Jobs · Information Technology · Florida

Security Analyst

Fortegra · Jacksonville, FL · 1 wk ago
On-siteInformation TechnologyFull-time

About the role

The Security Analyst is responsible for safeguarding confidentiality, integrity, and availability of data, applications, infrastructure, and AI systems across the organization. This role involves leading day-to-day operations of security tooling, driving incident response, and embedding security throughout the software development lifecycle.

Responsibilities

  • Monitor and tune in-place security solutions (SIEM, EDR/XDR, SOAR, email security, DLP, CSPM) for efficient and appropriate operation.
  • Lead investigations into security incidents escalated beyond Tier 1, including triage, forensic analysis, containment, eradication, and recovery.
  • Develop, maintain, and tune detections (e.g., SIEM rules, EDR custom detections) aligned to MITRE ATT&CK and the organization’s threat models.
  • Conduct and participate in tabletop exercises, purple-team engagements, and incident management drills at least annually.
  • Maintain runbooks and playbooks for common incident types, including cloud, identity, ransomware, and AI/LLM-related incidents.
  • Lead vulnerability remediation across endpoints, servers, cloud workloads, containers, and SaaS applications, working with infrastructure and engineering teams to drive risk down.
  • Design and execute vulnerability assessments, penetration tests, red-team exercises, and security audits; manage findings through to closure.
  • Maintain hardened, up-to-date baselines (CIS Benchmarks or equivalent) for workstations, servers, cloud resources, containers, and network devices.
  • Consume and operationalize threat intelligence to anticipate and defend against new attacks and threat vectors.
  • Design, implement, and review security controls across cloud environments including IAM, network segmentation, encryption, logging, and posture management (CSPM/CNAPP).
  • Advance the organization’s Zero Trust strategy across identity, device, network, application, and data layers.
  • Review Infrastructure-as-Code manifests for security misconfigurations; help maintain policy-as-code guardrails.
  • Partner with IT and identity teams on IAM, SSO, MFA, privileged access management, and conditional access policies.
  • Partner with the CISO and engineering leadership to enforce secure coding practices; deliver annual secure-development training, including OWASP Top 10 and OWASP LLM Top 10 content.
  • Integrate and tune security testing in CI/CD pipelines: SAST, DAST, SCA, secret scanning, container image scanning, and IaC scanning.
  • Establish and maintain software supply chain controls, including SBOM generation, dependency review, and alignment with frameworks such as SLSA.
  • Lead threat-modeling sessions for new products, services, and AI-enabled features.
  • Help define and enforce policies for the safe adoption and use of AI tools within the organization, including LLM-based assistants, agentic systems, and Model Context Protocol (MCP) or similar tool integrations.
  • Assess and mitigate risks specific to AI/ML systems the organization builds or consumes, including prompt injection, jailbreaks, insecure output handling, training-data and model integrity, sensitive-data leakage, and model/identity supply-chain risks.
  • Apply AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI Risk Management Framework, ISO/IEC 42001 concepts) when evaluating AI vendors, internal AI products, and AI-generated code.
  • Review AI-generated code for security vulnerabilities and licensing issues before it reaches production.
  • Partner with Legal, Privacy, and Engineering on AI data handling, retention, and disclosure practices.
  • Evaluate and deploy AI-assisted security tooling (e.g., LLM-powered alert triage, log summarization, threat-intel enrichment, phishing analysis, AI-assisted code review) to improve analyst productivity and reduce mean time to detect/respond.
  • Build lightweight automations and scripts (Python, PowerShell, or similar), leveraging AI coding assistants where appropriate, to streamline detection, response, and reporting workflows.
  • Prepare for and respond to internal and external IT audits and risk assessments (GDPR, DORA, PCI DSS, HIPAA, GDPR/CCPA, as applicable).
  • Maintain awareness of applicable laws and regulations related to security, data privacy, and AI (including emerging AI regulation).
  • Recommend new or enhanced security solutions and assist with their deployment, integration, and configuration in line with the organization’s security standards.
  • Maintain up-to-date knowledge of the security industry, including new attack techniques, defensive tooling, and AI-related threats and defenses.

Requirements

  • Bachelor’s degree in Computer Science, Information Security, or a related technical field, OR equivalent professional experience.
  • 2+ years of experience in Information Security, Security Analyst, or closely related role.
  • Working knowledge of common cybersecurity frameworks (NIST CSF, NIST 800‑53, ISO 27001, CIS Controls, MITRE ATT&CK).
  • Hands-on experience securing at least one major cloud provider (AWS, Azure, or GCP), including identity, network, and workload controls.
  • Experience with vulnerability management, patching, and remediation across servers, endpoints, containers, and cloud workloads.
  • Experience integrating security into CI/CD pipelines (SAST, DAST, SCA, secret scanning, IaC scanning).
  • Incident response experience, including triage, containment, eradication, recovery, and post-incident review.

Qualifications

  • Licenses, Certifications, and Registrations: One or more of the following preferred: Security+, CySA+, GIAC (e.g., GSEC, GCIH, GCFA, GCSA), OSCP, SC-900.
  • AI/ML security credentials (e.g., AI Security/Governance certifications) a plus.

Similar jobs

Security Analyst

SEKO LogisticsSchaumburg, IL· 2 wk ago
Information Technology$70k–$100k/yrapply on sekologistics.wd503.myworkdayjobs.com

Security Analyst

ECLAROArlington, TX· 3 wk ago
Information Technology$55–$60/hrapply on www2.jobdiva.com

Security Analyst

Aptos LabsUnited States· 2 wk ago
RemoteInformation Technology$120k–$180k/yrapply on grnh.se

Security Analyst

Neptune Technology GroupDuluth, GA· 2 wk ago
Information Technologyapply on recruiting.ultipro.com

Security Analyst

VimoMountain View, CA· 2 wk ago
RemoteEngineeringapply on paycomonline.net

Security Analyst

Technix LLCMinnesota, United States· 4 days ago
Information Technology