IT - Senior Security Analyst

Primary Responsibilities

• Help lead a team of Security Analysts and provide guidance, mentorship, and support.
• Assess, design, document, and work with IT teams to implement security controls for critical applications and systems throughout the company network to meet security standards and best practice recommendations.
• Plan and schedule work with all areas of IT to ensure timely remediation of vulnerabilities based on security scans, penetration testing, or other means of detection of threats.
• Conduct thorough investigations of security alerts/incidents and provide detailed reports on findings and actions taken.
• Develop and implement security policies, procedures, and best practices to protect sensitive information and ensure compliance with regulatory requirements.
• Maintain and ensure annual updates of all security-related Infrastructure policies and procedures by working with the respective teams.
• Perform regular security audits, risk assessments, and vulnerability assessments to identify and mitigate potential security risks as well as ensure the effectiveness of security controls.
• Stay up-to-date with the latest cybersecurity trends, threats, and technologies.
• Reviewing email proxy phishing and spam queues. Provide guidance for tuning/adjustment of rules for the email proxy as needed.
• Develop, write, and maintain policies and procedures to ensure compliance with SOC 2, CIS Top 18, TISAX, and other relevant standards.
• Define rules for and assist with DLP system maintenance.
• Assist in overseeing 3rd party risk by communicating to vendors regarding mitigating discovered vulnerabilities.
• Lead incident response and assist with disaster recovery planning and execution.
• Monitor alerts and assess and improve on response plans based on the severity and applicability of the threat.
• Ongoing system maintenance, policy configuration changes, and patching.
• Participate in the recruitment and training of new team members.
• Participate in tabletop exercises within IT and operational areas.

Other security tasks as needed.

Job Qualifications

• Typically requires a bachelor's degree or its equivalent

• At least 4 - 7 years of security work experience.
• Experience in conducting security training and awareness programs.
• Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing, or working with pentesting firms.
• Strong understanding of cybersecurity compliance frameworks, standards, and best practices (e.g., NIST, CIS, TISAX, OWASP, etc.)
• Experience configuring, maintaining, and auditing application systems security controls.
• Knowledge of system and network exploitation, attack vectors and pathologies, intrusion techniques, such as phishing, denial of service attacks, OWASP Top 10 vulnerabilities, malicious code/malware, ransomware, password attacks, etc.
• Experience with Next Generation Firewalls, Next Generation EndPoint Protection products, IDS/IPS, and web application firewall technologies.
• Experience with SIEM log centralization solutions.
• Knowledge of current Windows Server, Windows Workstation, Apple, Linux, VMware, and Active Directory environments.
• Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design.
• Experience with Email Security, Web Security, and DLP products.
• Professional certifications such as CISSP, CISM, CEH, or equivalent are highly desirable.
• Excellent analytical, problem-solving, and communication skills.