Information Security Analyst

Information Security Analyst – Boston, MA (Hybrid) - $85,000 - $105,000A leading professional services organization is seeking an Information Security Analyst to join its growing cybersecurity team in Boston.This is a newly created growth hire driven by increased demand and expansion within the security function. The team is looking to add a technically focused cybersecurity professional who can support vulnerability management, security operations, and incident response activities within a highly collaborative environment.The organization currently has a small security team with strong GRC and audit coverage in place and is specifically seeking someone with hands-on cybersecurity and technical security operations experience rather than a purely governance or compliance-focused background.This is an excellent opportunity for someone who wants to continue building technical cybersecurity expertise while gaining exposure to enterprise security operations, detection engineering, vulnerability management, and future growth opportunities into engineering or security architecture roles.Key Responsibilities:Vulnerability ManagementOperate, configure, and tune enterprise vulnerability scanning platformsIdentify, validate, prioritize, and track vulnerabilities across endpoints, servers, cloud environments, and applicationsDifferentiate between true positives, false positives, and accepted risks or compensating controlsPrioritize remediation activities using threat intelligence, CVSS, EPSS, and business impact analysisPartner with infrastructure and IT teams to coordinate remediation efforts and track progressSupport reporting requirements for leadership, audits, compliance frameworks, and client security requestsAssist with penetration test remediation and validation activitiesSecurity Operations & Incident ResponseMonitor and respond to alerts from SIEM, EDR, email security, and identity management platformsPerform Tier 1–2 incident triage and investigation activitiesSupport containment, eradication, and remediation efforts during security incidentsCollect evidence, document findings, and contribute to post-incident reviewsParticipate in a light on-call rotation schedule shared across the teamSecurity Engineering & Tooling SupportAssist with tuning and optimization of security monitoring and detection toolsSupport onboarding of new log sources and validation of detection logicHelp maintain SOAR workflows and automation processesContribute to security hardening initiatives and operational improvementsSupport ongoing enhancement of the organization’s security tooling and monitoring capabilitiesRequired Experience3+ years of experience within cybersecurity, security operations, vulnerability management, or related technical security rolesHands-on experience with cybersecurity tools such as:Vulnerability scannersSIEM platformsEndpoint detection and response (EDR)Email security solutionsUnderstanding of:CVE/CVSSEPSSVulnerability remediation processesIncident response fundamentalsAbility to investigate alerts and support incident handling activitiesStrong troubleshooting, analytical, and communication skillsAbility to work collaboratively in a fast-paced, service-oriented environmentStrong ownership mentality and ability to independently drive work to completionPreferred ExperienceExperience with tools such as:NessusRapid7QualysMicrosoft DefenderSplunkSentinelCrowdStrikeProofpointMimecastFamiliarity with:ISO/IEC 27001NIST CSFHIPAA safeguardsSOAR automationsCertifications such as:Security+CySA+GSECEquivalent cybersecurity certificationsExperience working within legal, financial services, healthcare, or other regulated environmentsWhat Makes This Opportunity UniqueNewly created growth position within a collaborative and supportive security teamStrong technical focus with exposure to enterprise cybersecurity operationsOpportunity to work across vulnerability management, security operations, incident response, and detection engineeringOpen to candidates from both traditional and non-traditional cybersecurity backgroundsClear long-term growth potential into security engineering and architecture rolesCollaborative environment with strong mentorship and learning opportunities