Senior Information Security Analyst

How you will impact the organization…

The Senior Information Security Analyst plays a key role in safeguarding the organization’s information systems, ensuring data confidentiality, integrity, and availability while managing security risks. Reporting to the Director of Information Security Operations, the position collaborates with cross-functional teams including GRC, Security Engineering, IT, Network Operations, Product Development, Legal, HR, Sales, Marketing, and Internal Audit to implement security measures aligned with business goals. The Senior Analyst manages Patch & Vulnerability Management, oversees ticket creation and SLA tracking, and handles Endpoint and Asset Management & Protection. They ensure Cloud Security Posture Management and cloud-native application protection, using tools such as Elastic, Expel, Crowdstrike, Security Scorecard, Cloudflare, and Google DLP for monitoring, alerting, and incident mitigation. The role also includes managing the user access review process, supporting governance reporting, and contributing to dashboard creation with tools like Jira. Additionally, the Analyst supports "keep the lights on" tasks and project work, balancing ongoing operational needs with security initiatives to ensure efficient and effective security operations.

The value you will deliver…

• Responsible for Patch & Vulnerability Management, ensuring ticket creation, vulnerability tracking, and timely SLA management, while collaborating with cross-functional teams to prioritize and address critical vulnerabilities.
• Oversee Endpoint and Asset Management & Protection, ensuring security controls are applied to organizational endpoints and assets, and working with other teams to ensure proper implementation and compliance.
• Ensure Cloud Security Posture Management and the protection of cloud-native applications, monitoring configurations, identifying vulnerabilities, and collaborating with Engineering and IT teams to implement corrective actions.
• Use tools such as Elastic, Expel, Crowdstrike, Security Scorecard, Cloudflare, and Google DLP for monitoring, alerting, and mitigating security incidents, ensuring prompt response and resolution across teams.
• Manage and execute the user access review process, ensuring compliance with security policies and minimizing unauthorized access risks while coordinating with HR and other relevant departments.
• Collaborate with cross-functional teams (GRC, Security Engineering, IT, Network Operations, Product Development, etc.) to implement and enforce security policies, support compliance initiatives, and provide expertise on security best practices.
• Monitor and report on security events, incidents, and vulnerabilities, providing timely insights and recommendations to leadership and relevant teams for immediate remediation or strategic planning.
• Support "keep the lights on" tasks, maintaining ongoing security operations and responding to urgent security requests, while ensuring no disruption to regular business activities.
• Contribute to the creation and maintenance of security dashboards using tools like Jira, tracking key security metrics, and providing transparent reporting for leadership and cross-functional stakeholders.
• Assist with governance reporting, providing detailed security metrics and analysis to inform leadership on risk exposure and compliance status.
• Manage and support project work related to security initiatives and compliance projects, ensuring timely task execution and delivery of objectives by coordinating with cross-functional teams and aligning tasks with business goals.
• Facilitate the integration of security operations with other teams working on compliance projects, offering support on risk assessments, audits, and regulatory requirements such as SOC 2, HIPAA, and FedRAMP.
• Assist with and participate in post-incident reviews and lessons learned sessions to improve incident response processes and procedures.
• Provide evidence gathering during internal or external audits and deliver reporting related to security operations.
• Evaluate, select, deploy and maintain new security tools, technologies, or platforms to enhance security posture.
• Develop and document security policies, procedures, and guidelines to meet Company security certification requirements.
• Run cross-functional security assessments, including third-party vendor security evaluations and risk assessments.
• Support emergency response efforts in the event of a major security incident or breach, working with other teams to resolve issues and restore systems.
• Engage in research and development to stay current on the latest security trends, vulnerabilities, and technologies.
• Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.

