Other
This job posting has expired and is no longer accepting applications. Check out similar jobs
Job description
The Security Analyst is responsible for managing third-party vulnerability data, executing scans using Sompo’s proprietary tools, and partnering with IT teams to prioritize remediation efforts. The role requires strong technical expertise in vulnerability management tools, security frameworks, and automation. The Security Analyst will also contribute to improving security policies, integrating large data sets, optimizing alerts, and identifying opportunities where AI can support security functions.
Key ResponsibilitiesVulnerability Management
- Analyze and consolidate vulnerability data from multiple internal and external sources.
- Input findings into the vulnerability management platform using approved processes to maintain a complete and accurate risk picture.
- Evaluate existing vulnerabilities to identify patterns, root issues, and opportunities for bulk mitigation.
- Escalate vulnerabilities that exceed defined SLA or time-to-resolve thresholds.
- Communicate effectively with cross-functional teams to explain remediation priorities, risks, and required actions.
Scanning & Security Tools
- Configure and manage vulnerability scanning tools and scan schedules.
- Run scans using Sompo’s proprietary tools as well as industry-standard platforms.
- Support web application scanning and collaborate on web application firewall (WAF) improvements.
- Work with container security technologies and standards.
Metrics, Reporting & Documentation
- Generate KPIs, dashboards, and reports to track vulnerability progress and team performance.
- Document processes, workflows, and technical findings in a clear and structured manner.
- Review project scopes and recommend appropriate security benchmarks and hardening standards.
Automation, Logs & Integrations
- Integrate logs and large data sets into existing systems (e.g., SIEM, data pipelines).
- Optimize alerts, policies, and data ingestion processes.
- Explore and evaluate AI-based solutions to enhance efficiency across vulnerability management.
Required Skills
- Strong familiarity with common security protocols and frameworks: HTTP, DNS, SMTP, PKI, encryption, CWEs, CVEs.
- Hands-on experience with vulnerability scanning tools such as: Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei.
- Experience with web application scanning and WAF technologies.
- Understanding of container environments (Docker, Kubernetes).
- Knowledge of CIS benchmarks, STIGs, or other security-hardening standards.
Preferred Skills
- Authentication technologies: SAML, Kerberos, OAuth, OIDC, LDAP.
- Scripting and automation: PowerShell, Python.
- CI/CD tools: Jenkins.
- SIEM and log ingestion: Splunk (indexes, sourcetypes, data models, HEC, apps, forwarders).
- Event streaming & logging: Azure Event Hubs, Kafka, syslog.
- EDR platforms: Sentinel, Microsoft Defender, CrowdStrike, or similar.
- Strong independent research and analytical skills.
- Systematic and logical troubleshooting approach.
- Ability to create clear, detailed, and structured technical documentation.
- Ability to communicate requirements, risks, and status updates effectively to diverse technical teams.
- Bachelor’s degree in Information Technology or a related field is preferred but not required.
Most Popular Jobs Similar to Information Technology Security Analyst
it security analyst
information security analyst
information systems security analyst
security analyst
senior it security analyst
senior information security analyst
cyber security analyst
it security specialist
security system analyst
computer systems security analyst
Other Helpful Pages Related To IT Security Analyst
Vulnerability Analyst Salaries
Frequently asked questions
Q: What skills or qualities help someone succeed as a Information Technology Security Analyst?
A: To succeed as an Information Technology Security Analyst, key technical skills include proficiency in security frameworks and protocols (e.g., NIST, HIPAA), knowledge of threat analysis and mitigation techniques, and expertise in security tools and technologies (e.g., firewalls, intrusion detection systems). Soft skills such as strong analytical and problem-solving abilities, effective communication and collaboration skills, and a detail-oriented approach to work are also essential for identifying and addressing security vulnerabilities. By combining these technical and soft skills, IT Security Analysts can effectively protect an organization's digital assets and support long-term career growth through opportunities for professional development and advancement.
Q: What is the career path for a Information Technology Security Analyst?
A: A typical career progression for an Information Technology Security Analyst involves starting as a junior security analyst, where they gain hands-on experience with security tools and technologies, and then advancing to mid-level roles such as security engineer or security consultant, where they develop expertise in specific security domains like threat analysis or compliance. As they gain seniority, they can move into leadership positions like security manager or chief information security officer (CISO), where they oversee security strategy and operations. Throughout their career, IT security analysts can develop skills in areas like threat intelligence, cloud security, and cybersecurity frameworks, and may also pursue certifications like CompTIA Security+ or CISSP to enhance their career prospects.