Senior Associate Information Security (San Antonio, TX)
Affinius Capital · San Antonio, Texas Metropolitan Area · 3 wk ago
On-siteInformation Technology$61/hrFull-time
About the role
The Senior Associate Information Security leads the organization’s cybersecurity program across a hybrid on-premises and Microsoft Azure environment. This role oversees security operations, governance, risk management, and incident response while partnering closely with infrastructure, cloud, compliance, and business leaders.
Responsibilities
- Lead day-to-day security operations across Microsoft Defender XDR, including Defender for Endpoint, Identity, Office 365, Cloud Apps, Defender for Cloud, and Microsoft Sentinel
- Oversee detection, investigation, and response to security incidents, including phishing, BEC, endpoint compromise, identity attacks, and insider risk
- Own and continuously improve incident response playbooks, tabletop exercises, and post-incident reviews
- Manage security monitoring, alert tuning, and automation (SOAR) to reduce noise and improve mean time to detect/respond (MTTD/MTTR)
- Identity, Access & Cloud Security
- Govern Microsoft Entra ID security, including Conditional Access, MFA, Privileged Identity Management (PIM), identity protection, and access reviews
- Partner with infrastructure and cloud teams to secure hybrid Active Directory, Azure subscriptions, and workloads
- Ensure secure configuration baselines for endpoints, servers, and cloud resources using Microsoft security best practices
- Governance, Risk & Compliance
- Maintain and mature the organization’s information security program, policies, and standards (e.g., access control, incident response, data protection)
- Map technical controls to frameworks such as NIST CSF, ISO 27001, or similar
- Support audits, risk assessments, vendor security reviews, and regulatory/compliance initiatives
- Track and report security risk, control effectiveness, and remediation progress to leadership
- Data Protection & Information Governance
- Partner with Legal, Compliance, and IT to protect sensitive data using Microsoft Purview, DLP, retention, and eDiscovery
- Ensure appropriate controls for data classification, encryption, and information lifecycle management
- Leadership & Collaboration
- Manage security operations resources (internal or MSSP)
- Serve as a trusted advisor to IT leadership and business stakeholders on security risk and strategy
- Drive security awareness and training initiatives across the organization
- Participate in architecture and project reviews to embed security by design
Requirements
- Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience)
- 5+ years of progressive experience in information security
- Strong hands-on experience with:
- Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps)
- Microsoft Entra ID (Azure AD), Conditional Access, MFA, PIM
- Microsoft 365 security and compliance features
- Hybrid on-premises and Azure environments
- Proven experience leading incident response and security investigations
- Solid understanding of security frameworks, risk management, and audit processes
- Ability to communicate complex security topics clearly to executives and non-technical audiences
- Willing to work onsite full-time
Qualifications
- Preferred Qualifications
- Microsoft security certifications (e.g., SC-200, SC-300, SC-100, AZ-500)
- Industry certifications such as CISSP, CISM, CRISC, or GIAC
- Experience with Defender automation, KQL, Sentinel, or SOAR tooling
- Experience in financial services, real estate, or regulated environments
- Experience integrating third-party tools with Microsoft Defender and M365