Job Search Results for vulnerability management analyst

Insight Global is seeking an IS Analyst to join the IT department of an AM 200 law firm. The Information Security Analyst plays a key role in protecting the firm?s digital assets, client data, and... More case-related information by implementing and maintaining security controls in alignment with the ISO 27001 Information Security Management System (ISMS). The analyst will proactively monitor, detect, and respond to security threats; ensure compliance with legal industry data protection standards; and support ongoing risk and compliance initiatives. This role is essential for maintaining client trust, ensuring the confidentiality of privileged information, and meeting both ethical and regulatory obligations in the legal sector.Essential Functions & Responsibilities:-Security Monitoring & Incident ResponseMonitor networks, systems, and endpoints for potential threats using SIEM, EDR, and IDS/IPS tools.-Analyze security alerts, investigate incidents, and coordinate timely response and remediation.Conduct root cause analyses and prepare post-incident reports.-Maintain and test the Incident Response Plan as part of ISO 27001 continuous improvement.Participate in legal hold or eDiscovery-related security reviews when required.-Risk Management & ISO 27001 AlignmentSupport the firm?s Information Security Management System (ISMS) and contribute to maintaining ISO 27001 certification.-Conduct periodic risk assessments, identifying potential threats to confidentiality, integrity, and availability of legal data.-Document and monitor risk treatment plans and corrective actions.-Participate in internal and external ISO audits by providing evidence and maintaining control documentation.-Contribute to the ongoing maintenance of the Firm?s risk register.-Seek out opportunities for continuous improvement in processes and procedures.-Vulnerability Management & Threat Intelligence-Perform regular vulnerability scans and coordinate remediation with IT and service providers.-Monitor industry-standard threat intelligence sources, cybersecurity forums, and dark web feeds for emerging risks, vulnerabilities, and threat actor activities targeting the legal sector.-Track and report vulnerabilities relevant to law firms, third-party vendors, and legal technology platforms (e.g., document management systems, case management tools).-Track and report on patch-management activity to be sure it aligns with required standards.Stay informed on evolving attack vectors such as business email compromise, ransomware, and data exfiltration threats impacting professional services firms.-Governance, Policy, and ComplianceDevelop, maintain, and enforce security policies, procedures, and standards in accordance with ISO 27001 Annex A controls and policy lifecycle.-Ensure adherence to data privacy laws (e.g., GDPR, CCPA) and client contractual obligations.Collaborate with legal teams to align information security practices with attorney?client privilege requirements and ethical obligations.-Support third-party vendor risk assessments and due diligence processes.-Security Awareness & Continuous Improvement-Support the firm?s security awareness training program and conduct periodic phishing simulations.-Educate staff on secure handling of confidential documents and client communications.-Contribute to the continuous improvement cycle of the ISMS by identifying opportunities for control enhancement.-Keep up to date with the latest developments in cybersecurity, privacy law, and ISO frameworks.-Access Control & Data ProtectionManage and review access controls, ensuring least privilege and role-based access models are enforced.-Monitor privileged accounts and perform periodic user access reviews.-Work with IT to secure document repositories, collaboration tools, and cloud-based applications.-Review and act as needed to on data loss prevention alerts from various tools.Technical Skills:Experience with ISO 27001, NIST CSF, or CIS Controls.Proficiency with SIEM platforms (e.g., Splunk, Sentinel, LogRhythm).Strong understanding of network protocols, IDS/IPS, and endpoint security.Familiarity with vulnerability management tools (e.g., Qualys, Nessus) and ticketing workflows.Knowledge of encryption, DLP, and secure file transfer solutions used in legal environments.Understanding of cloud security concepts (Microsoft 365, Azure, or AWS).Familiarity with scripting/automation tools and techniques.Knowledge of EDR/XDR solutions and providers.This is a full-time hybrid role, sitting 2 days in office each week in any of the firm's following offices: Baltimore, Boston, Chicago, Ft. Lauderdale, Harrisburg, Miami, Minneapolis, Newark, New York City, Philadelphia, Princeton, Wayne, PA, West Palm Beach, Wilmington, DE or Washington, D.C.We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.Less

