Information Security Analyst

WorkForce Unlimited is searching for a proactive Security Analyst to analyze vulnerabilities, optimize security tools, and help our client stay ahead of emerging threats.

Role Summary

The Security Analyst is responsible for independently managing third-party vulnerability data sources, executing scans using proprietary tools, and collaborating with IT teams to prioritize mitigation efforts. The role involves leveraging vulnerability management tools to generate metrics and reports that track progress and effectiveness. Additionally, the Security Analyst may contribute to reviewing project scopes to recommend security benchmarks, optimizing security tool alerts and policies, and integrating logs and large data sets into existing systems.

Role Responsibilities

• Analyze vulnerabilities from various sources and input them into the vulnerability management tool using approved methods to ensure a complete overview of exposures.
• Evaluate existing vulnerabilities to identify problem areas or opportunities for mass-mitigation.
• Communicate with cross-functional teams to explain risks, opportunities, or required actions.
• Escalate vulnerabilities that exceed defined time-to-resolve thresholds.
• Configure vulnerability scanning tools and manage ongoing scan schedules.
• Collect and maintain departmental metrics and KPIs.
• Identify opportunities to apply AI technologies to improve vulnerability management processes.

Technical Qualifications

Strong familiarity and prior experience with:

• HTTP, PKI, digital signatures/encryption, SMTP, DNS, CWEs, CVEs, and related security frameworks.
• Vulnerability and security scanning tools such as Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei, or similar.
• Web application scanning and web application firewalls (WAFs).
• Containers and associated security considerations.
• CIS Benchmarks, STIGs, or other security hardening standards.

Additional desirable skills or experience:

• Authentication and identity protocols: SAML, Kerberos, OAuth, OIDC, LDAP.
• Scripting and automation using PowerShell and Python.
• CI/CD tools such as Jenkins.
• Splunk data onboarding (indexes, sourcetypes, data models, forwarders, apps, HECs).
• Log ingestion and transport technologies: Azure Event Hubs, Kafka, syslog.
• EDR/XDR tools such as Microsoft Sentinel, Microsoft Defender, CrowdStrike, or similar.

General Qualifications

• Ability to conduct independent research, analyze data, and produce clear plans of action.
• Strong systematic thinking and troubleshooting skills.
• Ability to create clear and detailed documentation of designs and processes for diverse technical audiences.
• Excellent communication skills, including the ability to clearly articulate requirements, priorities, and project status.

Education Requirements

• Bachelor’s Degree in Information Technology or a related field is preferred but not mandatory.