Senior Information Security Analyst

About The Position

Requirements

• 7+ years of experience in cybersecurity, vulnerability management, and security automation.
• Strong programming skills in Python, PowerShell, Bash, or equivalent languages for security automation.
• Deep expertise in SAP security and Onapsis vulnerability management.
• Advanced API development skills, integrating security platforms (Tenable, Onapsis, ServiceNow, ITSM).
• Strong experience with ServiceNow VR module, including automation, custom workflows, and integrations.
• Hands-on experience with Tenable, Qualys, or Nexpose for enterprise vulnerability scanning.
• Expert-level understanding of network security protocols and common port numbers.
• Experience securing third-party platforms (Okta, SAP, ServiceNow, Salesforce, M365).
• Proven ability to lead security automation initiatives and mentor junior analysts.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice To Haves

• Experience with cloud security automation (AWS, Azure, GCP).
• Infrastructure-as-Code (Terraform, Ansible) for security automation.
• Familiarity with SAP Basis, HANA security, and GRC compliance.
• Experience with machine learning-driven security automation.
• Security certifications (CISSP, OSCP, GIAC, AWS Security Certs, Onapsis Certified Expert) are a plus.

Responsibilities

• Develop, optimize, and scale automation scripts (Python, PowerShell, Bash) to improve vulnerability detection, tracking, and remediation.
• Design custom API integrations between Tenable, Onapsis, ServiceNow VR, and ITSM platforms to automate security workflows.
• Implement security automation playbooks that reduce manual efforts and accelerate response times.
• Engineer custom security solutions to streamline vulnerability scanning and compliance reporting.
• Lead enterprise-wide vulnerability assessments using Tenable, Onapsis, Qualys, or Nexpose.
• Implement automated risk-based prioritization models, leveraging AI/ML-driven insights where applicable.
• Oversee and optimize the ServiceNow VR module for scalable vulnerability tracking, exception management, and automated ticketing.
• Work closely with IT and business stakeholders to define remediation SLAs, risk thresholds, and compliance requirements.
• Lead the security assessment of SAP environments, ensuring compliance with industry standards and best practices.
• Automate the ingestion of Onapsis vulnerability findings into ServiceNow VR for enhanced tracking and resolution.
• Work with SAP teams to remediate misconfigurations, unauthorized access risks, and compliance gaps.
• Develop automation frameworks to monitor SAP security posture and streamline remediation workflows.
• Manage the full integration of Tenable, Onapsis, and Configuration Compliance findings into ServiceNow VR.
• Enhance Configuration Compliance monitoring by automating the processing of audit findings and risk exceptions.
• Ensure that security data is accurate, actionable, and seamlessly integrated with ITSM and GRC platforms.
• Apply expert-level knowledge of networking and security protocols (e.g., TCP/IP, HTTP/S, SSH, FTP, DNS, SSL/TLS, VPNs, RDP).
• Assess security implications of common ports (e.g., 443 (HTTPS), 22 (SSH), 3389 (RDP), 53 (DNS), 445 (SMB)) and automate network security controls.
• Work on firewall rule reviews, segmentation strategies, and security policy enforcement.
• Design automation workflows for PCI-DSS, NIST, ISO 27001, and CIS benchmarks compliance.
• Develop tools to generate real-time compliance reports, track remediation progress, and reduce audit preparation time.
• Stay ahead of emerging threats, regulatory changes, and vulnerability trends, continuously refining security automation strategies.
• Provide technical leadership in vulnerability management, SAP security, and security automation.
• Drive strategic discussions with IT, business, and leadership teams to align security initiatives with organizational goals.
• Mentor junior and mid-level security analysts, sharing best practices in automation, API development, and risk prioritization.
• Develop comprehensive security documentation, playbooks, and process improvements.

Benefits

• The expected compensation range for this position is between $89,000 - $149,000.
• Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• Comprehensive benefits package including Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.