Security Analyst

Fortegra

$70K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or related field, OR equivalent experience
  • 2+ years in Information Security or a related role
  • Knowledge of cybersecurity frameworks like NIST CSF and MITRE ATT&CK
  • Experience securing at least one major cloud provider (AWS, Azure, GCP)
  • Familiarity with vulnerability management and remediation processes
  • Experience integrating security into CI/CD pipelines
  • Incident response experience including triage and recovery

Responsibilities

  • Safeguard data and applications' confidentiality and integrity across various environments
  • Lead investigations into escalated security incidents and manage recovery processes
  • Develop and maintain security detections aligned with threat models
  • Conduct tabletop exercises and incident management drills annually
  • Lead vulnerability remediation efforts across numerous platforms
  • Design and execute vulnerability assessments and manage findings
  • Partner with IT teams to enhance IAM policies and security controls

Benefits

  • Comprehensive health and wellness programs
  • 401(k) plan with company match
  • Flexible work schedule options
  • Professional development and continuous learning opportunities
  • Collaborative and innovative team culture
Full Job Description
Responsible for safeguarding confidentiality, integrity, and availability of data, applications, infrastructure, and AI systems across the organization. The Security Analyst leads day-to-day operations of the company's security tooling across on-premises, cloud, and SaaS environments, drives the identification, investigation, and resolution of security events, and partners with engineering and operations teams to embed security throughout the software development and deployment lifecycle. The role also helps the organization securely adopt, deploy, and govern AI technologies

Primary Job Functions:

Security Operations & Incident Response
  • Monitor and tune in-place security solutions (SIEM, EDR/XDR, SOAR, email security, DLP, CSPM) for efficient and appropriate operation.
  • Lead investigations into security incidents escalated beyond Tier 1, including triage, forensic analysis, containment, eradication, and recovery.
  • Develop, maintain, and tune detections (e.g., SIEM rules, EDR custom detections) aligned to MITRE ATT&CK and the organization's threat models
  • Conduct and participate in tabletop exercises, purple-team engagements, and incident management drills at least annually.
  • Maintain runbooks and playbooks for common incident types, including cloud, identity, ransomware, and AI/LLM-related incidents.

Vulnerability & Threat Management
  • Lead vulnerability remediation across endpoints, servers, cloud workloads, containers, and SaaS applications, working with infrastructure and engineering teams to drive risk down.
  • Design and execute vulnerability assessments, penetration tests, red-team exercises, and security audits; manage findings through to closure.
  • Maintain hardened, up-to-date baselines (CIS Benchmarks or equivalent) for workstations, servers, cloud resources, containers, and network devices.
  • Consume and operationalize threat intelligence to anticipate and defend against new attacks and threat vectors.

Cloud & Infrastructure Security
  • Design, implement, and review security controls across cloud environments including IAM, network segmentation, encryption, logging, and posture management (CSPM/CNAPP).
  • Advance the organization's Zero Trust strategy across identity, device, network, application, and data layers.
  • Review Infrastructure-as-Code manifests for security misconfigurations; help maintain policy-as-code guardrails.
  • Partner with IT and identity teams on IAM, SSO, MFA, privileged access management, and conditional access policies.

Application & Software Supply Chain Security
  • Partner with the CISO and engineering leadership to enforce secure coding practices; deliver annual secure-development training, including OWASP Top 10 and OWASP LLM Top 10 content.
  • Integrate and tune security testing in CI/CD pipelines: SAST, DAST, SCA, secret scanning, container image scanning, and IaC scanning.
  • Establish and maintain software supply chain controls, including SBOM generation, dependency review, and alignment with frameworks such as SLSA.
  • Lead threat-modeling sessions for new products, services, and AI-enabled features.

