Security Analyst

Your Future. Secured. ISC2 is a force for good. As the world’s leading nonprofit member organization for cybersecurity professionals, our core values — Integrity, Advocacy, Commitment, Diversity, Equity & Inclusion and Excellence — drive everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications provide an independent and globally recognized endorsement of cybersecurity knowledge, skills and experience for all career levels. Our charitable arm, the Center for Cyber Safety and Education, enables ISC2 and our members to serve the public by educating the most vulnerable about cyber risks and empowering access to enter and thrive in the cyber profession. Learn more at ISC2 online and connect with us on Twitter, Facebook and LinkedIn. When you join ISC2, you’ll demonstrate your commitment to an inclusive and equitable environment. Your support of the unique perspectives and experiences shared by our global cybersecurity workforce and profession will be recognized. We invite you to take an active role in helping us create a true sense of belonging across our organization — an environment of authenticity, trust, empowerment and connectedness that empowers all of our successes. Learn more.

The Security Analyst will report directly to the Security Manager and will be responsible for identifying, detecting, and responding to security events. The Security Analyst will also support the team in the completion of assigned projects, administer and coordinate Security Awareness Training, monitor security incidents, and take action to respond to threats or escalate to more experienced members of the Security Team.

• Respond professionally and promptly to internal and external enquiries relating to the organization’s security program, ensuring high-quality customer service and resolution of requests.

• Administer and maintain the co-managed Security Information and Event Management (SIEM) platform, including Splunk. Responsibilities include configuring and maintaining event feeds, setting appropriate logging levels, and managing alerts, notifications, and reporting dashboards.

• Conduct security assessments of submitted software, cloud services, and third-party suppliers to evaluate potential risks and determine suitability for use in the enterprise environment.

• Maintain availability to respond to security incidents outside of normal business hours as part of the team's incident response and on-call responsibilities.

• Monitor, triage, and respond to security incidents originating from internal alerting tools, user reports, or external sources (e.g., bug bounty programs, social media). Escalate incidents as appropriate based on severity and potential business impact.

• Participate in vulnerability assessments, penetration testing activities, and internal security audits. Provide findings, risk analysis, and recommendations for remediation or process improvement.

• Administer enterprise application control systems, including configuration of policies, risk assessments of new software installations, and integration of alerts with other security tools.

• Support the implementation and maintenance of Identity and Access Management (IAM) policies and procedures to ensure standardized and repeatable access control practices.

• Collaborate with cross-functional teams to evaluate the impact of new or evolving technologies and their application in the current business environment.

• Assist in maintaining departmental documentation including security policies, procedures, system diagrams, and response plans to meet compliance and audit requirements.

• Assist the organization’s Third-Party Risk Management (TPRM) program, including assessments, documentation of findings, and communication of risks to the Security Manager.

• Collect, analyze, and report key security metrics monthly to provide visibility into the organization's security posture, identify trends, and support continuous improvement efforts.

• Support the design, deployment, and continual improvement of the Enterprise Security Awareness Training Program, including tracking metrics for training effectiveness and user engagement.

• Participate in team initiatives and projects as needed, contributing subject matter expertise and supporting operational and strategic goals.

• Undertake additional duties as assigned in support of the department’s mission and objectives.

• Perform other duties, as needed.

In addition to the core duties outlined, the Security Analyst will provide support to the Security Engineering team on an as-needed basis, assisting with the administration and monitoring of key security technologies such as Web Application Firewalls (WAF), network firewalls, Intrusion Detection Systems (IDS), and Security Information and Event Management (SIEM) tools, including Splunk. This support will serve as cover during planned absences like holidays or training sessions.

The Security Analyst will also serve as a member of the Incident Response Team, contributing to the organization’s capability to detect, respond to, and recover from cyber security events. In this role, the Analyst will act as a subject matter expert (SME) for business continuity and cyber resilience efforts, helping to maintain the continuity of critical operations and support recovery initiatives during and after incidents.

• Promote Values: Demonstrates and supports the 5 Company Core Values: Integrity, Excellence, DEI, Advocacy, Commitment
• Strong Communication Skills: Demonstrates clear and effective verbal and written communication, with the ability to engage individuals, teams, and leadership. Capable of facilitating meetings and team ceremonies to drive alignment and progress.
• Executive Presence and Presentation: Confidently presents project updates to senior audiences, contributes to company-wide meetings such as town halls, and manages high-profile communications with professionalism and clarity.
• Organized and Focused: Possesses excellent organizational skills, with the ability to manage multiple tasks, deadlines, and priorities in a fast-paced environment.
• Business Alignment: Clearly articulates the goals and impact of security initiatives, ensuring alignment with broader business objectives and organizational strategy.
• Self-Motivated and Collaborative: Works independently with minimal supervision while also thriving in team environments. Demonstrates strong ownership and accountability.
• Customer-Centric Mindset: Maintains a proactive, stakeholder-focused approach with a commitment to exceeding expectations and delivering high-value results.
• Influential Team Player: Builds strong relationships across all levels of the organization and collaborates effectively to influence outcomes and build consensus.
• Flexible and Supportive: Willingly adopts different roles, supports colleagues, and adapts to meet the changing needs of projects and the organization.
• Problem Solver: Tackles challenges with curiosity and persistence, working closely with stakeholders to identify issues and implement practical, effective solutions.
• Detail-Oriented: Maintains a high level of accuracy and thoroughness in all tasks, especially documentation, analysis, and reporting.
• Adaptable and Resilient: Embraces change and remains flexible in a dynamic environment, maintaining composure and productivity under pressure.

• At least one relevant industry certification such as CompTIA Security+, SSCP, or ISC2 Certified in Cyber Security (CC), or must be willing and able to obtain certification within 12 months of hire.
• Familiarity with cyber security frameworks (e.g., NIST CSF, CIS Controls, or ISO 27001).
• Experience using reporting and visualization tools such as Power BI or Excel.
• Exposure to SIEM tools, vulnerability scanners, or ITSM platforms is advantageous.
• Ability to use Security Assessment tools, identify gaps in security capabilities for third-party suppliers, software deployments, and IT services.
• Proficient in report generation and technical writing.
• Practical knowledge and understanding of security risk and compliance, policy management, and governance.
• Practical knowledge and understanding of risk management frameworks.
• Practical knowledge and understanding of conducting risk assessments and regulatory compliance.
• Working knowledge of project planning and execution processes

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. An equivalent combination of education, certifications (e.g., CompTIA Security+, SSCP, ISC2 Certified in Cybersecurity (CC), and a minimum of 5 years of relevant experience may be considered in lieu of a degree.
• 2–3 years of professional experience in a cyber security, security operations, or IT security support role.

• Ability to travel up to 10% of time. May also include overnight and international travel.
• Work normal business hours and extended hours when necessary.
• Remain in a stationary position, often standing or sitting, for prolonged periods.
• Regular use of office equipment such as a computer/laptop and monitor computer screens.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computer components.

All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.