Sr Information Security Analyst

Who We AreEmpowering Connections, Inspiring PossibilitySageNet is the single, accountable partner unifying connectivity and digital experiences for widely distributed enterprises. We design, deploy, manage, and monitor critical infrastructure across thousands of locations. Our U.S.-based Network Operations Centers operate 24/7, and our national field force delivers consistent outcomes from pilot to scale.Trusted connections guide how we work and what we build. On the networking and digital side, it means reliable, secure, and visible systems that keep every store, every screen, and every customer connected. On the human side, it means transparent communication, collaborative problem solving, and long-term partnerships with our customers, teammates, and communities.With a three-decade track record in managed services, SageNet boasts a long-term customer base that includes some of the nation’s largest retail, restaurant, c-store, and financial brands. Headquartered in Tulsa, SageNet has regional offices in Atlanta, Toronto, and Washington, D.C.What You’ll DoThe Senior Information Security Analyst plays a critical role in executing and maturing SageNet’s information security program. This position supports and extends the Director of Information Security by owning key security operations, governance, risk, and compliance activities while acting as a delegated decision-maker for day-to-day security program execution.This role balances hands-on operational responsibility with cross-functional leadership, ensuring security controls are effective, risks are managed, and compliance obligations—particularly PCI DSS—are met. The position partners closely with IT, Network Engineering, Operations, and Development teams to embed security into infrastructure, applications, and business processes.Major Duties and ResponsibilitiesSecurity OperationsOversee SIEM alert tuning, investigation, triage, and escalation in coordination with SOC providersServe as the primary incident response coordinator during security events, including investigation, documentation, and follow-upDevelop and deliver security awareness and training initiativesMaintain operational security metrics and prepare reporting for leadershipPartner with IT and system owners to manage IAM controls, access reviews, and privileged access governanceSecurity Architecture & EngineeringAct as a subject matter expert for secure network architecture, including firewalls, VPNs, SD-WAN, wireless, and authentication systemsLead firewall and network security review processes to ensure alignment with internal policies and PCI DSS requirementsApplication SecurityServe as the primary security stakeholder for internally developed and customer-facing applicationsDefine and maintain application security requirements aligned with PCI DSS 4.0, OWASP ASVS, and secure SDLC practicesPartner with development and engineering teams to integrate security into the software development lifecycleReview application designs and architectures for security risks related to authentication, authorization, data handling, and segmentationOversee application vulnerability management activities, including SAST, DAST, and software composition analysis (SCA)Coordinate remediation, risk acceptance, and exception tracking for application security findingsSupport and validate application-layer penetration testing and remediation effortsAct as a security escalation point for application-related incidentsRisk & Vulnerability ManagementOwn the end-to-end vulnerability management lifecycle across infrastructure and applicationsCoordinate remediation efforts with Network Engineering, IT Infrastructure, Operations, and Development teamsConduct targeted risk assessments and support enterprise risk management activitiesCompliance & GovernanceLead coordination of PCI DSS compliance activities, including evidence collection, control validation, and engagement with external QSAsManage the lifecycle of security policies and procedures, ensuring alignment with regulatory and business requirementsSupport customer, regulatory, and internal audit activitiesWho You AreRequired Qualifications5+ years of experience in information security, network security, or security governance rolesBachelor’s degree in information security, Computer Science, MIS, or equivalent professional experienceAt least one security certification is required (e.g., Security+, CySA+, SSCP, GSEC)Strong working knowledge of vulnerability management tools, SIEM platforms, and log analysisSolid understanding of firewall architectures and access control review methodologiesWorking knowledge of PCI DSS 4.0 and managed service provider shared-responsibility modelsStrong understanding of application security principles, including common web vulnerabilities (OWASP Top 10)Experience coordinating remediation efforts across technical and non-technical teamsExcellent communication, documentation, and analytical skillsAbility to independently manage multiple priorities in a fast-paced environmentPreferred QualificationsAdvanced security certifications such as CISSP, CISM, ISA/QSA, or equivalentFamiliarity with SD-WAN, WAF, IDS/IPS, VPN, identity management, and network segmentationExperience supporting or reviewing SAST, DAST, and penetration testing activitiesComfortable serving as a functional lead and escalation point across security domainsWHERE YOU’LL WORKThis role operates in a hybrid work model within a fast-paced managed services environment supporting large, distributed customer bases. The position requires close collaboration with cross-functional teams and active leadership of security initiatives that improve operational maturity and reduce risk.This position may be performed in office or as a fully remote role, based on business needs and candidate locationStandard business hours with occasional after-hours availability required to support incident response or critical security eventsProfessional work environment whether in office or remote, requiring a dedicated and secure workspaceRegular collaboration with technical and non-technical teams across multiple time zonesWork performed primarily using computers, secure systems, and standard office equipmentPhysical RequirementsAbility to sit for extended periods of time while working at a computer and participating in virtual meetingsFrequent use of hands and fingers for typing, navigating systems, and using standard office equipmentAbility to visually review and analyze information on computer screens for prolonged periods, including logs, dashboards, and technical documentationAbility to communicate effectively verbally and in writing, including participating in meetings, training sessions, and incident response activitiesOccasional ability to move within an office environment to attend meetings or collaborate with team membersCLASSIFICATION*: Exempt/SalariedPOSITION TYPE: FulltimeTRAVEL REQUIREMENTS: MinimalDIRECT REPORTS: None (acts as a functional lead for security processes)SAFETY SENSITIVE: NoReady to join a team that values trusted connections? Apply now!Equal Opportunity EmployerSageNet is committed to a skills-first approach when it comes to hiring. As such, we value merit, qualifications, and business needs when making employment decisions. It is the policy of SageNet to provide equal employment opportunity to all employees and applicants without regard to race, color, sex (including pregnancy, sexual orientation, and gender identity), age, religion, national origin, disability, genetic information, veteran or military status, marital status, or any other legally protected status. SageNet strictly prohibits and does not tolerate discrimination, harassment, or retaliation on the basis of any legally protected status.SageNet will not discriminate against any employee or applicant because they are a disabled veteran, recently separated veteran, active-duty wartime or campaign badge veteran, or Armed Forces services medal veteran in regard to any position for which the employee or applicant is qualified. As a federal contractor, SageNet is committed to taking affirmative action to employ and advance in employment protected veterans, and to treat qualified individuals without discrimination based on their status as protected veterans in all employment practices.SageNet will not discriminate against any employee or applicant because of physical or mental disability in regard to any position for which the employee or applicant is qualified. As a federal contractor, SageNet is committed to taking affirmative action to employ and advance individuals with disabilities, and to treat qualified individuals without discrimination on the basis of their physical or mental disability in all employment practices. If you have a disability or special need that requires accommodation, please let us know by contacting your HR representative or any member of management.Legal DisclaimerThis job description is intended to provide a general overview of the position. It is not an exhaustive list of all responsibilities, duties, and skills required. SageNet reserves the right to modify this job description at any time, with or without notice. Employment with SageNet is at-will, meaning that either the employee or the company may terminate the employment relationship at any time, with or without cause or notice. SageNet will provide reasonable accommodations for qualified individuals with disabilities.As a managed services provider, SageNet maintains a high level of information Security. SageNet has a published Information Security Policy and provides mandatory Security Awareness Training for all employees. SageNet requires that all employees adhere to published SageNet security policy, failure to do so may result in termination of employment. The SageNet security program is only as strong as our people and as such it is the responsibility of all employees to protect corporate and customer data following best practices and policies