Security Analyst

About The Position

Requirements

• 2–4 years of experience in a security-focused IT role, ideally within an MSP or multi-client environment.
• Working knowledge of security frameworks (NIST CSF, CIS Controls, HIPAA) and their practical application.
• Hands-on experience with EDR, email security, SIEM, and vulnerability management tools.
• Familiarity with Microsoft 365 security
• Strong written and verbal communication skills — ability to prepare polished, client-facing security reports and documentation for executive presentation.
• Ability to manage multiple client priorities simultaneously and work independently without daily supervision.
• Valid driver's license and proof of auto insurance.

Nice To Haves

• Security certifications such as CompTIA Security+, CySA+, or equivalent.
• Experience supporting vCISO or fractional security programs.
• Experience with HaloPSA or similar PSA/ticketing platforms.
• Exposure to HIPAA, SOC 2, or FINRA compliance environments.

Responsibilities

• Monitor, triage, and respond to security alerts across client environments using SIEM, EDR, and other security tooling in the Dymin stack
• Conduct vulnerability scans and assessments across managed client environments; track and coordinate remediation with internal and client teams.
• Manage and review security tooling configurations, policies, and alerts for assigned clients.
• Support incident response activities including investigation, containment, documentation, and client communication; escalate incidents exceeding scope to the Director of Managed Services.
• Perform regular log reviews, threat hunting, and anomaly analysis across client environments.
• Administer and maintain endpoint protection, email security, DNS filtering, and privileged access tools across the MSP client base.
• Prepare and execute recurring deliverables under the vCISO service offering, including risk assessments, security awareness content, policy reviews, compliance tracking, and security roadmap updates — materials are prepared by this role and presented to clients by the CIO.
• Prepare client-facing security reports, risk registers, and program documentation for CIO review and delivery.
• Support HIPAA, NIST CSF, and CIS Controls compliance activities on behalf of clients.
• Coordinate vendor risk assessments and track findings through remediation.
• Assist with tabletop exercise preparation and incident response plan development and maintenance.
• Maintain all security program artifacts, documentation, and deliverable logs across the vCISO client portfolio.
• Assist the CIO with internal Dymin security initiatives, tooling evaluations, and policy development.
• Support phishing simulations and internal security awareness program execution.
• Contribute to the development and maintenance of Dymin's internal security posture documentation.
• Available for emergency response to critical security incidents outside normal business hours as needed. This is not a scheduled on-call role, but emergency response to genuine critical events is expected.

Benefits

• Health and dental insurance
• Retirement savings plan with company match after 1 year
• Generous paid time off and holidays
• Opportunities for professional development and continued education