Sr Information Security Analyst

Who We Are

Empowering Connections, Inspiring Possibility. Sage Net is the single, accountable partner unifying connectivity and digital experiences for widely distributed enterprises. We design, deploy, manage, and monitor critical infrastructure across thousands of locations. Our U.S.

-based Network Operations Centers operate 24/7, and our national field force delivers consistent outcomes from pilot to scale. Trusted connections guide how we work and what we build. On the networking and digital side, it means reliable, secure, and visible systems that keep every store, every screen, and every customer connected. On the human side, it means transparent communication, collaborative problem solving, and long‑term partnerships with our customers, teammates, and communities.

With a three‑decade track record in managed services, Sage Net boasts a long‑term customer base that includes some of the nation’s largest retail, restaurant, c‑store, and financial brands. Headquartered in Tulsa, Sage Net has regional offices in Atlanta, Toronto, and Washington, D.C.

The Senior Information Security Analyst plays a critical role in executing and maturing Sage Net’s information security program. This position supports and extends the Director of Information Security by owning key security operations, governance, risk, and compliance activities while acting as a delegated decision‑maker for day‑to‑day security program execution. This role balances hands‑on operational responsibility with cross‑functional leadership, ensuring security controls are effective, risks are managed, and compliance obligations—particularly PCI DSS—are met.

The position partners closely with IT, Network Engineering, Operations, and Development teams to embed security into infrastructure, applications, and business processes.

• Oversee SIEM alert tuning, investigation, triage, and escalation in coordination with SOC providers
• Serve as the primary incident response coordinator during security events, including investigation, documentation, and follow‑up
• Develop and deliver security awareness and training initiatives
• Maintain operational security metrics and prepare reporting for leadership
• Partner with IT and system owners to manage IAM controls, access reviews, and privileged access governance

• Act as a subject matter expert for secure network architecture, including firewalls, VPNs, SD‑WAN, wireless, and authentication systems
• Lead firewall and network security review processes to ensure alignment with internal policies and PCI DSS requirements

• Serve as the primary security stakeholder for internally developed and customer‑facing applications
• Define and maintain application security requirements aligned with PCI DSS 4.0, OWASP ASVS, and secure SDLC practices
• Partner with development and engineering teams to integrate security into the software development lifecycle
• Review application designs and architectures for security risks related to authentication, authorization, data handling, and segmentation
• Oversee application vulnerability management activities, including SAST, DAST, and software composition analysis (SCA)
• Coordinate remediation, risk acceptance, and exception tracking for application security findings
• Support and validate application‑layer penetration testing and remediation efforts
• Act as a security escalation point for application‑related incidents

• Own the end‑to‑end vulnerability management lifecycle across infrastructure and applications
• Coordinate remediation efforts with Network Engineering, IT Infrastructure, Operations, and Development teams
• Conduct targeted risk assessments and support enterprise risk management activities

• Lead coordination of PCI DSS compliance activities, including evidence collection, control validation, and engagement with external QSAs
• Manage the lifecycle of security policies and procedures, ensuring alignment with regulatory and business requirements
• Support customer, regulatory, and internal audit activities