What you will bring to the table…

• 3+ years of experience in information security operations, focusing on vulnerability management, incident response, and endpoint protection.
• 3+ years of experience with Vulnerability Management tools, such as Qualys, Tenable, or Rapid7, for identifying, tracking, and mitigating vulnerabilities across systems and applications.
• 3+ years of experience using Endpoint Protection tools like CrowdStrike, Carbon Black, or SentinelOne to monitor and protect endpoints against threats.
• 2+ years of experience with cloud security, including cloud-native application protection, cloud security posture management, and experience with cloud platforms like AWS, Azure, or Google Cloud.
• 2+ years of experience with security monitoring tools such as SIEM platforms (e.g., Splunk, Elastic, or Exabeam) to detect and respond to security events.
• 2+ years of experience with SIEM (Security Information and Event Management) platforms, such as Splunk, Elastic, or Exabeam, for detecting, analyzing, and responding to security incidents.
• 2+ years of experience with Security Monitoring and Incident Response processes, including experience with platforms such as Expel or SolarWinds to manage alerts, monitor for potential threats, and respond effectively.
• 2+ years of experience using Security Posture Management tools, such as Cloudflare or Prisma Cloud, to ensure compliance and configuration standards across cloud environments.
• 2+ years of experience with Governance, Risk, and Compliance (GRC) tools and platforms, such as ServiceNow GRC or LogicGate, for tracking compliance, risk assessments, and audit workflows.
• 2+ years of experience with IT Ticketing Systems (e.g., Jira, ServiceNow) for managing vulnerabilities, patching tickets, and tracking security-related requests and tasks.
• 2+ years of experience with endpoint protection solutions (e.g., CrowdStrike, Carbon Black, SentinelOne) for monitoring and mitigating endpoint security threats.
• 1+ year of experience managing patch management processes, including creating and tracking vulnerability tickets and ensuring timely remediation based on SLA targets.
• 1+ year of experience supporting project management and task management in security operations-related functions, including working cross-functionally with IT, GRC, legal, and other departments.
• 1+ years of experience working with Data Loss Prevention (DLP) tools such as Google DLP or Symantec DLP, to ensure proper data protection and regulatory compliance.
• 1+ year of experience with vulnerability management tools (e.g., Qualys, Tenable, Rapid7) for identifying, tracking, and remediating vulnerabilities across enterprise systems.
• Audit experience maintaining  compliance frameworks like SOC 2, SOX, HIPAA, ISO 27001, and FedRAMP to ensure adherence to regulatory requirements and security best practices.
• Experience managing compliance-related security tasks for frameworks such as SOC 2, HIPAA, ISO 27001, or FedRAMP, ensuring organizational systems and products meet regulatory requirements.
• Proven experience in user access review process implementation and program management, ensuring compliance with access control policies, monitoring access rights, and mitigating potential security risks through ongoing audits and reviews.
• Familiarity with security tools and platforms such as Elastic, Expel, Crowdstrike, Google DLP, and Cloudflare to support security operations and incident response.
• Experience in governance reporting and dashboarding, utilizing tools like Jira, ServiceNow, or third-party platforms to track and report on security operations metrics.
• Basic understanding of regulatory and compliance frameworks related to product security compliance, such as GDPR, CCPA, and NIST, to ensure the organization meets necessary security standards.

You will stand out if you also have…

• Bachelor's degree in computer science, information technology, cybersecurity, or equivalent experience. A master's degree may be preferred.
• Active, transferable U.S. Security clearance at the Public Trust level or higher preferred
• Proven experience in security compliance, risk management, and integrating security compliance into software development processes.
• Proficiency in various cybersecurity technologies and tools, including security training and awareness tools, vendor risk management tools, and security compliance and risk register tools.
• Hands-on experience with security assessment and security benchmarking testing tools.
• Familiarity with security information and event management (SIEM) systems.
• Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS.

Additional details…

• Location requirements: Fully remote within the U.S.
• Travel requirements: Up to 10% travel
• Physical requirements: Must be able to sit for long periods, as well as, handle long periods of screen time
• Technology requirements: Reliable, high speed internet
• Eligible for sponsorship: No
• Security clearance: Ability to achieve and maintain a security clearance with the U.S. Government is required

The salary range for this role is $115,000 - $130,000 USD annually.  The total compensation package for this position is negotiable and may also include [annual performance bonus, ESPP, enhanced time off packages and benefits.]