Cloud Security & Vulnerability Analyst

Job Summary

The Security Specialist is responsible for supporting and improving the organization’s overall security posture through continuous monitoring, analysis, coordination, and execution of security activities. This role focuses on vulnerability management, threat analysis, attack surface visibility, data protection, endpoint and cloud security operations, and regulatory compliance across enterprise and cloud environments. The Security Specialist works closely with IT, cloud, and compliance teams to assess risk, enforce security controls, and ensure security practices are consistently applied and aligned with organizational policies and regulatory requirements.

• Monitor, analyze, and support remediation of security vulnerabilities across enterprise systems, applications, endpoints, cloud environments, and network infrastructure.
• Assess and prioritize security findings, threats, and control gaps based on business risk, attack exposure, and operational impact.
• Support incident response activities, including alert triage, threat investigation, escalation, documentation, and coordination with technical teams.
• Monitor and evaluate the organization’s attack surface to identify exposed assets, misconfigurations, unauthorized access risks, and security weaknesses.
• Support security operations within Microsoft Azure environments, including monitoring and administration activities related to Microsoft Defender, Microsoft Sentinel, Microsoft Purview, and related security technologies.
• Assist with endpoint, operating system, and network security initiatives, including configuration validation, compliance monitoring, access controls, firewall reviews, and device management activities.
• Support data governance and data security posture management initiatives, including data classification, labeling, access monitoring, and protection of sensitive information.
• Assist with implementation, validation, and documentation of security controls aligned with regulatory, compliance, and cybersecurity frameworks, including NIST, CMMC, ISO, SOC, CIS, and FedRAMP standards.
• Maintain and update security policies, procedures, standards, audit evidence, operational documentation, and compliance tracking records.
• Collaborate with engineering, infrastructure, data, and compliance teams to improve security posture, support secure adoption of AI technologies, participate in security assessments and tabletop exercises, and recommend continuous improvement opportunities.

Instills Trust | Communicates Effectively | Demonstrates Customer Focus | Takes Initiative | Makes Quality Decisions | Drives Growth | Ensures Accountability | Drives Results

• Strong knowledge of cybersecurity principles, threat detection, vulnerability management, incident response, and security monitoring within enterprise environments.
• Working knowledge of networking, operating systems, identity and access management, endpoint security, cloud security concepts, and enterprise security controls.
• Experience using security technologies and tools, including SIEM platforms, EDR/XDR solutions, vulnerability scanning tools, email security solutions, and Microsoft security technologies within Azure environments.
• Ability to investigate security alerts and incidents, analyze logs and attack activity, prioritize remediation efforts, and support containment and recovery activities.
• Ability to support security governance and compliance initiatives, including control validation, audit support, documentation management, and alignment with frameworks such as NIST, CIS, ISO, SOC, CMMC, and FedRAMP.
• Strong analytical, organizational, and communication skills with the ability to document findings, elevate risks appropriately, collaborate across technical and business teams, and operate effectively within established security processes and procedures.

• This position does not have direct supervisory responsibilities; however, it will collaborate closely with cross-functional teams and provide guidance and subject matter expertise in an advisory capacity.