent (Qualys, Tenable, Nexpose)</li>\n\n\n<li>Experience with email security platforms\n\n</li><li>Abnormal Security, Proofpoint, Mimecast, or similar</li>\n\n\n<li>Familiarity with <strong>security awareness platforms</strong>\n\n</li><li>KnowBe4 or equivalent</li>\n\n\n<li>Working knowledge of SIEM tools and log analysis (Splunk, Microsoft Sentinel, or similar)</li>\n\n<p><span style=\"text-decoration: underline;\"><strong>Compliance & Governance</strong></span></p>\n\n<li>Proven experience with <strong>SOX ITGC controls</strong> including:\n\n</li><li>User access reviews and recertifications</li>\n<li>Logical access provisioning and deprovisioning</li>\n<li>Change management oversight</li>\n<li>Audit evidence collection</li>\n\n\n<li>Understanding of <strong>GMP (Good Manufacturing Practice)</strong> requirements and regulated system controls</li>\n<li>Experience supporting security and compliance audits</li>\n<li>Strong documentation and evidence management skills with an audit-ready mindset</li>\n\n<p><span style=\"text-decoration: underline;\"><strong>Core Competencies</strong></span></p>\n\n<li>Exceptional attention to detail and commitment to process adherence</li>\n<li>Analytical and investigative thinking for threat analysis</li>\n<li>Strong written and verbal communication skills</li>\n<li>Ability to translate technical security concepts for non-technical stakeholders</li>\n<li>Proven collaboration skills across IT, Finance, QA, and Compliance teams</li>\n<li>Self-motivated with ability to manage multiple priorities in a dynamic environment</li>\n\n</div>"
},
{
"text": "Education & Certifications",
"content": "\n<li>Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field</li>\n<li><strong>Security+ certification or equivalent</strong></li>\n<li>Advanced certifications such as:\n\n</li><li>CISSP or CISSP Associate</li>\n<li>CISA (Certified Information Systems Auditor)</li>\n<li>CySA+ (Cybersecurity Analyst)</li>\n<li>GIAC Security Essentials (GSEC) or similar</li>\n\n\n"
},
{
"text": "Preferred Experience",
"content": "\n<li>Deep familiarity with <strong>21 CFR Part 11 </strong>(electronic records and signatures)</li>\n<li>Experience with additional security frameworks:\n\n</li><li>NIST Cybersecurity Framework (CSF)</li>\n<li>NIST 800-53 controls</li>\n<li>CIS Critical Security Controls</li>\n\n\n<li>Prior experience supporting <strong>FDA inspections</strong> or pharmaceutical regulatory audits</li>\n<li>Experience with <strong>SOC 2 </strong>attestation and controls</li>\n<li>Basic scripting or automation experience (PowerShell, Python, Bash)</li>\n<li>Experience with identity and access management (IAM) platforms</li>\n<li>Familiarity with cloud security (Azure, AWS, or GCP)</li>\n"
}
],
"country": "US",
"createdAt": 1779212909861,
"updatedAt": null,
"categories": {
"team": "IT",
"location": "San Diego, CA",
"commitment": "Full-time (exempt)",
"department": "Capricor Therapeutics",
"allLocations": [
"San Diego, CA"
]
},
"salaryRange": {
"max": 140000,
"min": 120000,
"currency": "USD",
"interval": "per-year-salary"
},
"workplaceType": "onsite"
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/ad7cc8b37750064ee50e550fb5a2d58515d3c0ea?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/06827b08-e077-436c-8800-21c4b43bf549JSONGET https://api.bluedoor.sh/job-postings/v1/sources/2c7239d6-fc4c-4e27-958a-efe2d4c24305JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/ad7cc8b37750064ee50e550fb5a2d58515d3c0ea/eventsJSON