Sr Information Security Analyst

About The Position

Requirements

• 5+ years of experience in information security, network security, or security governance roles
• Bachelor’s degree in information security, Computer Science, MIS, or equivalent professional experience
• At least one security certification is required (e.g., Security+, CySA+, SSCP, GSEC)
• Strong working knowledge of vulnerability management tools, SIEM platforms, and log analysis
• Solid understanding of firewall architectures and access control review methodologies
• Working knowledge of PCI DSS 4.0 and managed service provider shared-responsibility models
• Strong understanding of application security principles, including common web vulnerabilities (OWASP Top 10)
• Experience coordinating remediation efforts across technical and non-technical teams
• Excellent communication, documentation, and analytical skills
• Ability to independently manage multiple priorities in a fast-paced environment

Nice To Haves

• Advanced security certifications such as CISSP, CISM, ISA/QSA, or equivalent
• Familiarity with SD-WAN, WAF, IDS/IPS, VPN, identity management, and network segmentation
• Experience supporting or reviewing SAST, DAST, and penetration testing activities
• Comfortable serving as a functional lead and escalation point across security domains

Responsibilities

• Oversee SIEM alert tuning, investigation, triage, and escalation in coordination with SOC providers
• Serve as the primary incident response coordinator during security events, including investigation, documentation, and follow-up
• Develop and deliver security awareness and training initiatives
• Maintain operational security metrics and prepare reporting for leadership
• Partner with IT and system owners to manage IAM controls, access reviews, and privileged access governance
• Act as a subject matter expert for secure network architecture, including firewalls, VPNs, SD-WAN, wireless, and authentication systems
• Lead firewall and network security review processes to ensure alignment with internal policies and PCI DSS requirements
• Serve as the primary security stakeholder for internally developed and customer-facing applications
• Define and maintain application security requirements aligned with PCI DSS 4.0, OWASP ASVS, and secure SDLC practices
• Partner with development and engineering teams to integrate security into the software development lifecycle
• Review application designs and architectures for security risks related to authentication, authorization, data handling, and segmentation
• Oversee application vulnerability management activities, including SAST, DAST, and software composition analysis (SCA)
• Coordinate remediation, risk acceptance, and exception tracking for application security findings
• Support and validate application-layer penetration testing and remediation efforts
• Act as a security escalation point for application-related incidents
• Own the end-to-end vulnerability management lifecycle across infrastructure and applications
• Coordinate remediation efforts with Network Engineering, IT Infrastructure, Operations, and Development teams
• Conduct targeted risk assessments and support enterprise risk management activities
• Lead coordination of PCI DSS compliance activities, including evidence collection, control validation, and engagement with external QSAs
• Manage the lifecycle of security policies and procedures, ensuring alignment with regulatory and business requirements
• Support customer, regulatory, and internal audit activities