Senior Cybersecurity Analyst
Description:
Job Description
Salary: $75,000 - $125,000, Annually
** Please Note: this position is NOT remote ** You must live in Upstate NY **
** You must be legally authorized to work in the United States **
Job Title: Senior Cybersecurity Analyst
Department: Security
Job Summary
The Senior Cybersecurity Analyst is responsible for both proactive and reactive security services, ensuring the protection of internal and client systems. This role requires expertise in both technical and non-technical aspects of cybersecurity and information security management. As a key player in enhancing cybersecurity operations, the Senior Cybersecurity Analyst will provide mentorship, guidance, and support to other Cybersecurity Analysts.
The Senior Cybersecurity Analyst serves as the primary point of contact for select clients, focusing on delivering cybersecurity and compliance solutions tailored to their needs. This role involves leading initiatives to implement secure systems, enhance cybersecurity posture, and ensure compliance with industry standards. The Senior Cybersecurity Analyst will collaborate with all levels of the client's organization, including C-suite executives and IT teams, providing strategic guidance and hands-on support for cybersecurity initiatives. Acting as a virtual Chief Information Security Officer (vCISO), the Senior Cybersecurity Analyst will support clients in developing and executing cybersecurity strategies that align with their business objectives.
Key responsibilities include leading engagements in areas such as Incident Response, Security Assessments, Risk Assessments, Penetration Testing, Vulnerability Scanning, Policy & Procedure Consultation, Security Awareness Training and Cybersecurity Best Practices Assessments. The Senior Cybersecurity Consultant will also provide vCISO services for clients utilizing Governance, Risk and Compliance Services, assisting with Risk Analysis, Security Roadmap development, Vulnerability Scanning, Policy Guidance, Disaster Recovery Planning, Incident Response Planning, and Tabletop Readiness Exercises.
This position demands a solid foundation in security, strong communication abilities, and excellent time management skills. A key focus is understanding client needs comprehensively and making sound, actionable recommendations to address them.
Additionally, the Senior Cybersecurity Analyst will be responsible for creating and developing the final technical report deliverables, documenting findings as evidence for reporting and incident response activities.
Essential Functions:
Continually foster a positive atmosphere for learning by mentoring other team members. Provide expert consultation to both the company and clients, offering oversight and guidance during Risk Assessments to identify and address security gaps.
Conduct quarterly security audits of internal controls, identifying vulnerabilities and assessing potential risks.
Ensure optimal configuration, performance, and integration of security tools across the organization.
Offer consulting services for Governance, Risk & Compliance, utilizing tools like Cynomi, to assist clients in managing and mitigating cybersecurity risks.
Advise clients on the development, implementation, and maintenance of Security Policies and Procedures to strengthen their security frameworks.
Provide virtual Chief Information Security Officer (vCISO) services to clients, offering strategic security leadership and guidance on cybersecurity challenges.
Lead Tabletop Readiness Exercises, helping clients assess their incident response preparedness and improve their resilience.
Foster internal training initiatives by educating staff on best practices to minimize human-related security risks.
Lead the Security Teams incident response efforts, ensuring timely and effective handling of security incidents, under the auspices of the Director of Cybersecurity
Collaborate with Subject Matter Experts and other Cybersecurity Analysts to develop security standards for services and solutions.
Consult with clients to understand technical requirements and translate them into effective security solutions.
Analyze and interpret security events and event correlations to detect potential threats.
Follow compliance procedures and ensure accurate documentation, while developing and implementing efficient tools and procedures to maintain compliance.
Organize and maintain comprehensive documentation and evidence for reporting and incident analysis.
Meet or exceed client expectations, including the timely delivery of final reports and resolution of security concerns.
Proactively ask questions and raise concerns when potential issues arise to ensure smooth operations.
Participates in on-call rotations to support incident response efforts.
Perform additional duties as assigned.
Required Qualifications:
5+ years of experience in security-related fields, particularly within a compliance-driven environment.
In-depth knowledge of SIEM solutions, including generating reports, configuring alerts, and conducting incident response investigations. Ability to interface with Security Operations Center (SOC) providers to enhance and integrate their services with ours.
Experience with Cisco products and solutions.
Ability to obtain and maintain security clearances as required by customers.
Willingness to drive and travel overnight to support customer needs.
Ability to pass a background check.
Strong analytical skills, with the ability to assess complex security issues and make informed decisions.
Exceptional documentation skills, ensuring clear, accurate, and thorough reporting.
Excellent time management skills, with the ability to prioritize tasks effectively and meet deadlines.
Outstanding written and verbal communication skills, capable of conveying technical information to both technical and non-technical stakeholders.
Strong security and technical expertise, with a deep understanding of cybersecurity practices and solutions.
Comfortable presenting security findings and recommendations in front of an audience.
Preferred Qualifications:
Relevant experience and certifications, particularly with partner-specific and leading industry security certifications (e.g., CISSP, CISM, etc.).
Proven experience working in compliance-regulated industries, with a strong understanding of industry standards and regulations.
Proficient knowledge of security and networking tools (e.g., SIEM, firewalls, antivirus (AV), and IDS/IPS) concept.
Hands-on experience with cybersecurity Security Frameworks such as NIST, CSF, RMF, and CIS.
Ability to develop and utilize scripts to enhance security operations, including project support and incident response.
Desired certification/ Licensing:
Security+ certification or equivalent.
Knowledge and experience with cybersecurity frameworks and standards, including CMMC, HIPAA, and PCI DSS.
Education:
Bachelors of Science degree in Cybersecurity, Computer Science or other Information Technology discipline.
Other Requirements:
Successful background check
Valid driver's license
Full-time