Information Security Analyst

It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. Job Description: Security Operations & Tooling Monitor, tune, and triage alerts across the SIEM platform, escalating confirmed incidents per established runbooks Manage the vulnerability management lifecycle— including scanning, prioritization, remediation tracking, and executive reporting Support endpoint security, email security, and network monitoring tools; identify gaps and recommend configuration improvements Conduct periodic threat hunting activities and contribute to the development of detection rules and playbooks Participate in incident response activities including containment, eradication, and post-incident reviews Governance, Risk & Compliance (GRC) Support ongoing SOC 2 Type II compliance efforts, including evidence collection, control testing, and coordination with external auditors Assist with NIST CSF assessments — mapping current controls to framework functions and identifying gaps for remediation Maintain and update security policies, standards, and procedures in collaboration with senior team members Conduct periodic security risk assessments and contribute findings to the organization risk register Track remediation efforts for identified risks and control deficiencies through to closure Collaboration & Communication Partner with IT, Engineering, and business stakeholders to embed security best practices into day-to-day operations Assist in security awareness initiatives and provide guidance to staff on security topics Prepare clear, concise reporting on security metrics, vulnerability status, and compliance posture for management Qualifications Required 3–5 years of experience in an information security role with exposure to both technical operations and compliance functions Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent) Working knowledge of vulnerability management tools such as Tenable Nessus/IO or Qualys Demonstrated understanding of SOC 2 Trust Service Criteria and NIST Cybersecurity Framework Familiarity with common attack techniques and defensive countermeasures (MITRE ATT&CK familiarity a plus) Strong analytical and problem-solving skills with the ability to work both independently and collaboratively Excellent written and verbal communication skills; ability to translate technical findings for non-technical audiences Preferred Relevant certifications such as CompTIA Security+, CySA+, CEH, CISM, or equivalent Experience supporting a SOC 2 audit from end to end Scripting or automation skills (Python, PowerShell) for security tooling and reporting Exposure to cloud security (AWS, Azure, or GCP) environments Experience working with GRC platforms (e.g., Archer, ServiceNow GRC, Drata, Vanta)