Position SummaryThe Information Security Analyst is responsible for protecting the firm's systems, networks, and data through the implementation, monitoring, and continuous improvement of security controls and technologies.
This role combines hands-on security operations with technical ownership of key security tools and controls, focusing on threat detection, incident response, and control effectiveness. The analyst will work closely with IT and vendors to strengthen the firm's security posture while contributing to the evolution and optimization of the Information Security Program.
Reports to: Director of Information Security & Governance
Key Responsibilities:Security Operations & Incident Response- Monitor and analyze security alerts across EDR, MDR/SIEM, email security, and identity platforms
- Investigate suspicious activity, perform triage, and escalate incidents as appropriate
- Execute incident response activities across the lifecycle, including detection, containment, eradication, and recovery
- Document investigations, actions taken, and outcomes for audit and reporting purposes
- Perform root cause analysis and recommend improvements following incidents
Endpoint, Identity & Infrastructure Security- Configure, maintain, and optimize security tools (e.g., endpoint protection, PAM, web filtering, identity controls)
- Support system hardening efforts aligned to industry best practices
- Monitor and improve privileged account usage and enforcement of least privilege
- Assist in implementation and tuning of identity controls (MFA, Conditional Access, authentication policies)
Detection & Security Engineering Support- Develop and tune detection rules and alerting use cases across security platforms
- Translate threat intelligence into actionable detection and prevention controls
- Identify gaps in coverage and recommend improvements to detection capabilities
- Support integration and optimization of security tools within monitoring workflows
Vulnerability & Risk Management- Perform vulnerability scanning and coordinate remediation with IT teams
- Track and validate remediation efforts and escalate unresolved risks
- Provide technical input into risk assessments and remediation prioritization
- Assist in improving vulnerability management processes and reporting
Security Tools & Automation- Support the implementation, integration, and optimization of security technologies
- Assist in developing automation to improve alert triage, response, and reporting
- Identify opportunities to streamline operational tasks and improve efficiency
- Maintain documentation for tools, configurations, and processes
Governance, Compliance & Collaboration- Support compliance initiatives and provide evidence for audits and assessments
- Assist in responding to client security questionnaires as needed
- Partner with IT and business teams to ensure controls are functioning as intended
- Contribute to technical standards and support enforcement of security policies
QualificationsRequired- 2-5+ years of experience in information security, cyber operations, or IT security
- Associate's or Bachelor's degree in Information Security, Information Technology, or a related field
- Experience working with security technologies such as:
- EDR/XDR
- SIEM/MDR platforms
- PAM solutions
- Identity & Access Management (IAM), MFA, Conditional Access
- Strong understanding of:
- Networking fundamentals (TCP/IP, firewalls, VPNs)
- Windows and cloud environments (Azure preferred)
- Common attack techniques (phishing, credential theft, lateral movement)
- Experience with vulnerability management processes
- Ability to analyze logs, alerts, and security events
Preferred- Familiarity with HITRUST, NIST CSF, CIS Controls, or ISO 27001
- Scripting or automation experience (e.g., PowerShell, Python)
- Experience with security automation or SOAR tools
- Experience in legal or regulated environments
- Security certifications (e.g., Security+, CySA+, GCIH, CISSP)
Key Competencies- Analytical & Investigative Mindset - Strong ability to analyze alerts and determine root cause
- Technical Problem-Solving - Ability to troubleshoot across endpoint, identity, and network environments
- Operational & Engineering Balance - Comfortable both responding to issues and improving underlying controls
- Incident Response Discipline - Organized and effective during security events
