IT Security Analyst

Description

• Support SIEM operations including log ingestion, correlation, and dashboard maintenance.
• Lead cross-functional security projects and influence stakeholders.
• Evaluate and implement safe, value-adding automation in partnership with the Director of IT and Security.
• Collaborate with internal teams to embed security best practices across processes and applications.
• Maintain detection use cases, triage playbooks, and summary reporting.
• Maintain Entra ID configuration, MFA enforcement, and risk-based sign-in policies.
• Manage privileged access, break-glass accounts, and role-based access reviews.
• Recommend improvements to identity lifecycle and access control processes.
• Conduct vulnerability scans, validate findings, and monitor remediation efforts.
• Maintain accurate security documentation, diagrams, and compliance records.
• Support onboarding/offboarding automation and SSO integrations.
• Use PowerShell or Python to assist with evidence collection, alert enrichment, and automation.
• Tune SIEM rules, build new detections, and onboard log sources.
• Respond to security incidents with triage, containment, documentation, and root-cause analysis.
• Assist in migrating email security policies from Cisco ESA to Microsoft Defender and ETD platforms.
• Develop automation and AI-driven workflows for alert triage, summaries, and reporting.
• Monitor failed MFA attempts, risky sign-ins, and conditional access events.
• Onboard new data sources into SIEM and ensure log health and completeness.
• Collaborate with IT to coordinate monthly patching and report compliance metrics.
• Translate technical risks into actionable business insights.
• Prepare monthly and quarterly summaries of incidents, trends, vulnerabilities, MFA adoption, and risk items for leadership.
• Conduct quarterly user and group access reviews for business applications.
• Assist with phishing simulations, user awareness campaigns, and education follow-ups.
• Maintain asset and application inventories to support patching and lifecycle tracking.
• Support tabletop exercises and user awareness initiatives.
• Monitor and investigate alerts from Microsoft 365 Defender, Cisco Secure Endpoint, and SIEM systems.

Requirements

• **Applicants must be legally authorized to work in the U.S. on a full-time basis. FMI is unable to provide visa sponsorship—including H-1B or STEM OPT—at this time.
• Bachelor’s degree in information security, computer science, or related field (or equivalent experience).
• Scripting or automation experience (PowerShell or Python).
• Must be able to commute to the office three or more days per week.
• Ability to travel up to 10% to regional offices (Raleigh, Denver, Houston, Tampa).
• CompTIA Security+, Microsoft SC-200, or CySA+ preferred (required within 6 months of hire)
• Familiarity with NIST or ISO 27001 frameworks, incident response processes, and vulnerability management.
• Ability to work both independently and collaboratively in a small team environment.
• Exposure to compliance programs such as NIST CSF, ISO 27001, or SOC 2.
• Experience managing Microsoft 365 Defender, Cisco Secure Endpoint, and SIEM systems.
• Strong documentation, reporting, and communication skills.
• CISSP or similar certifications are a plus.
• Ability to perform computer-based work for extended periods and occasionally lift up to 10 lbs.
• 3–5 years of experience in information security, IT operations, or system administration.

Benefits

• Gain exposure to compliance tools such as Vanta or Drata.

Training + Development

Interview process

Visa Sponsorship

Security clearance