Security Analyst

At Core Health & Fitness, our purpose is to live and share our passion for fitness. We bring innovative health and fitness solutions to the global market with brands like Stair Master, Schwinn, Nautilus, Star Trac, Throwdown, Wexer, Gym Rax, Core Fit Collective and we’re still growing. We press into the future of fitness to ensure the creation of quality products and programming that meet the needs of an ever-evolving industry.

At Core we are committed to building an energetic, diverse, and inclusive workspace. We value our differences and see community strength in diversity and representation. We’re always on the lookout for innovators, dreamers and doers who are passionate about fitness and wellbeing. We explore all opportunities to improve ourselves, our business partners, and our community. If you’re looking for a fulfilling career in helping people, find the best version of themselves, you’ve come to the right place.

We are looking for a Security Analyst to join our growing organization!

General

Position Summary:

The Security Analyst is a hands-on role within IT responsible for daily operation and continual improvement of the company’s security and privacy posture across on-prem and SaaS environments and global user base. This role focuses on monitoring and tuning a 13+ tool security stack, detecting and responding to threats, and supporting growing regulatory and customer compliance demands (GDPR, PII, and industry frameworks.)Roles

and Responsibilities Security Monitoring, Tools & Incident Response Monitor and manage alerts across a multi-tool ecosystem (e.g., MDR/XDR, email security, IDS/IPS, firewall, MDM, vulnerability scanner, DLP, password/privileged access tools, cloud security, backup/DR, and threat-intel feeds).Normalize, correlate, and tune alerts from 13+ tools to reduce noise and focus on high-value events, maintaining clear runbooks for triage and escalation.

Lead initial investigation and containment of incidents (phishing, malware, account compromise, ransomware, data exfiltration), coordinating with Helpdesk, systems engineer, and network architect as needed.

Maintain case records, evidence, and post-incident reports that feed into continual improvement of rules, playbooks, and configurations.

Vulnerability, Configuration Management & Auditing Operate vulnerability management tools to scan servers, endpoints, network devices, and key applications; track remediation with system owners and prioritize based on business impact.

Work with the technical architect/network engineer to implement and validate secure configurations, hardening baselines, network segmentation, and logging on firewalls, VPN, and other perimeter tools.

Monitor vendor security advisories, CVEs, and threat bulletins and recommend patching or compensating controls for high-risk exposures.

Audit work for IAM/access management, RBAC roles.

Tool Integration, Automation & Optimization Administer day-to-day operations of the security toolset: manage access, policies, rules, connectors, and integrations with infrastructure and identity platforms.

Collaborate with IT to integrate security tools with ticketing, identity, and logging platforms, and help design lightweight automation/playbooks where supported (e.g., auto-quarantine, IP blocking, user notifications).Evaluate overlapping capabilities across the 13+ tools and provide recommendations to simplify, consolidate, or better utilize existing investments.

Compliance, Privacy & Customer Demands Support implementation and ongoing operation of controls for GDPR, PII protection, and security frameworks (e.g., SOC 2-like controls, ISO/NIST-aligned practices as pursued by the business).Use SIEM and related tools for log retention, evidence gathering, and reporting to support audits, customer due-diligence requests, and data-privacy impact assessments.

Maintain and update security documentation (asset lists, data flows, risk registers, control matrices, and tool inventories) to reflect the current environment.

Participate in CAB process as appropriate.

Policies, Awareness & Support for Small Teams Contribute to security and privacy policies, standards, and procedures that are…