Information Security Technical Analyst

We are seeking an experienced Information Security Technical Analyst to join the Security Governance, Risk, and Compliance (SGRC) team within the Information Security organization. This role will focus on supporting enterprise security programs related to vulnerability management, vendor security monitoring, risk reduction initiatives, and security automation., * Manage and maintain incoming vulnerability cases, including:

• CVE notifications
• Cloud vulnerabilities and misconfigurations
• Access control issues
• Web application vulnerabilities
• Source code vulnerabilities

• Conduct technical assessments of vulnerabilities and support engineering teams with remediation guidance and patch implementation.
• Partner with security and product teams to prioritize and remediate vulnerabilities using risk-based approaches.
• Research and analyze vendor advisories, zero-day vulnerabilities, bug trackers, and threat intelligence sources to assess organizational impact.
• Support and manage the risk exception process by collaborating with business units and security teams to make informed risk decisions.
• Identify opportunities for automation of manual security workflows, including triage, case management, and escalation processes.
• Collaborate with teams to identify root causes of recurring vulnerabilities and implement long-term remediation strategies.
• Monitor vulnerability metrics, remediation trends, and backlog status to evaluate overall security posture.
• Maintain and update security runbooks, playbooks, processes, and operational documentation.
• Coordinate with Engineering and Compliance teams to manage penetration testing results and PCI-related vulnerabilities.
• Support ongoing bug bounty programs with third-party vendors and internal stakeholders.
• Participate in ongoing and periodic security risk assessments using quantitative and qualitative methodologies.
• Collaborate with cross-functional teams to gather data for risk analysis and provide subject matter expertise in security and risk management.
• Support risk mitigation initiatives, control improvement actions, and continuous enhancement of security risk programs.

The ideal candidate will collaborate with cross-functional teams including Security, Engineering, Product, Compliance, Procurement, and Legal to strengthen the organization's security posture while enabling scalable and compliant product delivery. This role requires strong technical security expertise, risk management knowledge, and the ability to drive remediation and process improvement initiatives., * 5+ years of experience in information security, cybersecurity, intelligence, or risk management within a technology-focused environment.

• Strong understanding of cloud infrastructure including AWS, GCP, and Azure.
• Knowledge of networking concepts and containerization technologies.
• Experience with scripting and security automation workflow development.
• Hands-on experience with multiple vulnerability scanning tools.
• Deep understanding of:

• OWASP Top 10
• Web application vulnerabilities
• Cloud security vulnerabilities and misconfigurations
• Source code vulnerabilities

• Strong knowledge of risk mitigation strategies, countermeasures, and compensating controls.
• Ability to work independently and collaboratively in fast-paced environments.
• Excellent communication, analytical, and interpersonal skills., * Fundamental understanding of information security principles, threats, vulnerabilities, and risk management practices.
• Experience utilizing AI agents and workflow automation for operational improvements.
• Strong technical problem-solving mindset with a results-driven approach.
• Security certifications such as:

• CISSP
• Security+
• CySA+
• GIAC or equivalent