IT Security Analyst II
Audubon Companies · Houston, TX · 1 mo ago
Information TechnologyFull-time
PRIMARY RESPONSIBILITIES
- Monitor, triage, and investigate reported phishing attempts, suspicious emails, account activity, endpoint events, and other user-reported or system-generated security incidents; coordinate containment, remediation, and escalation as required.
- Review and analyze alerts from SOC services, SIEM platforms, endpoint protection tools, identity systems, Microsoft 365 security controls, and threat intelligence sources; identify trends, false positives, recurring risks, and opportunities for improved detection.
- Tune and maintain email security controls, including spam, phishing, impersonation, and malware filtering; recommend and implement rule changes to reduce risk while minimizing business disruption.
- Administer phishing simulation campaigns, security awareness training, user follow-up, and reporting; partner with IT and business leaders to improve user resilience against social engineering threats.
- Administer and support endpoint protection, internet security, zero-trust desktop controls, and related security platforms; assist with configuration reviews, exception handling, policy updates, and troubleshooting.
- Monitor Microsoft 365 user account security, email activity, conditional access signals, risky sign-ins, and related security posture indicators; support remediation of compromised or high-risk accounts.
- Support vulnerability management and security hygiene activities by reviewing findings, coordinating remediation with IT teams, validating corrective actions, and documenting risk exceptions where appropriate.
EXPERIENCE AND SKILL REQUIREMENTS
- Bachelor’s degree in Information Security, Computer Science, Engineering, Information Technology, or related field, or equivalent combination of education, training, and experience.
- Three to five years of experience in IT security, cybersecurity operations, infrastructure security, identity administration, incident response, or a closely related IT role.
- Hands-on experience with security tools and platforms such as SIEM, endpoint detection and response, endpoint protection, email security, identity and access management, vulnerability management, and Microsoft 365 security administration.
- Working knowledge of phishing analysis, incident triage, endpoint investigation, identity-related threats, cloud productivity platform security, and common attack techniques.
- Experience administering or supporting Okta, Microsoft 365, endpoint protection, internet security, and zero-trust or conditional access controls preferred.
- Understanding of ISMS practices, security policies, risk management, audit evidence collection, and compliance frameworks such as ISO 27001.
- Ability to analyze security events, document findings clearly, prioritize risk-based remediation activities, and communicate practical recommendations to technical and non-technical audiences.
- Strong written and verbal communication skills in English; Spanish proficiency is a plus but is not required.
- Ability to work independently, manage recurring security responsibilities, collaborate across teams, and support occasional after-hours incident response or planned security activities when business needs require.
- Relevant certifications such as CompTIA Security+, CySA+, SSCP, GSEC, CISSP, CISM, or Microsoft security certifications are preferred.