AI Security & Governance
  • Help define and enforce policies for the safe adoption and use of AI tools within the organization, including LLM-based assistants, agentic systems, and Model Context Protocol (MCP) or similar tool integrations.
  • Assess and mitigate risks specific to AI/ML systems the organization builds or consumes, including prompt injection, jailbreaks, insecure output handling, training-data and model integrity, sensitive-data leakage, and model/identity supply-chain risks.
  • Apply AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI Risk Management Framework, ISO/IEC 42001 concepts) when evaluating AI vendors, internal AI products, and AI-generated code.
  • Review AI-generated code for security vulnerabilities and licensing issues before it reaches production.
  • Partner with Legal, Privacy, and Engineering on AI data handling, retention, and disclosure practices.

AI-Augmented Security Operations & Tooling
  • Evaluate and deploy AI-assisted security tooling (e.g., LLM-powered alert triage, log summarization, threat-intel enrichment, phishing analysis, AI-assisted code review) to improve analyst productivity and reduce mean time to detect/respond.
  • Build lightweight automations and scripts (Python, PowerShell, or similar), leveraging AI coding assistants where appropriate, to streamline detection, response, and reporting workflows.

Compliance, Risk & Audit
  • Prepare for and respond to internal and external IT audits and risk assessments (GDPR, DORA, PCI DSS, HIPAA, GDPR/CCPA, as applicable).
  • Maintain awareness of applicable laws and regulations related to security, data privacy, and AI (including emerging AI regulation).
  • Recommend new or enhanced security solutions and assist with their deployment, integration, and configuration in line with the organization's security standards.
  • Maintain up-to-date knowledge of the security industry, including new attack techniques, defensive tooling, and AI-related threats and defenses.

The duties and responsibilities above describe the general nature and level of work performed. They are not intended to be an exhaustive list of all duties and responsibilities that the incumbent may be expected or asked to perform.

Minimum Qualifications:
  • Bachelor's degree in Computer Science, Information Security, or a related technical field, OR equivalent professional experience
  • 2+ years of experience in Information Security, Security Analyst, or closely related role
  • Working knowledge of common cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS Controls, MITRE ATT&CK)
  • Hands-on experience securing at least one major cloud provider (AWS, Azure, or GCP), including identity, network, and workload controls.
  • Experience with vulnerability management, patching, and remediation across servers, endpoints, containers, and cloud workloads
  • Experience integrating security into CI/CD pipelines (SAST, DAST, SCA, secret scanning, IaC scanning)
  • Incident response experience, including triage, containment, eradication, recovery, and post-incident review

Licensure, Certification, and/or Registration:
  • One or more of the following preferred: Security+, CySA+, GIAC (e.g., GSEC, GCIH, GCFA, GCSA), OSCP, SC-900
  • AI/ML security credentials (e.g., AI Security/Governance certifications) a plus

Applicants must be authorized to work for any employer in the United States. We are unable to sponsor or assume sponsorship of employment visas at this time. We welcome applicants of all backgrounds and national origins

Recruitment Updates:

Fortegra has recently been made aware of unauthorized communications regarding career opportunities by individuals not associated with Fortegra or our recruitment team. Fortegra will only contact you from If you receive a message from someone posing as a Fortegra recruiter via text message, WhatsApp, Telegram or other messaging platform, please report it as phishing and block the sender.

Fortegra is not accepting unsolicited resumes from search firms for this position.

#LI-Onsite

Similar Jobs

More Jobs at Fortegra

  • Security Analyst
    $70K — $95K *
    Jacksonville, FL 32210 (Duval County)
    Information Technology
    In-Person
  • AI Engineer - Full Stack
    $110K — $190K *
    Richardson, TX 75080 (Dallas County)
    Information Technology
    In-Person
  • AI Engineer - Full Stack
    $110K — $190K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    In-Person
  • AI Engineer - Full Stack
    $110K — $190K *
    Jacksonville, FL 32210 (Duval County)
    Information Technology
    In-Person
  • Senior Full Stack AI Engineer
    $110K — $190K *
    Iselin, NJ 08830 (Middlesex County)
    Information Technology
    In-Person

More Information Technology Jobs

Find similar Security Analyst jobs: