Information Security Technical Analyst

Overview
The Information Security Technical Analyst will support the Security Governance, Risk & Compliance (SGRC) team in reducing cybersecurity risk across the organization. This role partners with Security, Engineering, Product, Compliance, Legal, and other stakeholders to manage vulnerabilities, conduct security assessments, support vendor security reviews, and drive security automation initiatives.

Key Responsibilities

• Manage and triage vulnerability cases, including CVEs, cloud vulnerabilities, misconfigurations, access control issues, web application vulnerabilities, and source code findings.
• Conduct technical assessments and provide remediation guidance to engineering teams.
• Partner with security and product teams to prioritize and remediate vulnerabilities using a risk-based approach.
• Research and analyze security advisories, zero-day threats, and vendor notifications for potential business impact.
• Support security risk assessments, risk exception processes, and mitigation activities.
• Monitor vulnerability metrics, remediation progress, and overall security posture.
• Collaborate with Engineering and Compliance teams to address penetration test findings and PCI-related vulnerabilities.
• Support third-party/vendor security reviews and bug bounty programs.
• Identify opportunities to automate security workflows, triage processes, and reporting activities.
• Maintain security documentation, runbooks, and operational procedures.

Required Qualifications

• 5+ years of experience in Information Security, Cybersecurity, Risk Management, or a related field.
• Experience with vulnerability management programs and vulnerability scanning tools.
• Strong understanding of:
  • Web application security and OWASP Top 10
  • Cloud security vulnerabilities and misconfigurations
  • Source code security vulnerabilities
• Knowledge of cloud platforms (AWS, Azure, and/or GCP), networking, and containerized environments.
• Experience with scripting and security automation.
• Strong understanding of risk assessment methodologies, compensating controls, and risk mitigation strategies.
• Excellent analytical, communication, and collaboration skills.

Preferred Qualifications

• Security certifications such as CISSP, CompTIA Security+, CompTIA CySA+, or GIAC.
• Experience with security risk management frameworks and compliance programs.
• Familiarity with AI-driven security tools and workflow automation.