Cyber Security Analyst

Description

The Cyber Security Analyst will report directly to the Cyber Security Team Lead and will be responsible for security operations of the entire organization. He/she will operate and maintain security solutions that are strategic for the business using the latest technologies and techniques. He/she will be a key contributor in a growing team that is transforming with the business, addressing new technical challenges by implementing, enhancing, and monitoring security tools and privacy controls to support Asplundh’s strategic growth objectives.

We are looking for a motivated and dedicated information security practitioner to expand and evolve our existing security program. If this sounds like you, we look forward to seeing your application.

Vulnerability Management – Servers & Endpoints

• Administer the vulnerability management platform (e.g., Qualys VMDR/TruRisk) to ensure complete coverage and accurate asset inventory across on?prem and cloud servers and all managed endpoints.
• Run authenticated scans on a defined cadence (e.g., weekly for high-risk segments; at minimum monthly enterprise-wide) and validate scan integrity (credentials, reachability, agent health).
• Triage and prioritize findings using severity, exploitability, and business context; translate findings into actionable remediation steps for server and endpoint owners.
• Coordinate patching and remediation with Infrastructure, Endpoint, and Application teams; track progress to closure and verify fixes through re-scan/validation.
• Manage patch and remediation jobs for endpoints (e.g., via Intune/third?party tooling) and support server patch cycles aligned to maintenance windows; partner with teams to address reboot compliance that impacts patch effectiveness.
• Maintain an exception and risk acceptance process for legacy/mission?critical systems, ensuring compensating controls and leadership approval are documented.
• Produce recurring vulnerability and patch compliance reporting (dashboards, trends, aging, SLA adherence) and present risk summaries to leadership and audit stakeholders.
• Support investigation and response to high-profile vulnerabilities/zero?days by coordinating rapid assessment, mitigations, and communications (tech alerts) until permanent fixes are deployed.

Job Responsibilities

• Operating and maintaining security tools such as SIEM, antivirus, and mobile security solutions.
• Continually assess our products and our organization for risks and vulnerabilities.
• Detect, assess, investigate, and resolve security incidents.
• Effectively communicate security requirements and operational needs to management and others in the organization.
• Work with development teams to ensure that new features are designed and implemented securely.
• Be a resource for all employees to consult about security and privacy issues.
• Investigate and respond appropriately to third-party vulnerability reports.
• Assist in the process of defining, executing and continuously improving our internal security architecture processes.
• Support and enhance the current technical and business security posture, helping to ensure all staff are aware of the part they play in securing the company’s security awareness.

Required Skills and Experience

• 1-3 years of information security experience.
• Solid grasp of application security issues relevant to web applications.
• Penetration and vulnerability management knowledge.
• Strong verbal and written communication, and the ability to tailor your message to audiences across and beyond the organization.
• Knowledge of penetration testing and vulnerability management.
• Experience in Cyber Risk analysis (threat assessments).
• Knowledge of TCP/IP, system networking, routing, and switching.
• Knowledge of Next-generation firewall, intrusion detection/prevention, and web application firewalls.
• Management and of Security Information and Event Management solutions, prefer (QRadar).
• Experience in on-premises (Windows / AIX / Linux) and cloud environments (Azure, IBM, Oracle).
• Knowledge of Cloud Computing (dev/ops, sec/dev/ops).
• ISC2 CISSP or similar certification desired.

Additional Preferred Skills

• Experience in collaborating with third-party managed security services
• Experience in large geographically dispersed companies.
• Familiarity with NIST and other security/risk frameworks.

Education

This position requires a bachelor’s degree, working towards a bachelor’s degree, or equivalent experience in a technical field.

• All job offers are subject to pre-employment drug screening and a background check.
• Unless otherwise noted, we do not sponsor employees for work authorization in the U.S. for this position.