Cybersecurity Analyst

Company Overview
TotalCyber Consulting, established in 2018, specializes in delivering top-tier Cyber Security Consulting and Staffing services to mid-size, large, and global enterprises. We are committed to empowering organizations with innovative security solutions to protect their digital assets and infrastructure.

Role Overview

The Senior Information Security Analyst partners with business units, IT, DevOps, and third-party vendors to maintain and continuously strengthen the organization's security posture and regulatory compliance. This role demands deep technical expertise across cloud environments, operational security, risk management, and data privacy — paired with the maturity to lead initiatives, influence stakeholders, and drive measurable improvements to the Information Security Management System (ISMS).

Key Responsibilities

Security Operations & Monitoring

• Monitor and analyze security alerts from SIEM and other detection tools; tune rules and enhance detection capabilities to reduce false positives and improve threat visibility.
• Lead vulnerability assessments across network, infrastructure, OS, and applications; track findings through to validated remediation.
• Ensure timely patching and system hardening across all infrastructure layers, including endpoints, servers, and cloud workloads.
• Participate in and continuously improve incident response, business continuity, and disaster recovery exercises.
• Stay current on emerging threats, vulnerabilities, and attack techniques; translate intelligence into actionable defensive recommendations.

Application & Cloud Security

• Advise DevOps and Engineering teams on secure architecture, secure-by-design principles, and common application vulnerabilities (OWASP Top 10, etc.).
• Conduct application security assessments, code reviews, and penetration test coordination; drive remediation with development teams.
• Collaborate with IT to ensure secure design and deployment of systems, networks, and cloud environments.
• Support system administrators with security policy deployment and configuration aligned to company standards and industry benchmarks (e.g., CIS).

Compliance & Risk Management

• Lead and support technical compliance activities for applicable frameworks (GDPR, HIPAA, PII, SOC 2, CIS); identify control gaps, implement remediation, and gather audit evidence.
• Perform internal access control reviews and spot audits to verify policy adherence and data protection standards.
• Assess third-party and external vendors for alignment with the ISMS; maintain vendor risk documentation and escalate material findings.
• Assist in designing, maintaining, and continuously improving the ISMS to reflect the evolving risk landscape.
• Prepare executive-ready reports documenting security metrics, threat activity, and audit outcomes for leadership and senior IT staff.

Security Awareness & Training

• Develop and deliver effective security awareness training and educational materials covering general cybersecurity hygiene, PHI handling, and HIPAA compliance.
• Champion a security-first culture by engaging employees at all levels with relevant, practical guidance.

Required Qualifications & Skills

• Bachelor's degree in Computer Science, Information Security, or a closely related field.

• 5+ years of progressive experience in an information security role, including hands-on implementation of security controls.

• Strong technical foundation in IT systems, network security, cloud security (AWS, Azure, or GCP), and infrastructure hardening.

• Hands-on experience with endpoint protection platforms, SIEM solutions, and log analysis.

• Solid understanding of identity and access management (IAM), encryption, and authentication frameworks.

• Familiarity with secure coding practices and common application-layer vulnerabilities.

• Experience conducting vendor risk assessments and managing third-party security relationships.

• Proficiency with compliance frameworks: GDPR, US data privacy laws, HIPAA, SOC 2, and CIS Controls.

• Relevant certifications such as CISSP, CISM, CEH, SANS GIAC, or equivalent.

• Excellent analytical, problem-solving, and written/verbal communication skills.

• Proven ability to work independently across remote or distributed teams.

• Sound judgment, high integrity, and a self-motivated approach to continuous learning.

Pay: $80,000.00 - $110,000.00 per year

Benefits:

• Paid time off

Experience:

• Cybersecurity: 5 years (Preferred)
• Security Awareness & Training: 3 years (Preferred)
• GRC: 3 years (Preferred)
• Security Operations and Analytics: 2 years (Preferred)

License/Certification:

• CISSP (Preferred)

Work Location: Remote