Security Analyst

Security Analyst

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field
• Minimum of 3 years of experience in security analysis, GRC, or related roles within a cloud-based environment
• Proficiency in using SIEM tools and conducting security investigations
• Familiarity with regulatory frameworks such as HIPAA, HITRUST, and PCI
• Experience with risk assessment methodologies and tools
• Understanding of AWS security best practices and Infrastructure as Code (IaC) principles
• Knowledge of vulnerability assessment tools and threat intelligence platforms
• Strong analytical and problem-solving abilities
• Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, agile environment.

Responsibilities

• Monitor security alerts and respond to incidents, conducting root cause analyses and implementing corrective actions
• Collaborate with the security team to develop and refine incident response plans and playbooks
• Utilize Security Information and Event Management (SIEM) tools to detect and analyze potential threats
• Perform regular vulnerability assessments and coordinate remediation efforts with relevant teams
• Conduct threat hunting activities to proactively identify and mitigate potential security risks.
• Develop, implement, and maintain security policies, standards, and procedures in alignment with industry regulations such as HIPAA, HITRUST, and PCI
• Conduct risk assessments to identify vulnerabilities and ensure appropriate controls are in place
• Collaborate with internal stakeholders to ensure compliance with regulatory requirements and internal policies
• Assist in the preparation and management of documentation for internal and external audits, including evidence collection and control mapping
• Assess and monitor third-party vendors to ensure they meet security and compliance requirements
• Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
• Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
• Utilize security ratings services to continuously evaluate the security posture of third-party vendors
• Develop and deliver security awareness training programs to educate employees on security best practices and policies
• Promote a culture of security awareness throughout the organization.
• Generate regular reports on security metrics, incidents, and compliance status for management review
• Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks.

Preferred Qualifications

• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are highly desirable.