Information Security Analyst

Cisive

$80K — $110K *
US-AnywhereRemote in Maryland, US
Information Technology
Less than 5 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 3-5 years in an information security role with technical and compliance experience
  • Hands-on expertise with SIEM platforms like Splunk or Microsoft Sentinel
  • Familiar with vulnerability management tools like Tenable Nessus or Qualys
  • Understanding of SOC 2 criteria and NIST Cybersecurity Framework
  • Knowledge of common attack techniques and defense strategies, MITRE ATT&CK is a plus
  • Strong analytical skills and ability to work independently or in teams
  • Excellent communication skills for conveying technical information to non-technical audiences

Responsibilities

  • Monitor and triage alerts across the SIEM platform and escalate incidents
  • Manage the entire vulnerability management lifecycle from scanning to remediation
  • Support and enhance endpoint, email, and network security tools
  • Conduct threat hunting and help develop detection rules
  • Participate in incident response activities and post-incident reviews
  • Assist with SOC 2 Type II compliance and coordinate with auditors
  • Conduct security risk assessments and track remediation efforts

Benefits

  • Support for ongoing professional development and certification
  • Collaboration with cross-functional teams to enhance operational security
  • Opportunities to contribute to significant compliance projects
  • Engagement in threat intelligence and hunting initiatives
  • Access to advanced security tooling and platforms
Full Job Description
Job Description:
  • Security Operations & Tooling
    • Monitor, tune, and triage alerts across the SIEM platform, escalating confirmed incidents per established runbooks
    • Manage the vulnerability management lifecycle- including scanning, prioritization, remediation tracking, and executive reporting
    • Support endpoint security, email security, and network monitoring tools; identify gaps and recommend configuration improvements
    • Conduct periodic threat hunting activities and contribute to the development of detection rules and playbooks
    • Participate in incident response activities including containment, eradication, and post-incident reviews

    Governance, Risk & Compliance (GRC)
    • Support ongoing SOC 2 Type II compliance efforts, including evidence collection, control testing, and coordination with external auditors
    • Assist with NIST CSF assessments - mapping current controls to framework functions and identifying gaps for remediation
    • Maintain and update security policies, standards, and procedures in collaboration with senior team members
    • Conduct periodic security risk assessments and contribute findings to the organization risk register
    • Track remediation efforts for identified risks and control deficiencies through to closure

    Collaboration & Communication
    • Partner with IT, Engineering, and business stakeholders to embed security best practices into day-to-day operations
    • Assist in security awareness initiatives and provide guidance to staff on security topics
    • Prepare clear, concise reporting on security metrics, vulnerability status, and compliance posture for management

    Qualifications
    Required
    • 3-5 years of experience in an information security role with exposure to both technical operations and compliance functions
    • Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent)
    • Working knowledge of vulnerability management tools such as Tenable Nessus/IO or Qualys
    • Demonstrated understanding of SOC 2 Trust Service Criteria and NIST Cybersecurity Framework
    • Familiarity with common attack techniques and defensive countermeasures (MITRE ATT&CK familiarity a plus)
    • Strong analytical and problem-solving skills with the ability to work both independently and collaboratively
    • Excellent written and verbal communication skills; ability to translate technical findings for non-technical audiences

    Preferred
    • Relevant certifications such as CompTIA Security+, CySA+, CEH, CISM, or equivalent
    • Experience supporting a SOC 2 audit from end to end
    • Scripting or automation skills (Python, PowerShell) for security tooling and reporting
    • Exposure to cloud security (AWS, Azure, or GCP) environments
    • Experience working with GRC platforms (e.g., Archer, ServiceNow GRC, Drata, Vanta)
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Cisive

More Information Technology Jobs

Find similar Information Security Analyst jobs:

NationwideRemote