Information Security Analyst Tier 1

New York University•New York, NY

2d•$70,000 - $84,700•Onsite

About The Position

The Information Security Analyst Tier 1 serves as the essential first line of defense in our Security Operations Center (SOC). This role goes beyond simple monitoring; you will be responsible for the end-to-end triage, investigation, and detailed documentation of security incidents. Your daily workflow involves analyzing security alerts from various data sources—specifically leveraging SIEM, EDR platforms, and email security gateways—to identify and mitigate threats ranging from phishing to sophisticated compromised account investigations. A critical component of this role is proactive defense and operational excellence. You will actively contribute to the SOC’s evolution by developing and refining detection logic based on observed activity, automating manual tasks to increase operational efficiency and maintaining comprehensive security playbooks and incident reports. You will also handle user access requests to security tools, ensuring secure and appropriate identity management. As well as ensuring all investigative steps are logged for compliance and hand-off purposes. This position offers a dynamic environment for those who want to transition from traditional monitoring into Detection Engineering and Security Orchestration (SOAR). This role operates during standard business hours with no on-call rotation.

Requirements

Bachelor's Degree or equivalent combination of education and experience
2+ years Experience involving information technology and/or information security
Demonstrated understanding of the incident response lifecycle and common attack vectors.
Ability to clearly communicate technical findings and security concepts to non-technical stakeholders.
Proficiency with Windows, macOS, and Linux operating systems.
Strong analytical mindset with a focus on 'why' an alert triggered, not just 'what' triggered.
Ability to maintain a high level of discretion and professionalism.

Nice To Haves

Bachelor’s Degree or higher in Cybersecurity, Computer Science, or a related technical discipline
3+ years Experience in an enterprise Security Operations Center or IT environment.
Experience investigating compromised accounts, including analyzing authentication logs, sessions, and MFA events.
Experience building or tuning detections within a SIEM (Splunk preferred) or EDR tool.
Basic to Intermediate experience with Automation: Using Python, PowerShell, or SOAR tools to streamline repetitive tasks.
Experience with Email Security Gateways and performing deep-dive phishing analysis (header analysis, attachment detonation, etc.).
Experience managing User Access Requests and Identity and Access Management (IAM) principles.
Experience writing hand-off notes, incident reports, and SOPs.
Experience working with Cloud technologies.
Knowledge of Detection Engineering principles (e.g., mapping to MITRE ATT&CK).
Familiarity with API-based integrations for security automation.
Understanding of network protocols (TCP/IP, DNS, HTTP) and cloud security fundamentals.
Understanding of HTTP/HTTPS protocols and response codes (e.g. 2xx,3xx,4xx,5xx).
Familiarity with security frameworks (NIST, CIS) and risk/compliance initiatives.

Responsibilities

End-to-end triage, investigation, and detailed documentation of security incidents.
Analyzing security alerts from SIEM, EDR platforms, and email security gateways.
Identifying and mitigating threats ranging from phishing to sophisticated compromised account investigations.
Developing and refining detection logic based on observed activity.
Automating manual tasks to increase operational efficiency.
Maintaining comprehensive security playbooks and incident reports.
Handling user access requests to security tools.
Ensuring all investigative steps are logged for compliance and hand-off purposes.