Information Security Analyst

It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.

Job Description:
Security Operations & Tooling
Monitor, tune, and triage alerts across the SIEM platform, escalating confirmed incidents per established runbooks

Manage the vulnerability management lifecycle— including scanning, prioritization, remediation tracking, and executive reporting

Support endpoint security, email security, and network monitoring tools; identify gaps and recommend configuration improvements

Conduct periodic threat hunting activities and contribute to the development of detection rules and playbooks

Participate in incident response activities including containment, eradication, and post-incident reviews

Governance, Risk & Compliance (GRC)
Support ongoing SOC 2 Type II compliance efforts, including evidence collection, control testing, and coordination with external auditors

Assist with NIST CSF assessments — mapping current controls to framework functions and identifying gaps for remediation

Maintain and update security policies, standards, and procedures in collaboration with senior team members

Conduct periodic security risk assessments and contribute findings to the organization risk register

Track remediation efforts for identified risks and control deficiencies through to closure

Collaboration & Communication
Partner with IT, Engineering, and business stakeholders to embed security best practices into day-to-day operations

Assist in security awareness initiatives and provide guidance to staff on security topics

Prepare clear, concise reporting on security metrics, vulnerability status, and compliance posture for management

Qualifications
Required
3–5 years of experience in an information security role with exposure to both technical operations and compliance functions

Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent)

Working knowledge of vulnerability management tools such as Tenable Nessus/IO or Qualys

Demonstrated understanding of SOC 2 Trust Service Criteria and NIST Cybersecurity Framework

Familiarity with common attack techniques and defensive countermeasures (MITRE ATT&CK familiarity a plus)

Strong analytical and problem-solving skills with the ability to work both independently and collaboratively

Excellent written and verbal communication skills; ability to translate technical findings for non-technical audiences

Preferred
Relevant certifications such as CompTIA Security+, CySA+, CEH, CISM, or equivalent

Experience supporting a SOC 2 audit from end to end

Scripting or automation skills (Python, PowerShell) for security tooling and reporting

Exposure to cloud security (AWS, Azure, or GCP) environments

Experience working with GRC platforms (e.g., Archer, ServiceNow GRC, Drata, Vanta)