Security Analyst
Fortegra · Jacksonville, FL · 1 wk ago
On-siteInformation TechnologyFull-time
About the role
The Security Analyst is responsible for safeguarding confidentiality, integrity, and availability of data, applications, infrastructure, and AI systems across the organization. This role involves leading day-to-day operations of security tooling, driving incident response, and embedding security throughout the software development lifecycle.
Responsibilities
- Monitor and tune in-place security solutions (SIEM, EDR/XDR, SOAR, email security, DLP, CSPM) for efficient and appropriate operation.
- Lead investigations into security incidents escalated beyond Tier 1, including triage, forensic analysis, containment, eradication, and recovery.
- Develop, maintain, and tune detections (e.g., SIEM rules, EDR custom detections) aligned to MITRE ATT&CK and the organization’s threat models.
- Conduct and participate in tabletop exercises, purple-team engagements, and incident management drills at least annually.
- Maintain runbooks and playbooks for common incident types, including cloud, identity, ransomware, and AI/LLM-related incidents.
- Lead vulnerability remediation across endpoints, servers, cloud workloads, containers, and SaaS applications, working with infrastructure and engineering teams to drive risk down.
- Design and execute vulnerability assessments, penetration tests, red-team exercises, and security audits; manage findings through to closure.
- Maintain hardened, up-to-date baselines (CIS Benchmarks or equivalent) for workstations, servers, cloud resources, containers, and network devices.
- Consume and operationalize threat intelligence to anticipate and defend against new attacks and threat vectors.
- Design, implement, and review security controls across cloud environments including IAM, network segmentation, encryption, logging, and posture management (CSPM/CNAPP).
- Advance the organization’s Zero Trust strategy across identity, device, network, application, and data layers.
- Review Infrastructure-as-Code manifests for security misconfigurations; help maintain policy-as-code guardrails.
- Partner with IT and identity teams on IAM, SSO, MFA, privileged access management, and conditional access policies.
- Partner with the CISO and engineering leadership to enforce secure coding practices; deliver annual secure-development training, including OWASP Top 10 and OWASP LLM Top 10 content.
- Integrate and tune security testing in CI/CD pipelines: SAST, DAST, SCA, secret scanning, container image scanning, and IaC scanning.
- Establish and maintain software supply chain controls, including SBOM generation, dependency review, and alignment with frameworks such as SLSA.
- Lead threat-modeling sessions for new products, services, and AI-enabled features.
- Help define and enforce policies for the safe adoption and use of AI tools within the organization, including LLM-based assistants, agentic systems, and Model Context Protocol (MCP) or similar tool integrations.
- Assess and mitigate risks specific to AI/ML systems the organization builds or consumes, including prompt injection, jailbreaks, insecure output handling, training-data and model integrity, sensitive-data leakage, and model/identity supply-chain risks.
- Apply AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI Risk Management Framework, ISO/IEC 42001 concepts) when evaluating AI vendors, internal AI products, and AI-generated code.
- Review AI-generated code for security vulnerabilities and licensing issues before it reaches production.
- Partner with Legal, Privacy, and Engineering on AI data handling, retention, and disclosure practices.
- Evaluate and deploy AI-assisted security tooling (e.g., LLM-powered alert triage, log summarization, threat-intel enrichment, phishing analysis, AI-assisted code review) to improve analyst productivity and reduce mean time to detect/respond.
- Build lightweight automations and scripts (Python, PowerShell, or similar), leveraging AI coding assistants where appropriate, to streamline detection, response, and reporting workflows.
- Prepare for and respond to internal and external IT audits and risk assessments (GDPR, DORA, PCI DSS, HIPAA, GDPR/CCPA, as applicable).
- Maintain awareness of applicable laws and regulations related to security, data privacy, and AI (including emerging AI regulation).
- Recommend new or enhanced security solutions and assist with their deployment, integration, and configuration in line with the organization’s security standards.
- Maintain up-to-date knowledge of the security industry, including new attack techniques, defensive tooling, and AI-related threats and defenses.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or a related technical field, OR equivalent professional experience.
- 2+ years of experience in Information Security, Security Analyst, or closely related role.
- Working knowledge of common cybersecurity frameworks (NIST CSF, NIST 800‑53, ISO 27001, CIS Controls, MITRE ATT&CK).
- Hands-on experience securing at least one major cloud provider (AWS, Azure, or GCP), including identity, network, and workload controls.
- Experience with vulnerability management, patching, and remediation across servers, endpoints, containers, and cloud workloads.
- Experience integrating security into CI/CD pipelines (SAST, DAST, SCA, secret scanning, IaC scanning).
- Incident response experience, including triage, containment, eradication, recovery, and post-incident review.
Qualifications
- Licenses, Certifications, and Registrations: One or more of the following preferred: Security+, CySA+, GIAC (e.g., GSEC, GCIH, GCFA, GCSA), OSCP, SC-900.
- AI/ML security credentials (e.g., AI Security/Governance certifications) a plus.