Andersen Corporation

Senior Associate, Security Operations

Andersen Corporation$115K — $130K *
Technical Services
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in security operations or incident response
  • Bachelor's degree in Information Security, Computer Science, or related field
  • Hands-on experience in triaging and coordinating incident responses
  • Ability to enhance incident response playbooks effectively
  • Familiarity with managed detection and response services
  • Experience managing vendor relationships in a security context
  • Technical fluency in endpoint security, network fundamentals, and threat detection

Responsibilities

  • Serve as the internal incident response coordinator during security events
  • Execute and improve incident response playbooks through testing and updates
  • Triage escalations from the managed detection and response provider
  • Produce clear post-incident reports for technical and executive audiences
  • Coordinate responses to client security due diligence requests
  • Support security operations and manage vendor relationships
  • Identify AI-related security risks and integrate them into response strategies

Benefits

  • Medical, dental, vision, and basic life insurance coverage
  • 401(k) plan enrollment upon hire
  • Paid time off starting at 160 hours annually
  • Twelve paid holidays throughout the calendar year
  • Discretionary bonuses based on performance metrics
Full Job Description
Application Notice

We encourage you to apply thoughtfully by selecting one position that best matches your qualifications and interests. You may submit up to two active applications at a time. Please consider your location choice carefully-we recommend applying where you envision building your future.

The Role

Andersen's information security function is expanding, and this role sits at the operational core of that effort. The Senior Associate, Security Operations serves as the firm's internal hub for day-to-day security operations, owning the relationship with our managed detection and response provider, triaging and coordinating incident response, managing security vendor relationships, and executing client security due diligence. This role requires a candidate who is equally comfortable analyzing a threat escalation and drafting a vendor risk assessment.

The Senior Associate reports to the Head of Security Engineering & Architecture, with dotted-line accountability to the Senior Manager, Governance, Risk & Compliance for client diligence and vendor risk.

After-hours availability is a firm requirement of this role; high-severity incidents do not observe business hours.

The Senior Associate, Security Operations can expect to:

Incident Response
  • Serve as the firm's internal incident response coordinator, working alongside the managed detection and response provider during active security events
  • Execute, test, and continuously improve IR playbooks through regular tabletop exercises, lessons learned, and evolving threat intelligence
  • Coordinate internal stakeholder communication during incidents, escalating at appropriate severity thresholds
  • Produce post-incident reports that are clear, factual, and actionable for both technical and executive audiences

MDR Partnership
  • Serve as the primary day-to-day liaison to the firm's MDR provider; review threat reports, detection summaries, and alert trends, and hold the provider accountable to SLAs
  • Triage MDR escalations - assess severity, validate findings, and initiate the appropriate internal response workflow
  • Coordinate detection rule tuning and alert threshold adjustments to reduce false positives and improve signal quality
  • Maintain a working knowledge of the MDR's detection logic and coverage gaps, flagging concerns proactively to the Head of Security Engineering & Architecture

Client Due Diligence
  • Execute responses to client security questionnaires and due diligence requests accurately and on time, drawing on the response library maintained by the Senior Manager, GRC
  • Ensure questionnaire responses reflect the firm's current control posture and active certifications, escalating discrepancies or coverage gaps immediately
  • Manage the intake and tracking of diligence requests, flagging new or unusual questions to the Senior Manager, GRC to drive updates to the approved response framework

Security Operations Support
  • Support the Head of Security Engineering & Architecture in day-to-day security operations, including vulnerability management tracking and remediation follow-up
  • Manage operational relationships with security technology and service vendors, tracking contract terms, renewal dates, and SLA performance
  • Partner with the Senior Manager, GRC on vendor risk assessments, ensuring reviews are completed on schedule and findings are tracked to remediation
  • Maintain operational documentation including runbooks, contact trees, and escalation procedures
  • Contribute to security awareness initiatives and serve as a resource for internal teams with security-related questions
  • Identify and assess security risks introduced by AI-assisted attacks, including AI-augmented phishing, deepfake-based social engineering, and adversarial use of AI agents; incorporate AI threat scenarios into tabletop exercises and ongoing IR playbook updates
  • Monitor for security exposure from internal use of unsanctioned AI tools and citizen developer platforms, coordinating with the Senior Manager, GRC to ensure shadow AI risks are tracked and escalated appropriately

The Requirements

  • 5+ years of experience in security operations, incident response, or a closely related discipline
  • Bachelor's degree in Information Security, Computer Science, or a related field
  • Demonstrated experience triaging and coordinating incident response, including hands-on involvement during active security events
  • Ability to execute, test, and improve IR playbooks, evaluating their effectiveness and driving meaningful enhancements, not just following them
  • Working familiarity with managed detection and response services, including how to interpret their outputs and manage them as an operational partner
  • Experience managing vendor relationships in a security context, including SLA oversight and contract coordination
  • Experience with client security due diligence, including responding to security questionnaires and third-party assessments
  • Technical fluency across core security domains: endpoint security, network fundamentals, log analysis, and threat detection
  • Proficiency with enterprise security tooling including SIEM, EDR, and ticketing platforms
  • Working knowledge of AI-enabled threat vectors, including AI-augmented social engineering, adversarial AI agent activity, and the security risks introduced by citizen developer platforms and unsanctioned AI tool adoption within the enterprise
  • Strong written communication skills; able to produce clear incident reports and professional client-facing responses under time pressure
  • Availability and willingness to respond to high-severity incidents outside of business hours

Preferred
  • Relevant certification in incident handling or security analysis (e.g., GCIH, GSEC, GSOC)
  • Background in professional services or consulting, where security posture directly impacts client relationships
  • Familiarity with SOC 2 or ISO 27001 control environments and how security operations intersect with compliance requirements
  • Exposure to threat intelligence platforms or processes
  • Familiarity with AI security risk frameworks such as NIST AI RMF or MITRE ATLAS, and practical exposure to assessing risks from AI agent deployments and employee use of generative AI tools

Compensation and Benefits

Our firm offers competitive base compensation, benefits package, and a discretionary employee bonus program for eligible employees based on individual and firm performance metrics per the defined program guidelines. For individuals hired to work in the United States, the expected salary range for this role is $115,000-$130,000; the actual salary offer can vary based upon employee qualifications.

Benefits: Employees (and their families) are covered by medical, dental, vision, and basic life insurance. Employees are able to enroll in our firm's 401(k) plan upon hire. We offer paid time off, beginning at 160 hours annually and provides twelve paid holidays throughout the calendar year. For a full listing of benefit offerings, please visit https://www.andersen.com/careers/faqs.

Compensation: In addition to competitive base compensation, our firm offers annual discretionary bonuses based on firm and individual performance, a discretionary long-term cash incentive program, and other forms of discretionary compensation that would be offered to the hired applicant in addition to their established salary range scale.

Applicants must be currently authorized to work in the United States on a full-time basis upon hire. Andersen will not consider candidates for this position who require sponsorship for employment visa status now or in the future (e.g., H-1B status).

About Andersen Corporation

Andersen Corporation is a privately held company that manufactures and sells windows and doors for residential and commercial use. The company was founded in 1903 and is headquartered in Bayport, Minnesota. Andersen Corporation is committed to sustainability and has set ambitious goals to reduce its environmental impact, including reducing greenhouse gas emissions, increasing the use of renewable energy, and reducing waste. The company is also committed to social responsibility and has a long history of philanthropy and community involvement.
Learn more about Andersen Corporation
Size
12,000 employees
Industry

Similar Jobs

More Jobs at Andersen Corporation

More Technical Services Jobs

Find similar Senior Associate, Security Operations jobs: