Information Security Administrator - Boston

Position Summary:The Information Security Analyst is a hands‑on technical role responsible for managing the firm’s enterprise vulnerability management program while supporting daily security monitoring and incident response activities. Under the supervision of the Information Security Manager, this role will lead the identification, prioritization, reporting, and remediation coordination of vulnerabilities across the firm’s systems and provide technical support for detection tuning and security tool configuration. Mintz Information Security is a small, highly collaborative, cross-functional team that provides cybersecurity and GRC capabilities to the firm. Our IT organization maintains an ISO/IEC 27001:2022 certification, and this role plays a key part in ensuring continued compliance with our ISMS program.Primary Responsibilities: Vulnerability ManagementOperate, configure, and tune vulnerability scanning tools.Validate vulnerabilities across endpoints, servers, applications, and cloud environments.Distinguish between true positives, false positives, and vulnerabilities mitigated through compensating controls.Prioritize findings using threat intelligence, EPSS, CVSS, and business impact.Coordinate remediation efforts across IT teams and collaborate with those teams to ensure solutions fit the firm’s risk posture and needs.Track remediation progress, manage risk exceptions, and escalate overdue high‑risk items.Maintain dashboards and reporting for leadership, ISO/IEC 27001, HIPAA, and client requests.Support penetration test remediation and validation.Security Monitoring & Incident ResponseMonitor, analyze, and respond to alerts from SIEM, endpoint security, email security, and identity systems.Perform Tier 1–2 incident triage and determine severity and scope.Conduct investigations, collect evidence, support containment and eradication.Document incidents and contribute to post‑incident reviews.Participate in on‑call or rotation-based escalation as required.Detection Engineering & Security Tool SupportAssist with tuning SIEM, EDR, and other security tools.Support onboarding of new log sources.Validate new detection logic.Maintain SOAR workflows related to vulnerabilities.Support configuration hardening activities.This role requires 60% in office presence; remote work is permissible 40% of the time. Qualifications:3–5 years of experience in vulnerability management or security operations.Experience with vulnerability scanners (Nessus, Rapid7, Qualys, Defender TVM).Understanding of CVE/CVSS, EPSS, and remediation.Experience with SIEM, EDR, or email hygiene tools (Splunk, Sentinel, Rapid7, Defender, CrowdStrike, Proofpoint, Mimecast).Ability to support incident investigations.Familiarity with ISO/IEC 27001, NIST CSF, and HIPAA safeguards.Strong analytical and communication skills.Ability to ‘own the problem’ and work tasks, incidents, or projects to completion.Ability to function in a fast-paced, service-oriented environment, prioritize multiple projects on a daily basis, and adjust to shifting priorities.Strong planning, project management and organizational skills.Strong sense of urgency.Facility analyzing, working with and presenting data.Ability to collaborate and gain the respect, trust, and confidence of the Firm’s attorneys and professional staff.Creative and proactive approach to problem solving.Facilitate teamwork and identify opportunities to develop new processes/infrastructure.Demonstrated ability to grasp and implement new concepts quickly.Strong analytical abilities, resourcefulness, and attention to detail.Ability to work independently and as part of a team with a proactive and positive style that fosters collaborative working relationships.Outstanding sense of customer service.Deep personal commitment to integrity, excellent judgment, and the highest standards of ethics.Must display the highest level of diplomacy, tact and discretion, with comfort in handling and maintaining confidential information. Preferred QualificationsExperience in legal or regulated environments.Certifications such as Security+, CySA+, GSEC, or equivalent.Familiarity with SOAR automations. This job description is a general description of the types of responsibilities that are required of an individual in this job. It is not intended to be a complete list of the responsibilities, duties and skills that may be required for this job.Physical Demands:This position requires sitting or standing for long periods of time and the continuous operation of standard office equipment, such as computers, keyboards and phones. It also requires mobility sufficient to perform certain job functions, such as getting to photocopiers/scanners/fax machines, and regular bending, reaching, lifting, stooping and occasionally pulling, pushing and/or lifting items that weigh up to 25 pounds. The salary range for this position in Boston is $85,000-$100,000This position is bonus eligible. Mintz offers a comprehensive benefits package.Privacy Notice for California Applicants