Security Analyst
NPAworldwide, Buffalo, NY, United States
Job Description
You'll be responsible for executing a structured monthly security program, managing a robust security toolset, maintaining NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) compliance, and serving as the organization's go‑to resource for all things information security. If you're a hands‑on security professional with audit experience, solid framework knowledge, and a methodical approach to risk and remediation, this role offers real ownership in a stable, respected organization.
What You'll Do
Execute a defined monthly security program including monitoring, alerting, vulnerability management, and follow‑up on findings
Monitor networks and endpoints via SIEM and EDR tools; investigate anomalies and triage security events
Manage vendor vulnerability disclosures, assess severity, develop remediation plans, and track resolution
Coordinate with internal stakeholders and external partners on annual NYDFS 500 audits and ongoing compliance activities
Conduct and oversee security assessments including penetration testing, phishing simulations (KnowBe4), vishing, and social engineering exercises; manage follow‑up training for users who fail tests
Work with an external security partner (monthly rotating engagements external pen tests, internal attack simulations, and more) to maintain a layered security posture
Develop, maintain, and enforce security policies and procedures; cross‑train IT staff to build organizational resilience
Prepare clear, standardized reports detailing threats, vulnerabilities, risks, and recommended mitigation steps
Respond to ad‑hoc internal security support requests
Assist with company‑wide system upgrades as needed
Security Tools & Technologies
Vulnerability Management: Tenable
Penetration Testing: Kali Linux, Acunetix / Invicti
Endpoint Detection & Response: Carbon Black Detect and Protect
Security Awareness & Phishing Simulation: KnowBe4 (managed internally)
External Security Partner: Hack at Cyber (monthly rotating engagements)
SIEM: Security Information and Event Management platform
Endpoint & Device Management: Microsoft Intune compliance policies
Firewall: Rule and policy management
OS Hardening: Operating system hardening tools and best practices
Anti‑malware: Endpoint protection solutions
Qualifications
5+ years of hands‑on information security experience; equivalent experience considered in lieu of a degree
Demonstrated experience with security audits, remediation tracking, and incident response; candidates who have never been through a full audit cycle will not be considered
Working knowledge of security frameworks including CIS Controls, NIST, ISO 27001, or similar; ability to apply framework knowledge to real‑world decisions (e.g., evaluating proposed changes against NYDFS 500 requirements)
Hands‑on experience with vulnerability management, SIEM monitoring, EDR tools, and penetration testing methodologies
Familiarity with NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) is a strong plus; broader regulated industry compliance experience acceptable
Strong documentation skills; ability to write clear policies, procedures, and executive‑ready reports
Comfortable communicating security risk to both technical teams and non‑technical leadership
Strong organizational skills with the ability to manage a structured monthly program and respond to unplanned events
About The Role
Our client, an established and highly regarded industry leader in Western New York, is seeking an experienced Information Security Analyst to serve as the primary security professional within their IT organization. This newly created role is the result of a long‑tenured security leader stepping into an executive position, meaning the program is mature, the tools are in place, and this person walks into a well‑documented, well‑resourced environment rather than starting from scratch.
Outstanding Benefits
Employees may be eligible for a hybrid telecommuting schedule upon successful completion of onboarding period.
Pension Plan
Generous Profit Sharing – annual payout
401K with match
4 weeks PTO to start
5 days Sick time
10 Holidays
Newly renovated workspace including sit/stand desks
Compensation & Salary
Annual Salary: USD 85,000 – 115,000
#J-18808-Ljbffr
You'll be responsible for executing a structured monthly security program, managing a robust security toolset, maintaining NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) compliance, and serving as the organization's go‑to resource for all things information security. If you're a hands‑on security professional with audit experience, solid framework knowledge, and a methodical approach to risk and remediation, this role offers real ownership in a stable, respected organization.
What You'll Do
Execute a defined monthly security program including monitoring, alerting, vulnerability management, and follow‑up on findings
Monitor networks and endpoints via SIEM and EDR tools; investigate anomalies and triage security events
Manage vendor vulnerability disclosures, assess severity, develop remediation plans, and track resolution
Coordinate with internal stakeholders and external partners on annual NYDFS 500 audits and ongoing compliance activities
Conduct and oversee security assessments including penetration testing, phishing simulations (KnowBe4), vishing, and social engineering exercises; manage follow‑up training for users who fail tests
Work with an external security partner (monthly rotating engagements external pen tests, internal attack simulations, and more) to maintain a layered security posture
Develop, maintain, and enforce security policies and procedures; cross‑train IT staff to build organizational resilience
Prepare clear, standardized reports detailing threats, vulnerabilities, risks, and recommended mitigation steps
Respond to ad‑hoc internal security support requests
Assist with company‑wide system upgrades as needed
Security Tools & Technologies
Vulnerability Management: Tenable
Penetration Testing: Kali Linux, Acunetix / Invicti
Endpoint Detection & Response: Carbon Black Detect and Protect
Security Awareness & Phishing Simulation: KnowBe4 (managed internally)
External Security Partner: Hack at Cyber (monthly rotating engagements)
SIEM: Security Information and Event Management platform
Endpoint & Device Management: Microsoft Intune compliance policies
Firewall: Rule and policy management
OS Hardening: Operating system hardening tools and best practices
Anti‑malware: Endpoint protection solutions
Qualifications
5+ years of hands‑on information security experience; equivalent experience considered in lieu of a degree
Demonstrated experience with security audits, remediation tracking, and incident response; candidates who have never been through a full audit cycle will not be considered
Working knowledge of security frameworks including CIS Controls, NIST, ISO 27001, or similar; ability to apply framework knowledge to real‑world decisions (e.g., evaluating proposed changes against NYDFS 500 requirements)
Hands‑on experience with vulnerability management, SIEM monitoring, EDR tools, and penetration testing methodologies
Familiarity with NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) is a strong plus; broader regulated industry compliance experience acceptable
Strong documentation skills; ability to write clear policies, procedures, and executive‑ready reports
Comfortable communicating security risk to both technical teams and non‑technical leadership
Strong organizational skills with the ability to manage a structured monthly program and respond to unplanned events
About The Role
Our client, an established and highly regarded industry leader in Western New York, is seeking an experienced Information Security Analyst to serve as the primary security professional within their IT organization. This newly created role is the result of a long‑tenured security leader stepping into an executive position, meaning the program is mature, the tools are in place, and this person walks into a well‑documented, well‑resourced environment rather than starting from scratch.
Outstanding Benefits
Employees may be eligible for a hybrid telecommuting schedule upon successful completion of onboarding period.
Pension Plan
Generous Profit Sharing – annual payout
401K with match
4 weeks PTO to start
5 days Sick time
10 Holidays
Newly renovated workspace including sit/stand desks
Compensation & Salary
Annual Salary: USD 85,000 – 115,000
#J-18808-Ljbffr