← Back to job listings
C
Information Security Analyst
Cisive · Remote, United States
About The Role
- It's fun to work in a company where people truly BELIEVE in what they're doing!
- We're committed to bringing passion and customer focus to the business.
Job Description
- Security Operations & Tooling
- Monitor, tune, and triage alerts across the SIEM platform, escalating confirmed incidents per established runbooks
- Manage the vulnerability management lifecycle— including scanning, prioritization, remediation tracking, and executive reporting
- Support endpoint security, email security, and network monitoring tools; identify gaps and recommend configuration improvements
- Conduct periodic threat hunting activities and contribute to the development of detection rules and playbooks
- Participate in incident response activities including containment, eradication, and post-incident reviews
Governance, Risk & Compliance (GRC)
- Support ongoing SOC 2 Type II compliance efforts, including evidence collection, control testing, and coordination with external auditors
- Assist with NIST CSF assessments — mapping current controls to framework functions and identifying gaps for remediation
- Maintain and update security policies, standards, and procedures in collaboration with senior team members
- Conduct periodic security risk assessments and contribute findings to the organization risk register
- Track remediation efforts for identified risks and control deficiencies through to closure
Collaboration & Communication
- Partner with IT, Engineering, and business stakeholders to embed security best practices into day-to-day operations
- Assist in security awareness initiatives and provide guidance to staff on security topics
- Prepare clear, concise reporting on security metrics, vulnerability status, and compliance posture for management
Qualifications
Required
- 3–5 years of experience in an information security role with exposure to both technical operations and compliance functions
- Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent)
- Working knowledge of vulnerability management tools such as Tenable Nessus/IO or Qualys
- Demonstrated understanding of SOC 2 Trust Service Criteria and NIST Cybersecurity Framework
- Familiarity with common attack techniques and defensive countermeasures (MITRE ATT&CK familiarity a plus)
- Strong analytical and problem-solving skills with the ability to work both independently and collaboratively
- Excellent written and verbal communication skills; ability to translate technical findings for non-technical audiences
Preferred
- Relevant certifications such as CompTIA Security+, CySA+, CEH, CISM, or equivalent
- Experience supporting a SOC 2 audit from end to end
- Scripting or automation skills (Python, PowerShell) for security tooling and reporting
- Exposure to cloud security (AWS, Azure, or GCP) environments
- Experience working with GRC platforms (e.g., Archer, ServiceNow GRC, Drata, Vanta)
This listing was posted by a verified recruiter at Cisive. Report this listing
JobSpring