Senior Information Security Analyst

About

The Information Security Specialist/Analyst III reports to the Manager, Security Operations. Under indirect supervision, this role provides operational, compliance, and consultative functions, designing, implementing, managing, and monitoring technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization’s information assets. The position may require rotating 24 × 7 on‑call support.

Responsibilities

• Network Security Monitoring and Incident Response (45 %)

  • Serve as lead escalation point for security incidents, overseeing detection, investigation, containment, and remediation within a CrowdStrike EDR environment (experience with Microsoft Defender for Endpoint EDR also desired).
  • Analyze findings from security monitoring systems, including IDS/IPS and SIEM consoles, to identify and respond to potential incidents and data breaches.
  • Perform cyber‑security incident handling, tracking, and reporting.
  • Assess risk levels, conduct forensic investigations, isolate malware, identify attack vectors, provide remediation guidance, and prioritize remediation efforts.
  • Respond to service requests from end users for investigation of security events.
  • Collaborate with internal SOC teams and external MSSPs to contain and remediate incidents.

• Security Technology Management (20 %)

  • Configure, manage, and optimize SIEM platforms (CrowdStrike and/or Microsoft Sentinel) to enhance threat detection and response.
  • Lead and manage large‑scale security‑related projects, including tool implementations, upgrades, and process improvements.

• Vulnerability Management (10 %)

  • Conduct vulnerability assessments, identify security risks, and report findings to system owners.
  • Manage workflows to ensure protected assets are assessed in a timely manner.

• Threat Analysis (15 %)

  • Continuously evaluate and update analytics to counter evolving threat‑actor tactics, techniques, and procedures (TTPs).
  • Perform risk assessments and translate business requirements into effective security controls.
  • Maintain comprehensive documentation and present findings to stakeholders clearly and actionably.

• Security Awareness (10 %)

  • Create and deliver security awareness training for technical and non‑technical audiences.

Requirements

• Education & Experience
  • Bachelor’s degree in information security, information assurance, computer science, or related field and 5 years of IT security experience, or
  • 10