Sr. IT Security Analyst

About The Position

Requirements

• Minimum 5+ years of experience in IT Security, with strong hands-on experience in Security Operations.
• College Diploma or University Degree in Computer Science, Engineering, or related field.
• EDR platforms (e.g., endpoint containment, alert triage, investigation).
• NDR technologies and network-based threat detection.
• Security Incident Response and Investigation.
• Strong understanding of attacker techniques and defensive controls (MITRE ATT&CK).
• Experience working in regulated or audit-driven environments.
• Hands‑on experience supporting IAM security operations, including identity monitoring and access control validation.
• Strong understanding of authentication, authorization, MFA, RBAC, and privileged access concepts.
• Experience analyzing identity logs and alerts within SIEM or security analytics platforms.

Nice To Haves

• Experience with enterprise SOC tooling including SIEM, EDR, NDR, SOAR.
• Experience operating security controls in hybrid (on‑prem and cloud) environments.
• Familiarity with Security Risk Index (SRI), cyber risk metrics, or risk-based reporting.
• Knowledge of network architecture and segmentation concepts.
• One or more of the following certifications: - CISSP - CISM - GCIA / GCED / GCEDR / GCIH - CompTIA Security+ - SANS Blue Team certifications

Responsibilities

• Own and operate the enterprise vulnerability management lifecycle, including discovery, assessment, prioritization, remediation tracking, and risk acceptance
• Correlate vulnerability data with asset criticality, exploitability, threat intelligence, and exposure to drive risk-based remediation
• Track remediation SLAs and escalate overdue or accepted risks through appropriate governance channels
• Support internal and external audit evidence for vulnerability management controls
• Contribute vulnerability metrics to executive and risk committee reporting (e.g., SRI/NSRI)
• Act as a senior escalation point for security incidents, providing deep technical analysis, containment guidance, and remediation recommendations
• Lead investigation of alerts generated by EDR, NDR, SIEM, and security analytics platforms
• Coordinate incident response activities across IT Infrastructure, Network, Cloud, and Application teams
• Develop and maintain incident response playbooks, runbooks, and escalation procedures
• Support post‑incident reviews, root cause analysis, and lessons learned tracking
• Operate and tune EDR platforms to improve detection fidelity, reduce false positives, and enhance response effectiveness
• Analyze endpoint telemetry for indicators of compromise (IOC), anomalous behavior, and threat actor activity
• Support endpoint containment actions such as process isolation, host quarantine, and forensic data collection
• Partner with IT Operations to ensure EDR coverage, health, and policy compliance across endpoints
• Operate and maintain NDR capabilities, including alert triage, investigation, and threat hunting
• Analyze network traffic, metadata, and behavior-based detections to identify lateral movement, command-and-control activity, and policy violations
• Collaborate with Network teams to validate detections and improve network security controls and segmentation
• Use NDR telemetry to validate network segmentation effectiveness and control gaps
• Perform proactive threat hunting using EDR, NDR, SIEM, and log analytics platforms
• Apply MITRE ATT&CK–aligned techniques to identify stealthy or low-signal threats
• Integrate external threat intelligence into detection and hunting activities
• Recommend detection engineering improvements to SOC tooling and analytics
• Define and maintain security operations KPIs and KRIs (incident trends, MTTR, vulnerability aging, control coverage)
• Contribute to Security Risk Index (SRI) calculations and continuous improvement initiatives
• Ensure alignment with NIST CSF, ISO 27001/27002, and internal security standards
• Support audits by providing defensible evidence of control operation and effectiveness
• Mentor junior analysts and provide technical guidance within the SOC
• Identify opportunities to improve automation, orchestration, and response workflows
• Participate in security architecture reviews and technology evaluations related to detection and response
• Contribute to the development of security standards, procedures, and operational playbooks
• Support operational security of IAM platforms (e.g., Active Directory, Azure AD / Entra ID, PAM solutions)
• Monitor and investigate identity‑based threats, including credential misuse, privilege escalation, and anomalous authentication behavior
• Correlate IAM events with EDR, NDR, and SIEM telemetry during incident investigations
• Support access reviews, entitlement validation, and privileged access oversight in collaboration with IAM and IT teams.
• Assist with detection and response use cases related to: - Compromised accounts. - Excessive privileges. - Service account misuse. - Lateral movement via identity.
• Contribute to IAM‑related risk metrics and control effectiveness reporting (e.g., MFA coverage, privileged account exposure).
• Support audit evidence for IAM controls aligned to NIST CSF PR.AA, ISO 27001 A.5/A.8, and internal access standards.