Sr. Information Security Analyst

Description

The Senior Information Security Analyst protects Company organizational systems and data by supporting and enhancing security operations, risk management, and security controls. This role performs advanced analysis and responds (or leads response) to security events, drives risk reduction, supports compliance efforts, and contributes to the ongoing maturity of the organization’s information security program.

The position operates with a high degree of independence and collaborates across technical and business teams to identify, prioritize, and address security risks.

Security Operations & Monitoring

• Monitors, analyzes, and responds to/leads security events and alerts across security platforms (e.g., SIEM, EDR, email security, network tools) 
• Investigates suspicious activity, determines root cause, and coordinates remediation efforts per Company policy
• Tunes and optimizes detection capabilities to improve alert quality and reduce false positives 
• Develops and implements automation to improve efficiency and consistency of security operations (e.g., scripting, workflow automation) 
• Coordinates with security vendors to troubleshoot issues and improve tool effectiveness 

Incident Response

• Participates in/leads incident response activities, including containment, eradication, and recovery 
• Documents incidents, actions taken, and lessons learned 
• Assists in maintaining and improving internal incident response procedures and playbooks 
• Coordinates with external vendors or partners as needed during incident investigations 

Vulnerability, Patch & Risk Management

• Conducts vulnerability scanning and risk assessments across systems and environments 
• Prioritizes remediation efforts based on risk and business impact 
• Coordinates patch management activities with IT teams to ensure timely remediation of vulnerabilities 
• Tracks and reports on remediation progress, including vulnerability and patch status across systems 
• Works with internal teams and external vendors to support remediation efforts 

Security Controls & Engineering Support

• Evaluates and recommends improvements to existing security controls and processes 
• Assists in implementation, configuration, and optimization of security technologies 
• Supports secure design and configuration of systems in partnership with IT teams 
• Identifies opportunities to automate repetitive security tasks and improve operational efficiency 
• Participates in evaluation and selection of security tools and vendors 

Governance, Risk & Compliance

• Supports internal and external audits (e.g., SOC 2, ISO) by gathering evidence and validating controls 
• Develops, maintains, and updates security documentation, including policies, standards, procedures, and operational playbooks 
• Helps ensure alignment with applicable regulatory and industry frameworks 

Vendor & Third-Party Coordination

• Manages day-to-day relationships with security vendors and service providers 
• Serves as a point of contact for vendor support, escalations, and technical discussions 
• Monitors vendor performance to ensure services meet organizational expectations 
• Assists in evaluating new vendors and solutions based on risk, effectiveness, and business needs 

Collaboration & Communication

• Partners with IT, infrastructure, and business teams to identify and mitigate security risks 
• Provides guidance on security best practices and control implementation 
• Develops and delivers security awareness training programs to promote secure practices across the organization

Additional Responsibilities

• Participates in security initiatives and special projects as assigned 
• Stays current on emerging threats, vulnerabilities, and security technologies 
• Adheres to all organizational policies, procedures, and compliance requirements
• Demonstrates behavior consistent with Company Values and the Code of Conduct.
• Learns and adheres to Company rules and established policies for workplace health and safety.
• Adheres to all other Company policies and procedures.
• Completes all required compliance training on time and in good faith. 

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
• 4–8 years of experience in information security or related IT roles
• Understanding of IT infrastructure, including protocols, operating systems, and networks
• Experience with security tools such as SIEM, EDR/XDR, and vulnerability management platforms
• Understanding of incident response processes and security operations workflows
• Strong understanding of network, endpoint, and identity security principles
• Familiarity with patch management processes and security remediation workflows
• Experience with automation or scripting (e.g., PowerShell, Python) preferred
• Familiarity with cloud security concepts, particularly within Microsoft 365 and/or Azure environments
• Experience supporting audits and compliance programs
• Strong understanding of security frameworks such as NIST CSF, CIS Controls, or ISO 27001
• Strong teaching, interpersonal, and communication skills

Preferred Qualifications

• Relevant certifications (e.g., Security+, CySA+, CISSP, CISM, or equivalent)
• Familiarity with Microsoft Azure and Microsoft 365 security technology preferred
• Familiarity with securing Linux systems