Information Security Analyst

The IT Security team is responsible for the oversight and execution of a “cloud-first” Information Security, Business Continuity and Risk Management programs to support the firm's business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning / implementation, identity management, network security, privacy, and compliance.

The ideal candidate will hold a Bachelor of Science degree in Information/Cyber Security or applicable field and have at least 3+ years of experience with attack surface reduction or attack surface management roles. The candidate must possess a strong understanding of the role of Information Security Policies and Standards and a proficient understanding of the Microsoft 365 / Azure platforms.

Responsibilities:

• Lead the analysis of vulnerability scan results, identification of vulnerability patterns, and partners with technology teams to define and facilitate the remediation of vulnerable systems in accordance with established firm guidelines.
• Establish an accountable culture for improving the security posture across the firm via KPI and KRI executive reporting.
• Help prioritize threat management resource efforts according to highest risk areas.
• Continuously monitor and assess the effectiveness of the firm's cloud security posture and make recommendations for improvements.
• Assist in the implementation of security controls and solutions to ensure the security and compliance of the firm's cloud environment.
• Incorporate threat and vulnerability intelligence requirements into the attack surface reduction function.
• Stay up-to-date with the latest cloud security threats, trends, and best practices.
• Knowledge of commercial product and service solutions for security testing (WIZ, Qualys, Tenable, etc).

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3+ years of experience with vulnerability management platforms.
• Experience with cloud security platforms such as AWS, Azure, or GCP.
• Knowledge of security frameworks such as NIST, CIS, or ISO.
• Knowledge of general Cybersecurity concepts and methods, including vulnerability management, application security, incident response, governance, risk or compliance, or security architecture.
• Project Management experience driving vulnerability/patch remediation efforts across the organization
• Strong communication, organizational, and problem-solving skills.
• Ability to simultaneously manage multiple complex projects.