IT Security Analyst

Supports the organization’s cybersecurity program, focusing on protecting corporate and operational technology (OT) assets, sensitive data, and critical infrastructure. Assists with monitoring security controls, conducting risk assessments, supporting incident response, and contributing to governance, compliance, and awareness initiatives. Essential Duties: Assist with day-to-day security operations, including alert triage, vulnerability tracking, and policy enforcement. (~40%) Support incident response activities, including investigation, documentation, evidence collection, and remediation tracking. (~20%) Contribute to security awareness programs, phishing simulations, and employee education efforts. (~20%) Perform basic risk assessments for applications, vendors, devices, and internal systems. (~20%) Non-Essential Duties: Performs other duties as assigned. Responsibilities Skills and Abilities: Ability to handle confidential sensitive data or issues. Ability to review security requests for accuracy and completeness. Ability to enhance and implement policies and procedures consistent with control guidelines and requirements. Ability to identify risk, assess impact, and make adjustments per control requirements. Ability to create and maintain accurate and auditable documentation to fulfill audit requirements. Ability to pay close attention to details with good planning, time management, and organization skills. Ability to multitask and work effectively with interruptions. Ability to work with all levels, including C-level executives. Knowledge: Knowledge and proficiency in Microsoft Active Directory access provisioning, including user accounts, group membership, shared folders, etc. Knowledge of Microsoft Azure environments and tools. Knowledge of Governance, Risk, and Compliance (GRC) processes. Knowledge of server architecture and roles, communications, security management, electronic messaging services, and remote access services. Knowledge of server-based technologies including Windows Server (all versions), VMware, Exchange Online, Teams, and other server and cloud-based applications. Strong understanding of basic security concepts such as authentication, access control, networking fundamentals, malware, encryption, risk, and vulnerabilities. Strong analytical, troubleshooting, and communication skills. Knowledge and proficiency in Microsoft Word, Excel, PowerPoint, and Visio. Qualifications Minimum Education and Certification: Associate or Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field; or equivalent hands-on training/experience. Relevant certifications (e.g., CompTIA Security+, CySA+, GSEC, CC, Google Cybersecurity Certificate). Minimum Experience: 5+ years of experience in the following: Microsoft Active Directory and/or Entra ID user provisioning and access control. Service management and ticketing tracking systems. Exposure to SIEM tools, vulnerability scanners, phishing platforms, or identity management. Coursework or experience related to OT security, industrial control systems (ICS), or critical infrastructure (bonus for energy/oil & gas interest). Internship or lab experience in cybersecurity or IT support. Microsoft Office suite including Word, Excel, PowerPoint, and Visio. Current on industry security trends and emerging technologies. IT Security principles. Physical Demands: Regularly required to sit, use hands to finger, handle or feel; reach with hands and arms; and talk or hear. Occasionally required to stand, walk, and stoop. Vision abilities include close vision, distance vision, color vision, and the ability to adjust focus. Problem Solving and Innovation: Works closely with business partners, subject matter experts (SME), and system integrators (SI) to ensure security requests fit into the overall corporate IT direction and current systems. Assimilates and evaluates data from multiple sources, determining the optimum solution based on requirements. Deals with complex technical issues through own experience or research. Works with little or no supervision. Impact: Critical component of securing company IT systems. This job description is a summary of essential job functions. It is not intended as an employment contract, nor is it intended to describe all duties someone in this position may perform. All employees are expected to perform tasks, as assigned by supervisor, regardless of job title or routine job duties.