Information Security Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field is required.
• A minimum of 5-7 years of experience in a hands-on cybersecurity role.
• At least 3 years of experience as a SOC Analyst, Incident Responder, or in a similar mid to senior-level threat analysis role is essential.
• Proficiency with Security Information and Event Management (SIEM) platforms.
• Deep understanding of incident response methodologies.
• Experience in performing vulnerability assessments using a variety of tools and techniques and prioritizing remediation efforts based on risk and availability of resources.
• Hands-on experience with Endpoint Detection and Response (EDR) solutions.
• Experience with endpoint and network device security configuration standards such as DISA STIG, and CIS Benchmarks.
• Familiarity with NIST Risk Management Framework (RMF) and similar compliance framework requirements.
• Certified Information Security Systems Professional (CISSP), Global Information Assurance Certification (GIAC) Security Essentials (GSEC), or equivalent information security certification.
• Knowledge of multiple computing platforms, including Windows 11/Server, MacOS, Linux, network management (Cisco/Palo Alto/Meraki/etc…), and other endpoints.

Responsibilities

• Manage, configure, and optimize security tools such as SIEM, EDR, and IDS/IPS to improve alert accuracy and enhance the detection of unusual or suspicious activities.
• Regularly assess system and application vulnerabilities to aid system owners in prioritization of remediation efforts.
• Timely detection and remediation of security threats are ensured through the analysis and optimization of event log generation and collection strategies, with recommended modifications aimed at improving the overall effectiveness and efficiency of the incident response program.
• Perform advanced threat detection and incident response, including in-depth analysis of security incidents to determine scope, impact, and root cause. Proactive threat hunting and leveraging threat intelligence to improve detection and anticipate new attack techniques.
• Assess security controls for compliance against chosen baseline security controls. Research and recommend security solutions and enhancements for non-compliant or minimally effective controls.
• Analyze trends and changes in the threat environment with respect to organizational risk; developing and executing plans to address identified risks.
• Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security.
• Participate in technical and non-technical projects requiring information security oversight to ensure compliance with corporate security policies and customer standards.

Benefits

• company profit-sharing bonus program
• communication stipends
• referral bonuses
• Comprehensive medical, dental, and company paid vision insurance
• 401(k) retirement plan with employer match
• voluntary life and AD&D insurance options
• voluntary supplemental insurances for accident, critical illness, and legal services
• paid time off (PTO)
• paid holidays
• employee assistance and wellness programs
• company paid short term disability coverage
• company contributions to health saving funds (with participation in the high deductible health plan)
• company paid access to Galileo for virtual primary care
• Rula for virtual mental health resources