Security Analyst

The Security Analyst is a hands-on role within IT responsible for daily operation and continual improvement of the company's security and privacy posture across on-prem and SaaS environments and global user base. This role focuses on monitoring and tuning a 13+ tool security stack, detecting and responding to threats, and supporting growing regulatory and customer compliance demands (GDPR, PII, and industry frameworks.)

Roles and Responsibilities

Security Monitoring, Tools & Incident Response

• Monitor and manage alerts across a multi-tool ecosystem (e.g., MDR/XDR, email security, IDS/IPS, firewall, MDM, vulnerability scanner, DLP, password/privileged access tools, cloud security, backup/DR, and threat-intel feeds).
• Normalize, correlate, and tune alerts from 13+ tools to reduce noise and focus on high-value events, maintaining clear runbooks for triage and escalation.
• Lead initial investigation and containment of incidents (phishing, malware, account compromise, ransomware, data exfiltration), coordinating with Helpdesk, systems engineer, and network architect as needed.
• Maintain case records, evidence, and post-incident reports that feed into continual improvement of rules, playbooks, and configurations.

Vulnerability, Configuration Management & Auditing

• Operate vulnerability management tools to scan servers, endpoints, network devices, and key applications; track remediation with system owners and prioritize based on business impact.
• Work with the technical architect/network engineer to implement and validate secure configurations, hardening baselines, network segmentation, and logging on firewalls, VPN, and other perimeter tools.
• Monitor vendor security advisories, CVEs, and threat bulletins and recommend patching or compensating controls for high-risk exposures.
• Audit work for IAM/access management, RBAC roles.

Tool Integration, Automation & Optimization

• Administer day-to-day operations of the security toolset: manage access, policies, rules, connectors, and integrations with infrastructure and identity platforms.
• Collaborate with IT to integrate security tools with ticketing, identity, and logging platforms, and help design lightweight automation/playbooks where supported (e.g., auto-quarantine, IP blocking, user notifications).
• Evaluate overlapping capabilities across the 13+ tools and provide recommendations to simplify, consolidate, or better utilize existing investments.

Compliance, Privacy & Customer Demands

• Support implementation and ongoing operation of controls for GDPR, PII protection, and security frameworks (e.g., SOC 2-like controls, ISO/NIST-aligned practices as pursued by the business).
• Use SIEM and related tools for log retention, evidence gathering, and reporting to support audits, customer due-diligence requests, and data-privacy impact assessments.
• Maintain and update security documentation (asset lists, data flows, risk registers, control matrices, and tool inventories) to reflect the current environment.
• Participate in CAB process as appropriate.

Policies, Awareness & Support for Small Teams

• Contribute to security and privacy policies, standards, and procedures that are practical for a lean infrastructure team while meeting regulatory expectations. Evaluate and update IT policies as needed.
• Prepare targeted awareness content and simulations focusing on phishing, account security, data handling, and secure use of manufacturing/warehouse systems.
• Serve as a security point of contact for Helpdesk and application owners, providing guidance embedded into day-to-day processes and changes.

Do you have experience in Windows?, Do you have a Bachelor's degree?, * Bachelor's degree in Information Security, Computer Science, Information Systems, or equivalent practical experience.

• 3+ years in an information security, SOC analyst, or infrastructure role with hands-on responsibility for multiple security tools in a small or mid-sized enterprise.
• Experience supporting mixed environments with on-prem servers, SaaS, and distributed business applications.

Technical Skills

• Practical experience with several of the following categories: SIEM/log management, EDR/XDR, email security, IDS/IPS, next-gen firewalls/VPN, web filtering/proxy, vulnerability scanning, DLP, MDM/endpoint management, identity security (SSO/MFA), and secure backup/DR.
• Strong understanding of network and system fundamentals (Windows and virtualization, basic Linux, TCP/IP, DNS, routing, VPNs) and how attacks traverse these layers.
• Familiarity with data protection and privacy practices (GDPR and PII handling) and at least one security or compliance framework.
• Ability to use scripting or automation (PowerShell, Python, or similar) for log analysis, enrichment, and small workflow automations is preferred.

Required Soft Skills

• Strong analytical and problem-solving skills with the ability to interpret noisy alerts from many tools into clear, prioritized actions.
• Effective communication with both technical and non-technical stakeholders, including concise incident and risk reporting.
• Comfortable working in a lean team, balancing operational workload with project and improvement work, and taking ownership of issues from detection through closure.
• Independent thinker. Can operate independently within the guidance and priorities set by IT leadership and prioritizes production issues over administrative tasks.
• Proactive, self-motivated, and organized with attention to detail.
• Open, honest, and transparent approach to dealing with any issue.

Certifications (preferred)

• One or more: Security+, CySA+, CISSP, SSCP, GSEC, or similar practitioner-level security certifications.
• Additional plus: privacy/compliance-focused credentials (e.g., ISO 27001 lead implementer/auditor, CIPP/E) or vendor certifications for SIEM/EDR or other core tools.

18911 SE Mill Plain Boulevard, Vancouver, WA 98683 Hybrid work $85,000 - $100,000 a year - Full-time, * Standard business hours in PST, with participation in an on-call rotation for high-severity security incidents and major maintenance.

• Hybrid work model (mostly remote) with on-site time at headquarters and key facilities for assessments, rollouts, and incident support.
• Occasional after-hours work during patch windows, tool upgrades, and audit deadlines.

Position Status

Level: Staff

FLSA: Exempt

Supervises: NA

Salary Range - $85,000.00 - $100,000.00 Annually

At Core Health & Fitness, our purpose is to live and share our passion for fitness. We bring innovative health and fitness solutions to the global market with brands like StairMaster, Schwinn, Nautilus, Star Trac, Throwdown, Wexer, Gym Rax, Core Fit Collective and we're still growing. We press into the future of fitness to ensure the creation of quality products and programming that meet the needs of an ever-evolving industry. At Core we are committed to building an energetic, diverse, and inclusive workspace. We value our differences and see community strength in diversity and representation. We're always on the lookout for innovators, dreamers and doers who are passionate about fitness and wellbeing. We explore all opportunities to improve ourselves, our business partners, and our community. If you're looking for a fulfilling career in helping people, find the best version of themselves, you've come to the right place.