We are seeking a Senior Information Security Analyst with deep experience in both security operations and audit/compliance execution. This role blends hands-on detection and incident response with ownership of audit readiness and evidence management for frameworks including PCI DSS and ISO/IEC 27001. The ideal candidate is comfortable working across technical and business teams, can translate security requirements into actionable controls, and can drive improvements to reduce risk and improve security posture.
Security Operations
• Monitor and triage security alerts from SIEM, EDR, IDS/IPS, CSPM, and other telemetry sources; validate true positives and reduce false positives.
• Conduct incident investigations and document findings, scope, root cause, and remediation actions.
• Lead or support incident response activities including containment, eradication, and recovery.
• Develop, maintain, and tune detection logic, alerting, and response playbooks and runbooks.
• Maintain, administer, and optimize security tools and platforms (e.g., SIEM, EDR, vulnerability scanners, email security, DLP), including upgrades, configuration changes, health monitoring, and integrations.
• Partner with IT and Engineering teams to remediate vulnerabilities, harden configurations, and improve overall security controls.
Audit, Risk, and Compliance
• Support and lead audit readiness for PCI DSS and ISO/IEC 27001.
• Coordinate evidence collection and manage auditor interactions.
• Perform gap assessments and track remediation efforts.
• Maintain ISMS documentation, policies, and procedures.
• Assist with risk assessments and continuous compliance activities.
Required Qualifications
• 7+ years of information security experience.
• Bachelor’s Degree in Information Security, Computer Science, MIS/CIS, or equivalent experience.
• Hands-on SOC responsibilities.
• Experience supporting PCI DSS and/or ISO 27001 audits.
• Strong understanding of incident response, SIEM, EDR, IAM, and vulnerability management.
• Ability to produce clear documentation and communicate with technical and non-technical stakeholders.
Preferred Qualifications & Certifications
• Experience with cloud security platforms and automation.
• Experience with programming and scripting automation.
• Familiarity with NIST CSF, SOC 2, or CIS Controls.
• Certifications such as CISSP, CISA, CySA+, GCIH, PCI ISA, or ISO 27001 training.