Senior Analyst, Information Security
Description:
Axsome Therapeutics is a biopharmaceutical company leading a new era in the treatment of central nervous system (CNS) conditions. We deliver scientific breakthroughs by identifying critical gaps in care and develop differentiated products with a focus on novel mechanisms of action that enable meaningful advancements in patient outcomes. Our industry-leading neuroscience portfolio includes FDA-approved treatments for major depressive disorder, excessive daytime sleepiness associated with narcolepsy and obstructive sleep apnea, and migraine, and multiple late-stage development programs addressing a broad range of serious neurological and psychiatric conditions that impact over 150 million people in the United States. Together, we are on a mission to solve some of the brain’s biggest problems so patients and their loved ones can flourish. For more information, please visit us at and follow us on LinkedIn and X.
About This Role:
Axsome is seeking a Senior Information Security Analyst who will play a critical role in enhancing Axsome’s cybersecurity posture, focusing on daily InfoSec operations, awareness training, alerts monitoring, threat hunting, liaising with Managed Service Providers (MSP), incident response, and vulnerability management. This position requires a proactive and detail-oriented professional with a deep understanding of cybersecurity principles and practices. This role requires a commitment to staying current with emerging security trends and technologies.
This role is based at Axsome’s HQ in New York City with an on-site requirement of at least three days per week. We are unable to consider candidates who are looking for fully remote roles.
Job Responsibilities and Duties include, but are not limited to, the following:
Monitor security alerts and events from various sources, including MSP, SIEM systems, IDS/IPS, and other security toolsets
Analyze and prioritize alerts to identify potential threats and vulnerabilities
Investigate and respond to security incidents in a timely manner
Manage the cybersecurity awareness training programs, promote security best practices and assess the effectiveness of training programs and make improvements as needed
Develop and deliver comprehensive cybersecurity awareness training programs
Create engaging InfoSec training materials and conduct regular trainings and evaluations to promote security best practices
Assess the effectiveness of training programs and make improvements as needed
Utilize advanced threat detection techniques and tools to uncover hidden threats and mitigate potential security threats
Collaborate with team members to develop and implement threat hunting strategies, appropriate mitigations and security controls improvement
Act as the point of contact for cybersecurity-related matters with Managed Service Providers (MSPs), ensure effective delivery of security services, and enforce adherence to SLAs
Review and assess MSPs’ performance against metrics and provide feedback for continuous improvement
Assist in coordinating incident response efforts, including identification, containment, eradication, and recovery
Maintain and improve dynamic incident response plans, guides and playbooks
Provide post-incident analysis and reporting to identify lessons learned and improve response processes
Perform regular vulnerability assessments and scans to identify security weaknesses
Prioritize and remediate vulnerabilities based on risk assessment and business impact
Collaborate with IT Infrastructure and Operations and Application Development teams to implement security patches and updates
Participate in security audits and contributing to the continuous improvement of security policies and procedures
Manage the Third-Party Risk Management Program
Support the InfoSec team with multiple, concurrent projects
Additional responsibilities as assigned by IT leadership
Requirements/Qualifications
Bachelor’s degree in computer science, Information Security, or a related field.
Minimum of 5 years of experience in cybersecurity, with a focus on awareness training, alerts monitoring, threat hunting, liaison with MSP, incident response, and third party risk management
Experience working with cybersecurity frameworks (NIST CSF & RMF, ISO 27001), standards, and best practices (CIS, Mitre Att&ck)
Strong hands-on experience of networking, Microsoft 365 and Defender, Windows 10/11 OS
Working knowledge of networking and cloud infrastructure
Experience, Knowledge, and Skills
Strong collaboration and negotiation skills, with a high degree of self-motivation, and ability to work independently with minimal supervision
Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse teams
Relevant certifications such as Security+, CISSP, GIAC, CEH, CISA or equivalent are highly desirable
Proficiency in security tools and technologies such as SIEM, IDS/IPS, EDR, secure web gateway, patch management, training system, and vulnerability scanners
Excellent analytical and problem-solving skills with the ability to analyze complex security issues, identify root causes, and develop practical solutions
Commitment to staying informed about the latest security trends, threats, and technologies through ongoing learning and professional development activities
Ability to proactively plan, organize, deliver with limited oversight, prioritize, and quickly adapt to changing situations
Strong attention to detail and a meticulous approach to security-related tasks
Salary and Benefits:
The anticipated salary range for this role is $135,000 - $160,000. We encourage candidates of all levels to apply as there may be flexibility on final job title and responsibilities. The salary offer will be based on a variety of factors, including experience, qualifications, internal equity and location. Axsome offers a competitive employment package that includes an annual bonus, significant equity and a generous benefits package.
Axsome is committed to equal employment opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, gender, sex, age, religion, creed, national origin, sexual orientation, gender identity, ancestry, citizenship, marital status, physical or mental disability, medical condition, veteran status, genetic information, or any other characteristic protected by federal, state, or local law.
Axsome Therapeutics does not accept unsolicited resumes from recruiters or third-party recruitment agencies and will not pay placement fees for unsolicited candidates that are sent to hiring managers, the HR team or other Axsome team members. Only approved vendors who have been explicitly asked to support a specific search will receive access to our Applicant Tracking System to submit candidates for consideration.