Information Security Analyst

This is a fully remote position, open to applicants in Maryland.

📋 Description

• Oversee, optimize, and assess alerts within the SIEM platform, escalating verified incidents according to established procedures.

• Administer the vulnerability management lifecycle, which includes scanning, prioritizing, tracking remediation efforts, and generating executive reports.

• Provide support for endpoint security, email security, and network monitoring tools; identify deficiencies and suggest configuration enhancements.

• Engage in regular threat hunting activities and aid in the creation of detection rules and playbooks.

• Take part in incident response efforts, including containment, eradication, and conducting post-incident evaluations.

• Assist with ongoing SOC 2 Type II compliance initiatives, such as evidence gathering, control assessments, and liaising with external auditors.

• Support NIST CSF assessments by aligning current controls with framework functions and pinpointing remediation gaps.

• Collaborate with senior team members to maintain and update security policies, standards, and procedures.

• Perform regular security risk assessments and contribute the results to the organization's risk register.

• Monitor remediation processes for identified risks and control deficiencies until resolution.

• Collaborate with IT, Engineering, and business stakeholders to integrate security best practices into everyday operations.

• Aid in security awareness programs and offer guidance to staff on security-related topics.

• Create clear and concise reports on security metrics, vulnerability status, and compliance posture for management review.

⛳️ Requirements

• 3–5 years of experience in a role related to information security, with exposure to both technical operations and compliance aspects.

• Hands-on experience with SIEM platforms, such as Splunk, Microsoft Sentinel, or similar tools.

• Proficient knowledge of vulnerability management tools like Tenable Nessus/IO or Qualys.

• Proven understanding of SOC 2 Trust Service Criteria and the NIST Cybersecurity Framework.

• Familiarity with common attack methods and defensive strategies (knowledge of MITRE ATT&CK is a plus).

• Strong analytical and problem-solving abilities.

• Exceptional written and verbal communication skills; capable of conveying technical findings to non-technical audiences.

🏝️ Benefits

• Health insurance

• Paid time off

• Flexible work arrangements

• Professional development

• Wellness programs