Analyst, Cybersecurity Threats & Risks

About The Position

Requirements

• A college or technical school degree is preferred.
• Experience working in enterprise IT or security environments with diverse technologies and integrations.
• Foundational knowledge and experience in cyber risk and threat analysis concepts, threat detection and vulnerability assessments, as well as common security controls across infrastructure, applications, cloud, endpoint, and data environments.
• Working knowledge of security tools and platforms such as SIEM, vulnerability scanners, threat intelligence platforms, or GRC tools.
• Understanding of common threat frameworks and methodologies (e.g., NIST, MITRE ATT&CK).
• 2–5 years of applicable professional experience that substantially includes the following: Cyber threat analysis, vulnerability assessment, or security operations support.
• Reviewing and analyzing security alerts, logs, and threat intelligence.
• Documenting risk findings, investigations, and remediation recommendations.
• Strong analytical and problem-solving skills, with attention to detail and the ability to identify patterns and anomalies.
• Ability to clearly document findings and communicate technical information to senior analysts and cross-functional partners.
• Self-motivated and able to work with limited supervision while following established procedures.
• Strong organization and time management skills, with the ability to manage multiple tasks and priorities.
• Willingness and ability to learn new tools, technologies, and threat techniques as the threat landscape evolves.
• Ability to work and contribute effectively in a team environment to support overall security and risk management objectives.

Nice To Haves

• Experience supporting incident response, investigations, or post-incident analysis is preferred.
• Experience assisting with third-party or vendor risk assessments is preferred.
• Relevant cybersecurity certifications are preferred (e.g., Security+, CySA+, GSEC, GCIH, or similar).

Responsibilities

• Participate in cyber risk and threat analysis activities, including risk assessments, threat monitoring, threat modeling, vulnerability analysis, and evaluation of security control effectiveness.
• Analyze security alerts, threat intelligence, vulnerability data, and logs to identify potential threats, control gaps, and emerging risks.
• Document risk findings, threat activity, investigation results, and remediation recommendations in accordance with established risk management standards.
• Support threat investigations and incident response efforts through analysis, evidence collection, and impact assessment.
• Conduct and support vulnerability and threat assessments, including tracking risks and validating remediation efforts.
• Assist with third-party and vendor risk assessments by reviewing documentation and identifying potential risk exposures.
• Develop and document assessment procedures, test cases, and validation steps used to evaluate security controls.
• Support the validation and maintenance of security and risk tools (e.g., SIEM, vulnerability scanners, threat intelligence, GRC tools).
• Identify opportunities to improve threat visibility, risk detection, and analytical workflows.
• Perform root cause analysis for security incidents, control failures, or recurring threat patterns.
• Adhere to change management, incident handling, and security governance policies.
• Monitor environments during significant changes or maintenance activities for potential risk or threat impact.
• Prepare risk and threat summaries for review by senior analysts, managers, and cross-functional teams.
• Collaborate closely with cyber engineering, architecture, and operations teams to support remediation and control improvements.