Information Security Analyst

Information Security Analyst at Atlas Technica

Atlas Technica, a rapidly growing organization providing IT management, user support, and cybersecurity for hedge funds and other investment firms, is seeking a skilled Information Security Analyst. Founded in 2016, Atlas Technica prioritizes uncompromising service, ownership, execution, growth, intelligence, and camaraderie, fostering a professional yet friendly environment with opportunities for professional and career development for its global team.

This highly technical, remote role (for UA Candidates only) reports to the Chief Information Security Officer (CISO) and offers excellent career development. You will collaborate closely with the CISO and various teams to enhance the security posture of both Atlas Technica and its clients. As a new position, this role is expected to evolve, providing significant opportunities for growth and adaptation within the company.

Key Responsibilities

Vulnerability Management

• Review vulnerability reports and research scalable remediation solutions.
• Collaborate with Support/NOC teams to ensure minimal client impact during remediations and facilitate maintenance windows.
• Work with CS/Engineering to script and automate remediation processes.
• Track progress in ticketing systems, including master tickets for multi-client initiatives and sub-tickets for individual clients.
• Address vulnerabilities for clients' third-party vulnerability management platforms (e.g., Cavelo) and apply remedies across the client base.

Risk Management and Due Diligence

• Provide accurate and timely responses to Due Diligence Questionnaires (DDQs).
• Review and analyze findings from risk assessments and penetration tests for Atlas Technica and its clients.
• Address identified vulnerabilities and recommend effective remediation strategies.
• Participate in Business Impact Analyses and tabletop exercises to improve organizational resilience.

Industry Benchmark Alignment and Standards Updating

• Initiate measurement of alignment with Microsoft benchmarks in Intune and actively work to increase scores.
• Address vulnerabilities and issues found in workstation builds, cloud infrastructure configurations, and security settings.
• Harden systems to enhance security across workstations, cloud infrastructure, and security configurations.

SOC 2 Maintenance and Additional Security Tasks

• Perform test restores as part of disaster recovery planning.
• Conduct reviews of KnowBe4 phishing tests and security training programs.
• Review SIEM logs to identify potential threats.
• Assist in addressing cybersecurity incidents promptly.
• Collaborate with NOC and outsourced SOC on remediation runbooks.
• Perform additional tasks as assigned to support the security team and organization's goals.

Requirements

• Strong understanding of cybersecurity principles and practices.
• Proven experience with vulnerability management and remediation.
• Familiarity with Microsoft Intune and security benchmarks.
• Excellent analytical and problem-solving capabilities.
• Ability to work effectively and collaboratively with cross-functional teams.
• Strong communication skills, both written and verbal.
• Demonstrated ability to work independently.
• Experience with security tools such as SIEM, IDS/IPS, and vulnerability scanners.
• Experience with RMM/SOAR and other automation platforms.
• Proficiency in scripting.
• Experience in writing detailed runbooks.

Desirable Qualities

• Experience working in an MSP environment (preferred, but not required).
• Relevant cybersecurity certifications (e.g., AZ-500, SC-900, SC-300, CompTIA Security+).

Key skills/competency

• Cybersecurity Principles
• Vulnerability Management
• Risk Assessment
• Microsoft Intune
• SIEM
• Scripting
• Automation
• Incident Response
• SOC 2 Compliance
• Network Security