Sr. Information Security Analyst

The Senior Information Security Analyst protects Company organizational systems and data by supporting and enhancing security operations risk management and security controls. This role performs advanced analysis and responds (or leads response) to security events drives risk reduction supports compliance efforts and contributes to the ongoing maturity of the organizations information security program.

The position operates with a high degree of independence and collaborates across technical and business teams to identify prioritize and address security risks.

Security Operations & Monitoring

• Monitors analyzes and responds to/leads security events and alerts across security platforms (e.g. SIEM EDR email security network tools)
• Investigates suspicious activity determines root cause and coordinates remediation efforts per Company policy
• Tunes and optimizes detection capabilities to improve alert quality and reduce false positives
• Develops and implements automation to improve efficiency and consistency of security operations (e.g. scripting workflow automation)
• Coordinates with security vendors to troubleshoot issues and improve tool effectiveness

Incident Response

• Participates in/leads incident response activities including containment eradication and recovery
• Documents incidents actions taken and lessons learned
• Assists in maintaining and improving internal incident response procedures and playbooks
• Coordinates with external vendors or partners as needed during incident investigations

Vulnerability Patch & Risk Management

• Conducts vulnerability scanning and risk assessments across systems and environments
• Prioritizes remediation efforts based on risk and business impact
• Coordinates patch management activities with IT teams to ensure timely remediation of vulnerabilities
• Tracks and reports on remediation progress including vulnerability and patch status across systems
• Works with internal teams and external vendors to support remediation efforts

Security Controls & Engineering Support

• Evaluates and recommends improvements to existing security controls and processes
• Assists in implementation configuration and optimization of security technologies
• Supports secure design and configuration of systems in partnership with IT teams
• Identifies opportunities to automate repetitive security tasks and improve operational efficiency
• Participates in evaluation and selection of security tools and vendors

Governance Risk & Compliance

• Supports internal and external audits (e.g. SOC 2 ISO) by gathering evidence and validating controls
• Develops maintains and updates security documentation including policies standards procedures and operational playbooks
• Helps ensure alignment with applicable regulatory and industry frameworks

Vendor & Third-Party Coordination

• Manages day-to-day relationships with security vendors and service providers
• Serves as a point of contact for vendor support escalations and technical discussions
• Monitors vendor performance to ensure services meet organizational expectations
• Assists in evaluating new vendors and solutions based on risk effectiveness and business needs

Collaboration & Communication

• Partners with IT infrastructure and business teams to identify and mitigate security risks
• Provides guidance on security best practices and control implementation
• Develops and delivers security awareness training programs to promote secure practices across the organization

Additional Responsibilities

• Participates in security initiatives and special projects as assigned
• Stays current on emerging threats vulnerabilities and security technologies
• Adheres to all organizational policies procedures and compliance requirements
• Demonstrates behavior consistent with Company Values and the Code of Conduct.
• Learns and adheres to Company rules and established policies for workplace health and safety.
• Adheres to all other Company policies and procedures.
• Completes all required compliance training on time and in good faith.

• Bachelors degree in Cybersecurity Information Technology or related field (or equivalent experience)
• 48 years of experience in information security or related IT roles
• Understanding of IT infrastructure including protocols operating systems and networks
• Experience with security tools such as SIEM EDR/XDR and vulnerability management platforms
• Understanding of incident response processes and security operations workflows
• Strong understanding of network endpoint and identity security principles
• Familiarity with patch management processes and security remediation workflows
• Experience with automation or scripting (e.g. PowerShell Python) preferred
• Familiarity with cloud security concepts particularly within Microsoft 365 and/or Azure environments
• Experience supporting audits and compliance programs
• Strong understanding of security frameworks such as NIST CSF CIS Controls or ISO 27001
• Strong teaching interpersonal and communication skills

Preferred Qualifications

• Relevant certifications (e.g. Security CySA CISSP CISM or equivalent)
• Familiarity with Microsoft Azure and Microsoft 365 security technology preferred
• Familiarity with securing Linux systems