Information Security Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience).
• 3–6 years of experience in information security or a related IT/security role.
• Hands-on experience with security monitoring, incident response, vulnerability management, or risk assessment.
• Familiarity with cloud environments (AWS, Azure, or GCP) and basic cloud security concepts.
• Working knowledge of security frameworks and standards such as NIST CSF, ISO 27001, and CIS.
• Understanding of network security fundamentals, including firewalls, IDS/IPS, endpoint protection, and logging.
• Experience with SIEM or security monitoring tools such as Splunk, QRadar, Rapid7, or Wazuh.
• Strong analytical, troubleshooting, and communication skills.

Nice To Haves

• Experience supporting compliance or audit activities.
• Familiarity with GRC or compliance automation tools (OneTrust, Drata, or similar).
• Relevant security certifications such as Security+, CEH, GSEC, or progress toward CISSP/CISM.

Responsibilities

• Support the implementation and maintenance of information security controls to protect company data and assets across on-premise and cloud environments.
• Assist in analyzing business processes, systems, and data flows to identify security gaps and improvement opportunities.
• Apply industry best practices and frameworks such as the NIST Cybersecurity Framework (CSF) to support confidentiality, integrity, and availability of information assets.
• Assist in the development, implementation, and maintenance of information security policies, standards, and procedures.
• Support compliance efforts with industry standards and regulations (e.g., ISO 27001, NIST, GDPR).
• Help track evidence and controls using compliance and GRC tools such as OneTrust, Drata, or similar platforms.
• Monitor regulatory and security trends and escalate relevant changes to senior team members.
• Monitor and help maintain security controls for systems, networks, and public cloud platforms (AWS, Azure, GCP).
• Assist with configuration, monitoring, and tuning of cloud security services and tools.
• Use security tools and dashboards (e.g., SIEM, security scorecards) to identify potential threats and vulnerabilities.
• Support AWS security services and baseline configurations.
• Monitor security alerts and events using SIEM and security monitoring tools.
• Participate in incident response activities, including investigation, containment, remediation, and post-incident analysis.
• Assist with blue team activities, tabletop exercises, and response drills to improve readiness.
• Document incidents and lessons learned.
• Support user access reviews, permission audits, and access control processes.
• Assist with identity management systems to ensure appropriate authentication and authorization controls.
• Help identify and remediate excessive or inappropriate access.
• Participate in risk assessments and vulnerability identification efforts.
• Assist with vulnerability scanning, tracking, and remediation coordination.
• Support risk documentation and reporting aligned with frameworks such as NIST CSF.
• Help track and report basic security metrics and KPIs.
• Support the delivery of security awareness training and phishing simulations.
• Assist in developing security documentation, including procedures, controls, detection rules, and response playbooks.
• Maintain clear and accurate security documentation for audits and operational use.

Benefits

• 100% covered Medical/Dental/Vision insurance for employee AND spouse + dependents!
• 401K with 4% employer match (eligible after 90 days of employment) and immediate 100% vesting
• Generous PTO policy + paid holidays
• Life Insurance
• Voluntary Life Insurance
• Disability Insurance
• Critical Illness Coverage
• Accident Insurance
• Healthcare FSA
• Dependent Care FSA
• Travel Assistance Program
• Employee Assistance Program (EAP)
• Fully stocked kitchen