Senior Security Analyst III

3-5 years of professional experience in Information Security or IT Risk Management. Demonstrated expertise in Security Operations, Incident Response, or Vulnerability Management. Experience with Security and control frameworks (e.g., FFIEC, NIST, COBIT, ITIL, ISO). Experience with EDR platforms (e.g., CrowdStrike, Defender for Endpoint, SentinelOne). Experience with SIEM/SOAR tools (e.g., Sumo Logic, Splunk, Chronicle, Azure Sentinel). Experience with CSPM tools (e.g., Wiz, Prisma, Orca). Experience with Vulnerability management platforms (e.g., Qualys, Tenable, Rapid7). Experience identifying IT controls risks and offering recommendations. Experience with information security standards and best practices. Experience with Governance Risk & Compliance (GRC) tools and procedure development. Solid understanding of common attack techniques (MITRE ATT&CK) and incident workflows. Foundational knowledge of AWS or other cloud environments. Basic understanding of networking, operating systems (Linux/Windows), and security principles. Familiarity with automation frameworks or API integrations for security tools. Strong written and verbal communication skills. Experience building dashboards and metrics for leadership visibility. Strong analytical and problem-solving skills. Bachelor’s degree in Cybersecurity, Computer Science, or equivalent experience. Certifications such as CompTIA CySA+, GCIH, GCIA, GMON, GCDA, GSOC, or CISSP associate are preferred. Experience working in a regulated industry (financial services or health care).

Own the security review and assessment process for new applications/tools. Assist with security risk management activities. Identify emerging compliance requirements and assess impact on policies. Develop and refresh policies, procedures, standards, and guidelines. Design and maintain dynamic dashboards for Information Security Governance. Monitor security alerts and support incident triage. Assist in executing security incident response playbooks. Contribute to documentation and tracking of security incidents. Support monitoring and logging strategy by assisting with SIEM alert configuration. Perform regular log review and analysis. Contribute to the development and maintenance of operational playbooks. Learn to deploy and manage new security tools. Develop basic security performance metrics and assist with reporting.