IT Security AnalystPosition SummaryOur client is seeking an IT Security Analyst to serve as a key contributor to the organization's cybersecurity program. This role will be responsible for executing security initiatives, supporting compliance requirements, strengthening Microsoft 365 and Azure security, coordinating incident response activities, and driving security best practices across a complex, multi-site environment.
The IT Security Analyst will work closely with IT leadership, compliance teams, managed service providers, and security partners to maintain a strong security posture while supporting ongoing technology and business initiatives.
Key ResponsibilitiesRisk Management & Compliance- Conduct and document security risk assessments and support ongoing compliance initiatives.
- Maintain and update information security policies, standards, and procedures.
- Coordinate internal and external security audits and track remediation efforts.
- Support governance committees through reporting, documentation, and follow-up activities.
- Assist with vendor risk assessments, third-party security reviews, and security questionnaires.
Microsoft 365 Security- Administer and secure Microsoft 365 environments, including identity, access management, endpoint management, security monitoring, and data protection solutions.
- Monitor security posture and implement recommended security controls.
- Manage identity and access management initiatives, including multi-factor authentication, role-based access controls, and privileged access management.
- Review security alerts, audit logs, data protection policies, and access controls.
Security Operations & Incident Response- Serve as an escalation point for security events and incidents.
- Participate in incident investigations, containment efforts, root cause analysis, and post-incident reviews.
- Assist with incident response planning, tabletop exercises, and security documentation.
- Monitor emerging cybersecurity threats and vulnerabilities relevant to the organization.
- Coordinate with external security partners to identify and address security risks.
Vulnerability Management- Coordinate vulnerability scanning and penetration testing activities.
- Review assessment results and track remediation efforts through completion.
- Escalate critical findings and collaborate with technical teams to reduce risk.
- Support continuous improvement of vulnerability management processes.
Security Awareness & Training- Administer security awareness and phishing simulation programs.
- Analyze training results and recommend targeted educational initiatives.
- Support onboarding and annual security training programs.
- Develop user-focused security communications and awareness materials.
Cloud Security- Assist with securing cloud services and infrastructure.
- Support implementation of least-privilege access models and network segmentation.
- Review cloud security configurations and identify opportunities for improvement.
- Monitor cloud environments for compliance with organizational security standards.
AI Governance & Security- Support evaluation and security review of AI tools and platforms.
- Participate in AI risk assessments, privacy reviews, and governance initiatives.
- Assist with monitoring approved AI solutions for policy compliance and security risks.
- Stay current on emerging AI threats, vulnerabilities, and regulatory developments.
Security Program Support- Contribute to security roadmap planning and annual security initiatives.
- Partner with internal and external stakeholders to implement security improvements.
- Assist with security-related projects and other duties as assigned.
QualificationsRequired- Bachelor's degree in Information Technology, Cybersecurity, or a related field, or equivalent experience.
- 3-5 years of experience in cybersecurity, information security, or security operations.
- Experience supporting Microsoft 365 security technologies, including identity management, endpoint security, data protection, and access control solutions.
- Working knowledge of security frameworks and compliance requirements.
- Familiarity with network security concepts, including firewalls, segmentation, DNS filtering, and access controls.
- Experience with vulnerability management, remediation tracking, and security assessments.
- Strong documentation, communication, and analytical skills.
- Ability to manage multiple priorities and work independently in a fast-paced environment.
Preferred- Experience in healthcare, regulated industries, professional services, or multi-entity environments.
- Experience with EDR/MDR platforms and modern endpoint security technologies.
- Exposure to cloud security services, monitoring tools, and infrastructure security controls.
- Experience administering security awareness and phishing simulation platforms.
- Familiarity with industry security frameworks and compliance standards.
- Relevant security certifications such as Security+, Microsoft security certifications, cloud security certifications, or equivalent credentials.
Compensation: $85,000 to $105,000 annually
Compensation is based on a range of factors that include relevant experience, knowledge, skills, other job-related qualifications.
