Security Analyst

Our client, a professional services company located in NY, NY is looking to hire a full time Security Analyst. This role collaborates with the Director of Infrastructure & Security to enhance and maintain the Firm's Information Security and Management System. The individual will actively monitor security alerts, threats, and intelligence while ensuring that high standards for information security are consistently met across all teams. The role will also require strong interaction with engineering teams to ensure security protocols are followed.

RESPONSIBILITIES

• Information Security Monitoring & Configuration:
  • chieve 100% uptime and accurate functionality of on-premise and cloud-based security monitoring systems (e.g., eSentire, Microsoft Office365/Azure Security Consoles, Cisco Umbrella, and Palo Alto Panorama).
  • Regularly assess system configurations, ensuring they meet established security standards and adapting to emerging threats.
• uditing & Compliance:
  • Conduct ISO 27001 audits
  • Manage the internal auditing of user accounts, access privileges, patch status, and security configurations.
  • Ensure that audits are completed quarterly, with 100% compliance to internal security policies and industry standards.
  • Provide detailed reports on any non-compliance issues and track corrective actions to resolution.
• lert Triage & Analysis:
  • Maintain a triage process for security alerts from internal monitoring systems, third-party intelligence, and vendor reports.
  • Respond to and resolve at least 95% of identified threats within a set timeframe (e.g., 24 hours).
  • Escalate unresolved issues based on defined protocols, ensuring no more than 2% of critical alerts are missed.
• Vendor Coordination & Risk Management:
  • Oversee the coordination of external vendors performing vulnerability assessments and penetration testing.
  • Ensure that all vendor reports are reviewed and actionable recommendations are implemented within 30 days, targeting a 95% adherence rate to recommended security improvements.
• ISMS Policy Development:
  • Lead the continuous improvement of the Firm's Information Security Management System (ISMS).
  • Successfully maintain, update, and communicate policies and procedures that align with best practices and emerging threats.
  • Ensure that 100% of all documentation is up-to-date and compliant with industry standards (e.g., ISO 27001).
• Incident Response & Security Forums Participation:
• ctively engage in the Computer Security Incident Response Team (CSIRT) and the Information Security Forum (ISF).
• Ensure that all security incidents are tracked, analyzed for root causes, and that post-incident reports with process improvements are provided within 48 hours of resolution.
• Client Security Assessments:
• Contribute to security assessments and reviews of client environments.
• Meet or exceed the firm's standard of conducting client security reviews within a 30-day window from the initial request.

QUALIFICATIONS

• Threat Landscape Expertise: Demonstrated knowledge of current security threats and a proactive approach to research new trends, tools, and security risks.
• Security Tools and Process Improvement: Expertise in conducting ISO 27001 audits using advanced security tools and techniques for detection and analysis, continuously improving internal security processes.
• Internal Control & Documentation: Strong understanding of internal controls, security policies, and the ability to improve documentation in line with ISO 27001 or similar frameworks.
• Incident Response Knowledge: Proficient in incident analysis and response, including tracking, root cause analysis, and reporting lessons learned to improve future protocols.
• Technical Expertise: In-depth understanding of networking protocols, TCP/IP, security devices (e.g., firewalls, IDS/IPS), server operating systems (e.g., Windows, Linux), and other core infrastructure technologies.
• Penetration Testing: Practical experience with penetration testing tools and techniques to evaluate security vulnerabilities.

Certifications:

• Information Security certifications (CISSP, CISM, or equivalent) preferred.

Education & Experience:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Information Security certifications strongly preferred.

Work Environment:
Hybrid schedule: 3 days in-office, 2 days remote. (Subject to change based on business needs).

Salary Range:

• $145,000 - $165,000 per year, commensurate with experience.