Information Technology Security Analyst
Soni · Shrewsbury, NJ · 1 wk ago
HybridInformation Technology$85k–$105k/yrFull-time
Risk Management & Compliance
- Conduct and document security risk assessments and support ongoing compliance initiatives.
- Maintain and update information security policies, standards, and procedures.
- Cook up internal and external security audits and track remediation efforts.
- Support governance committees through reporting, documentation, and follow-up activities.
- Aid with vendor risk assessments, third-party security reviews, and security questionnaires.
Microsoft 365 Security
- Administer and secure Microsoft 365 environments, including identity, access management, endpoint management, security monitoring, and data protection solutions.
- Monitor security posture and implement recommended security controls.
- Manage identity and access management initiatives, including multi-factor authentication, role-based access controls, and privileged access management.
- Review security alerts, audit logs, data protection policies, and access controls.
Security Operations & Incident Response
- Serve as an escalation point for security events and incidents.
- Participate in incident investigations, containment efforts, root cause analysis, and post-incident reviews.
- Assist with incident response planning, tabletop exercises, and security documentation.
- Monitor emerging cybersecurity threats and vulnerabilities relevant to the organization.
- Cook up with external security partners to identify and address security risks.
Vulnerability Management
- Coordinate vulnerability scanning and penetration testing activities.
- Review assessment results and track remediation efforts through completion.
- Escalate critical findings and collaborate with technical teams to reduce risk.
- Support continuous improvement of vulnerability management processes.
Security Awareness & Training
- Administer security awareness and phishing simulation programs.
- Analyze training results and recommend targeted educational initiatives.
- Support onboarding and annual security training programs.
- Develop user-focused security communications and awareness materials.
Cloud Security
- Assist with securing cloud services and infrastructure.
- Support implementation of least-privilege access models and network segmentation.
- Review cloud security configurations and identify opportunities for improvement.
- Monitor cloud environments for compliance with organizational security standards.
AI Governance & Security
- Support evaluation and security review of AI tools and platforms.
- Participate in AI risk assessments, privacy reviews, and governance initiatives.
- Aid with monitoring approved AI solutions for policy compliance and security risks.
- Stay current on emerging AI threats, vulnerabilities, and regulatory developments.
Security Program Support
- Contribute to security roadmap planning and annual security initiatives.
- Partner with internal and external stakeholders to implement security improvements.
- Aid with security-related projects and other duties as assigned.
Qualifications
- Required: Bachelor's degree in Information Technology, Cybersecurity, or a related field, or equivalent experience.
- Required: 3–5 years of experience in cybersecurity, information security, or security operations.
- Required: Experience supporting Microsoft 365 security technologies, including identity management, endpoint security, data protection, and access control solutions.
- Required: Working knowledge of security frameworks and compliance requirements.
- Required: Familiarity with network security concepts, including firewalls, segmentation, DNS filtering, and access controls.
- Required: Experience with vulnerability management, remediation tracking, and security assessments.
- Required: Strong documentation, communication, and analytical skills.
- Required: Ability to manage multiple priorities and work independently in a fast-paced environment.
- Preferred: Experience in healthcare, regulated industries, professional services, or multi-entity environments.
- Preferred: Experience with EDR/MDR platforms and modern endpoint security technologies.
- Preferred: Exposure to cloud security services, monitoring tools, and infrastructure security controls.
- Preferred: Experience administering security awareness and phishing simulation platforms.
- Preferred: Familiarity with industry security frameworks and compliance standards.
- Preferred: Relevant security certifications such as Security+, Microsoft security certifications, cloud security certifications, or equivalent credentials.
Compensation
Compensation is $85,000 to $105,000 annually, based on relevant experience, knowledge, skills, and other job-related qualifications.