Information Security Analyst

Carco Group, Inc.
Parole, United States of America
28 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Parole, United States of America

Tech stack

Amazon Web Services (AWS)
Azure
Cloud Computing Security
CompTIA Security+
Computer Security
Python
Network Monitoring
Powershell
Security Information and Event Management
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Mitre Att&ck
Tenable Nessus
Microsoft Sentinel
RSA Archer Platform
Splunk
Qualys
ServiceNow

Job description

  • Monitor, tune, and triage alerts across the SIEM platform, escalating confirmed incidents per established runbooks
  • Manage the vulnerability management lifecycle- including scanning, prioritization, remediation tracking, and executive reporting
  • Support endpoint security, email security, and network monitoring tools; identify gaps and recommend configuration improvements
  • Conduct periodic threat hunting activities and contribute to the development of detection rules and playbooks
  • Participate in incident response activities including containment, eradication, and post-incident reviews

Governance, Risk & Compliance (GRC)

  • Support ongoing SOC 2 Type II compliance efforts, including evidence collection, control testing, and coordination with external auditors
  • Assist with NIST CSF assessments - mapping current controls to framework functions and identifying gaps for remediation
  • Maintain and update security policies, standards, and procedures in collaboration with senior team members
  • Conduct periodic security risk assessments and contribute findings to the organization risk register
  • Track remediation efforts for identified risks and control deficiencies through to closure

Collaboration & Communication

  • Partner with IT, Engineering, and business stakeholders to embed security best practices into day-to-day operations
  • Assist in security awareness initiatives and provide guidance to staff on security topics
  • Prepare clear, concise reporting on security metrics, vulnerability status, and compliance posture for management

Requirements

Do you have experience in Vuls?, + 3-5 years of experience in an information security role with exposure to both technical operations and compliance functions

  • Hands-on experience with SIEM platforms (Splunk, Microsoft Sentinel, or equivalent)
  • Working knowledge of vulnerability management tools such as Tenable Nessus/IO or Qualys
  • Demonstrated understanding of SOC 2 Trust Service Criteria and NIST Cybersecurity Framework
  • Familiarity with common attack techniques and defensive countermeasures (MITRE ATT&CK familiarity a plus)
  • Strong analytical and problem-solving skills with the ability to work both independently and collaboratively
  • Excellent written and verbal communication skills; ability to translate technical findings for non-technical audiences

Preferred

  • Relevant certifications such as CompTIA Security+, CySA+, CEH, CISM, or equivalent
  • Experience supporting a SOC 2 audit from end to end
  • Scripting or automation skills (Python, PowerShell) for security tooling and reporting
  • Exposure to cloud security (AWS, Azure, or GCP) environments
  • Experience working with GRC platforms (e.g., Archer, ServiceNow GRC, Drata, Vanta)

Apply for this position