Remote Risk Engineer Jobs in Cambridge, MA (NOW HIRING)

Analysis Group is one of the largest international economics consulting firms, with more than 1,500 professionals across 15 offices in North America, Europe, and Asia. Since 1981, we have provided expertise in economics, finance, health care analytics, and strategy to top law firms, Fortune Global 500 companies, and government agencies worldwide. Our internal experts, together with our network of affiliated experts from academia, industry, and government, offer our clients exceptional breadth and depth of expertise.

The Information Security Engineer will work with the Information Security Manager on the continuous improvement, development, and support of the firm’s cybersecurity program, operations, and systems security. The Information Security Engineer will be responsible for implementing and administering security tools, event analysis, responding to security incidents, third-party risk management, and cloud security. The Security Engineer will practice a business-first approach by understanding AG’s business goals, organizational needs, and technologies.

Essential Job Functions and Responsibilities:

• Security Engineering and Architecture
  • Design, deploy, and optimize security controls aligned to Zero Trust principles, including identity-centric access, device posture validation, and least privilege access.
  • Implement and support ZTNA/SSE platforms (e.g., Netskope/Zscaler or similar) for secure remote access and data protection.
  • Engineer and maintain defense-in-depth controls across endpoints, network, identity, and cloud environments.Partner with IT and architecture teams to ensure secure-by-design implementations across infrastructure and applications.
• Security Operations, Logging, and Detection
  • Own and enhance SIEM capabilities, including log ingestion, normalization, correlation, and alert tuning.
  • Develop and maintain detection use cases, dashboards, and alerting strategies to improve threat visibility and reduce false positives.
  • Monitor, triage, and investigate security alerts across multiple platforms (SIEM, EDR/XDR, cloud security tools).
  • Perform root cause analysis and drive remediation efforts for security incidents.
  • Contribute to security automation and orchestration initiatives where applicable.
• Threat Detection and Incident Response
  • Lead or support incident response activities, including containment, eradication, recovery, and post-incident reviews.
  • Investigate phishing, malware, and anomalous activity across enterprise systems.
  • Continuously improve incident detection and response playbooks.
• Identity, Data, and Access Security
  • Support and enhance Identity and Access Management (IAM) and Privileged Access Management (PAM) controls.
  • Implement and manage data protection capabilities, including data classification, DLP, and encryption.
  • Enforce strong access controls across cloud and on-premise systems.
• Cloud and Enterprise Security
  • Implement and maintain security controls across Azure and AWS, including:
    • Conditional access and identity protection
    • Workload and infrastructure security
    • SaaS application security posture
  • Support secure configuration and monitoring of enterprise systems and services.
• Vulnerability and Risk Management
  • Participate in the vulnerability management lifecycle, including scanning, prioritization, and remediation tracking.
  • Support risk assessments, audits, and vendor security evaluations.
  • Contribute to the ongoing development and maturity of the Information Security Management System (ISMS).
• Emerging Technology and AI Security
  • Evaluate and support controls for AI/ML systems and generative AI usage, including monitoring, guardrails, and data protection.
  • Stay informed on evolving threats related to AI and recommend appropriate mitigation strategies.
• Collaboration and Continuous Improvement
  • Act as a security subject matter expert on technical projects and implementations.
  • Partner with cross-functional teams to improve security processes, tooling, and awareness.
  • Recommend enhancements to improve visibility, detection capability, and response efficiency.
  • Provide rotational on-call support for security events and incidents.

Qualifications:

• Bachelor’s degree required; degree in Information Security, Computer Science, or related field preferred.
• An ideal candidate will have 3–5 years of experience in cybersecurity, security engineering, or security operations. Experience in a professional services or consulting environment is preferred.
• Hands-on experience with SIEM platforms (log analysis, correlation, alert tuning), EDR/XDR tools, or ZTNA/SSE platforms (e.g., Netskope/Zscaler or similar) required.
• Strong understanding of logging architectures and detection engineering, as well as security monitoring and incident response workflows.
• Experience with cloud security (Azure and/or AWS).
• Solid understanding of networking fundamentals (TCP/IP, DNS, firewalls, VPNs, segmentation).
• Experience managing and optimizing security tools and platforms in production environments.
• Experience with security automation or scripting (e.g., Python, PowerShell) preferred.
• Familiarity with AI security tools, monitoring platforms, or guardrail technologies preferred.
• Professional certifications such as Security+, CISSP, GIAC, or cloud security certifications are a plus.
• Strong analytical and problem-solving skills with attention to detail.
• Ability to translate technical risks into business-relevant context.
• Proactive, solutions-oriented mindset with a focus on continuous improvement.
• Strong communication and documentation skills.
• Ability to manage multiple priorities in a fast-paced environment.
• Commitment to maintaining confidentiality of sensitive and client data.
• An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences.
• To the extentpermittedby applicable law, eligible candidates mustbe authorized towork in the United States without sponsorship or restriction, now and in the future.

Analysis Group embraces equal opportunity. We are committed to building teams that bring a variety of backgrounds, perspectives, and skills, as we believe that a strong and inclusive workforce directly supports our goal of providing the highest-quality work. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other class protected under applicable federal, state, or local law, and we encourage candidates of all backgrounds to apply.

Analysis Group offers competitive compensation and a comprehensive benefits package. The estimated salary range for this position is $135,000-$145,000. Compensation offered will be based on a number of factors including work experience, education, and skill level. This role is eligible for a discretionary annual bonus that is determined in large part by individual performance. To learn more about our benefit offerings, click here.

#LI-Hybrid

For information about Analysis Group’s privacy practices, please refer to the applicable Analysis Group privacy policy.

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view the EEOCs Know Your Rights poster here.