Security Analyst

Job Title: Security Analyst

Location: Los Angeles, California

Department: Information Security

Reporting To: Chief Information Security Officer

DESCRIPTION:

We are seeking a Security Analyst to support the protection of the firm’s information assets, client data, and technology environment. This is a junior-to-mid level role designed to provide growth opportunities for early-career professionals, including candidates with limited or no direct cybersecurity experience (e.g., help desk, systems administration, networking, or recent graduates).

The Security Analyst works with IT and business teams to help keep the firm’s systems and data secure. This role helps monitor security controls, respond to security incidents, support vulnerability management, and assist with client and third-party security requirements common in the legal industry. The position is based in the Los Angeles office and requires working on-site three (3) days per week to support daily operations and collaborate with security and IT team members. The Security Analyst will also handle other assigned duties as needed.

DUTIES/RESPONSIBILTIES:

Security Operations & Monitoring

• Monitor security alerts, logs, and dashboards (e.g., SIEM) to identify suspicious activity and potential threats.
• Perform initial triage of security events, escalate appropriately, and document actions taken.
• Assist with routine security audits and verification of security controls supporting firm policies and client expectations.
• Support access reviews and investigate potentially improper access to applications, file shares, and collaboration tools.

Incident Response & Threat Management

• Support the incident response lifecycle: identification, containment, eradication, recovery, and post-incident documentation.
• Assist with investigating malware alerts, phishing reports, and suspicious logins; coordinate remediation with IT teams.
• Stay current on emerging vulnerabilities and threats relevant to law firms and professional services environments.
• Contribute to post-incident lessons learned and recommendations to improve controls and procedures.

Vulnerability, Risk, and Third-Party Support

• Assist with vulnerability management tasks including scanning support, validation, remediation tracking, and reporting.
• Support vendor/third-party cybersecurity assessments and maintain related documentation.
• Help respond to client security questionnaires and audits by gathering evidence and describing controls accurately.
• Apply basic risk management concepts to prioritize findings and recommend pragmatic improvements.

Security Tooling, Automation, and Engineering Support

• Support implementation and maintenance of security tools (e.g., endpoint protection, MFA, email security, SIEM).
• Assist with automation and integration of security platforms (e.g., scripting, workflow tools) to improve response and reporting.
• Test and evaluate new security technologies and updates under guidance of senior team members.
• Help maintain clear documentation for configurations, procedures, and playbooks.

Training, Awareness, and Customer Service

• Support monthly security awareness by helping and manage the phishing campaign, associated training materials and advising users on secure solutions to business needs.
• Partner with IT and business teams with a service-oriented approach consistent with a law firm environment.
• Contribute to security policies, standards, and guidelines written for both technical and non-technical audiences.
• Participate in cross-functional projects and support on-site collaboration with the Los Angeles office team.

QUALIFICATIONS:

Required

• 1 to 3+ years of experience in information security OR related technical experience (e.g., IT support/help desk, systems administration, networking, SOC internship, or academic projects).
• Working understanding of core security concepts (phishing, MFA, least privilege, patching, logging) and willingness to learn.
• Basic familiarity with TCP/IP and common network concepts.
• Ability to follow runbooks, document work clearly, and escalate issues with good judgment.
• Strong customer service mindset and ability to communicate professionally with attorneys and business staff.
• High degree of discretion and sensitivity to confidential and client matters; must be able to pass a background investigation.
• Ability to be on-site in the Los Angeles office three (3) days per week.
• Must bring firm-provided laptop during vacation in the event of a major security incident.
• Must be available during a security incident.

Preferred

• Basic scripting/automation skills (e.g., PowerShell or Python).
• Familiarity with cloud environments (Azure and/or AWS) and identity/access management concepts.
• Familiarity with Active Directory and Windows file and folder permissions.
• Familiarity with PowerBI.

Education and Preferred Experience:

• Bachelor’s degree preferred (or equivalent practical experience) in Information Security, Computer Science, Engineering, or a related field.
• Hands-on exposure to one or more: SIEM (e.g., Sentinel, Splunk), vulnerability tools (e.g., Tenable, Rapid7), firewalls (e.g., Fortinet, Palo Alto), endpoint protection, or email security.
• Hands-on exposure to Microsoft Windows Active Directory and Microsoft Azure.
• CompTIA Security+ (or equivalent)
• CISSP (or progress toward certification)
• Cloud security certifications (e.g., AZ-500, AWS Security Specialty)

Physical Requirements:

• Prolonged periods of sitting at a desk and writing, reading, and typing on a computer.
• May be required to lift up to 20 pounds at times.

POSITION DETAILS

Type: Full-Time

Schedule: Hybrid

Compensation: Hourly $85K - $100k

The statements contained in this position description are not necessarily all-inclusive, additional duties and responsibilities may be assigned, and requirements may vary from time to time.

Professional business references and a background check will be required for all final applicants selected for a position. In accepting a position, it is understood that continued employment is contingent upon a satisfactory background check. A satisfactory background check is the absence of a criminal record which bears a demonstrable relationship to the applicant/employee’s suitability to perform the required duties and responsibilities of the position.

Loeb & Loeb is an Equal Opportunity Employer.

Qualified applicants with arrest or conviction records will be considered in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.