Cybersecurity Analyst

About the role

The Cybersecurity Analyst is the operational owner of KPI Solutions' day-to-day information security program. The role provides 24/7 detection, analysis, response, containment, and remediation of threats directed against KPI, and serves as the principal technical contact for KPI's security tooling (SIEM/EDR, email security, MDM, IAM, PAM) and for KPI's compliance programs (SOC 2 Type 2 plus partner and internal policy frameworks). The Analyst partners with IT Operations/Infrastructure, IT Compliance, business units, vendors, and clients to continuously strengthen KPI's security posture. Essential Job Duties Threat & Incident Response Monitor SIEM/alerts (Rapid7 InsightIDR, Microsoft Defender, Abnormal Security) on a 24/7 basis across KPI networks, servers, cloud platforms, and endpoints. Monitor for and respond to security alerts; perform first-level triage, containment, and isolation/restoration of affected systems. Conduct intrusion detection analysis, correlate events across systems, and document formal technical incident reports (e.g., Jira incident write-ups). Lead investigations of phishing, account compromise, and token-theft events, including mailbox review, removal of malicious inbox rules, and data-exposure assessment. Coordinate Security Incident Follow-up cadence with MDR/MSSP partners and execute response playbooks. SOC 2 & Audit Readiness Provide control evidence to auditors and supply logs, screenshots, and exported configurations on request. Serve as the primary technical contact for the SOC 2 Type 2 audit and the Ares Cyber Program quarterly reviews. Maintain logs and reports required for ongoing audit readiness and remediation tracking. Privileged Access Management (PAM) Define PAM policies and implement supporting tooling. Perform recurring privileged-access reviews, monitor usage/logs, and track exceptions. Review and approve or deny privileged access requests. Device & Patch Management Define endpoint security baselines and track policy compliance across managed devices. Monitor EDR/NGAV coverage and disk encryption (BitLocker, USB encryption) and maintain audit trail. Partner with IT Operations and Compliance to validate Intune/ManageEngine patch deployment and address vendor-reported critical vulnerabilities. Mail & DNS Security Design and maintain SPF/DKIM/DMARC, tune phishing filters (Abnormal/Defender), and track mail security settings. Investigate mail-borne threats, manage quarantine release decisions, and ensure audit coverage of mail security controls. Backups & Disaster Recovery Review backup security configurations, validate encryption, and participate in DR testing. Log DR test results and prepare related audit artifacts. Network Security Define network segmentation requirements and ensure segmentation policy is enforced. Maintain audit evidence for VLAN/firewall configurations and tune IDS/IPS/SIEM detections. Asset Tracking Classify critical assets, maintain the asset control matrix, and map assets to audit scope. Flag unmanaged or "Not Monitored" devices and drive remediation. Data Loss Prevention (DLP) Tune DLP rules, deploy/maintain agents, and review DLP incidents. Partner with the Compliance Analyst to identify client data and intellectual property requiring protection. MDM / MAM Enforce app protection and configure Intune/MDM device compliance policies. Track enrollment status and monitor access from managed devices. Identity & Access Management Drive SSO rollouts and conditional access design via Microsoft Entra. Perform monthly roster / ADP-to-AD reconciliation and produce active employee/contractor lists for leadership and audit. Audit offboarding to ensure terminated accounts remain disabled. Monitor for non-compliant platform usage and intervene as required to ensure compliance with KPI policies. Security Awareness Run phishing simulations (Microsoft Attack Simulation) and assign role-based training through KnowBe4, including Snyk for engineering staff. Customize training content, track completion, escalate non-completion, and share threat trends with the organization. Policy, Documentation & Reporting Author and maintain enterprise security documents (policies, standards, baselines, guidelines, procedures) in Vanta, including the Incident Response Plan and Operations Security Policy. Compile and analyze data for management reporting, KPIs, and the Monthly Vulnerability & Risk Register Review and Weekly Threat Intelligence Review. Monitor threat intelligence feeds and apply MITRE ATT&CK and similar frameworks to identify TTPs. Vendor & Tool Management Serve as technical evaluator and primary point of contact for security vendors (Rapid7, Insight Assurance, Abnormal, KnowBe4, Intrust IT, Securden, Vanta, JFrog, Salesforce Security). Coordinate penetration testing engagements and review deliverables. Required Education, Skills and Experience BS/BA in Computer Science, Electrical Engineering, Information Security, or related field. Equivalent experience will be con

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at KPI Solutions? Share your experience