Information Security Analyst

About The Position

Requirements

• Bachelor’s degree in Information Systems, Cybersecurity, or a related field.
• 2+ years of experience in IT or Information Security, with relevant internships or co‑op experience counting toward this requirement.
• Working knowledge of cybersecurity best practices (e.g., least privilege, secure configurations) and how they are applied across an enterprise environment.
• Hands-on experience with security technologies, some variety of SIEM, endpoint detection & response, identity/privileged access management, cloud platforms (Azure and/or AWS), and Microsoft Active Directory.
• Strong communication and documentation skills, with the ability to clearly document incidents, procedures, and findings, and to explain technical issues to non-technical stakeholders.
• Analytical problem-solving skills with the ability to manage multiple tasks and prioritize effectively in a fast-paced environment.
• Basic scripting or automation experience (e.g., PowerShell or Python), or a strong willingness to learn scripting to improve and automate security tooling.
• Curiosity and a learning mindset, with the ability to quickly pick up new technologies and stay current on evolving threats and security practices.

Nice To Haves

• Interest or exposure to broader security domains, such as AI, network segmentation, DevSecOps, Azure governance, red-teaming/pentesting, VMS, web security, or compliance audit support —expertise not required, but a willingness to learn and contribute is highly valued.
• Knowledge of Windows and/or Azure enterprise environments (Active Directory, Azure AD/Entra) from a security perspective.

Responsibilities

• Monitor and triage security alerts and incidents using tools such as SIEM and EDR; investigate events by reviewing logs, contain and remediate incidents, and document findings through ticket closure.
• Deploy and configure security tools (e.g., SIEM, endpoint protection, identity solutions) in collaboration with senior team members and vendors, contributing to the protection of Medpace’s digital assets.
• Maintain and improve SIEM detections, including updating and tuning alerts, assisting with platform upgrades, and learning to build and refine detections with query language.
• Support cross-functional security projects by assisting Information Security Engineers with a wide range of initiatives (e.g., governance, architecture, research, compliance support), gaining exposure to diverse security domains while contributing meaningful work.
• Conduct vulnerability scans (internal and external), analyze results, and coordinate remediation with system owners based on risk and priority.
• Audit user access and permissions by reviewing access reports, validating approvals with system owners, and documenting findings to support least‑privilege governance (without performing provisioning changes).
• Respond to security-related inquiries and requests, including following up on security tickets and user/vendor reports (e.g., phishing submissions or suspicious activity) and providing guidance to employees on cybersecurity matters.
• Perform periodic security audits to verify that policies and procedures are being followed, and assist with audit evidence collection and follow-ups.
• Participate in an on-call rotation on a limited basis (typically 2–3 weeks per year) to support urgent security incidents or escalations outside normal business hours.

Benefits

• Competitive PTO packages, starting at 20+ days
• Competitive compensation and benefits package
• Company-sponsored employee appreciation events
• Employee health and wellness initiatives
• Community involvement with local nonprofit organizations
• Discounts on local sports games, fitness gyms and attractions
• Modern, ecofriendly campus with an on-site fitness center
• Structured career paths with opportunities for professional growth
• Discounted tuition for UC online programs