The Cybersecurity Analyst will be responsible for safeguarding the organization?s information systems, infrastructure, and data through proactive monitoring, analysis, and in supporting the... More implementation of advanced security solutions. This position plays a vital role in maintaining a secure technology environment by leveraging tools such as Cisco XDR, Cisco Firepower, Cisco Endpoint, Cisco ASA, Fortinet Gateways, and Duo MFA.The ideal candidate will possess 3?5 years of hands-on experience in network and server hardening, threat detection and response, and disaster recovery planning and execution. Working closely with IT operations, this role ensures that all systems are resilient, compliant, and protected against evolving cyber threats.Key ResponsibilitiesSecurity Operations & Monitoring? Implement, configure, and manage Cisco XDR, Cisco Endpoint Security, and Fortinet Gateways to ensure proactive threat detection and response.? Monitor network and endpoint activities for security incidents using advanced SIEM and XDR tools.? Investigate, analyze, and respond to security breaches, threats, and vulnerabilities.Network & Infrastructure Security? Manage and maintain Cisco Firepower and Cisco ASA firewalls to ensure secure and efficient traffic management.? Administer Duo Multi-Factor Authentication (MFA) for secure user access and identity protection.? Perform network hardening to reduce the attack surface, following best practices and compliance standards.Server & System Hardening? Conduct server hardening across Windows and Linux systems, ensuring compliance with internal and regulatory standards.? Review and implement secure configurations, patch management, and vulnerability remediation.Disaster Recovery & Continuity? Participate in DR drills and testing to validate readiness and response effectiveness.Policy, Documentation & Compliance? Maintain up-to-date documentation of network security configurations, standards, and incident response procedures.? Support compliance initiatives (e.g., NIST, ISO 27001, or CIS Controls) through audits and reporting.We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.Less

Insight Global is looking for Cybersecurity Compliance Analyst to work on site in Austin, TX and support the strategy and introduction of products based on unique and highly differentiated... More capabilities of a preeminent foundry for semiconductor systems and defense electronics companies. Their mission is to advance the state-of-the-art in critical semiconductor domains such as advanced packaging, and in the process to help restore U.S. leadership in semiconductor manufacturing. They are developing cutting-edge semiconductor manufacturing technology that will define future roadmaps of semiconductor devices including logic, memory, 3D packaged devices, including thermal management, etc. This position will accommodate the growing and evolving needs of the organization by supporting the Information Cybersecurity Compliance Director, and the implementation of a Controlled Unclassified (CUI) information systems.Responsibilities: Responsible for ensuring information systems follow government and their internal regulations while meeting program demands and operating in an accredited state.Assist in daily IT governance, risk management, and compliance function.Providing oversight of compliance assurance, for the daily administration of information security measures in compliance with the NIST SP 800-171, CMMC level 2, and other relevant system security requirements to include those under the Risk Management Framework (RMF).Responsible for assisting in ensuring that controlled unclassified information systems meet the Risk Management Framework goals required by TIE and our government clientsResponsible for drafting detailed reports of compliance and self-inspections outcomes, for upper management review.Other related functions as assigned.We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.Less

Insight Global is seeking a Senior Security Integration Engineer (Elastic Stack) to support the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES)... More contract. The right candidate will possess advanced expertise in logging architecture, SIEM design, data normalization, and systems integration. Job Responsibilities:? Onboarding, integrating, and optimizing security data sources into the Elastic Security Platform. ? Collaborate with customer technical teams to map their environment, plan ingestion strategies, update network and data flow diagrams, validate logging pipelines, and ensure successful end-to-end SIEM integration. ? Conduct assessments of customer environments and identify required logging, telemetry, and network visibility gaps. ? Translate customer operational requirements into ingestion roadmaps and technical implementation plans. ? Develop, maintain, and version-control network diagrams, data flow diagrams, and SIEM onboarding documentation. ? Produce runbooks, integration guides, and operational reference materials. ? Monitor ingestion health and coordinate issue resolution with customers and internal teams. ? Ensure adherence to security policies, logging standards, and architectural governance. ? Provide technical guidance and mentorship to junior engineers working on data ingestion and SIEM onboarding tasks. ? Contribute to onboarding playbooks, best practices, and internal training sessions. ? Serve as a subject-matter expert on Elastic SIEM capabilities and logging integration patterns. This is a contract to hire position, onsite full-time in Colorado Springs, CO or Huntsville, AL the salary range for this role is between $62 - 72/hr depending on years and level of experience, education, and certifications. This role requires an Active Secret Clearance. Typical benefits offered include flexible work schedules, educational reimbursement, retirement benefits (401K match), employee stock purchase plan, health benefits, tax saving options, disability benefits, life and accident insurance, voluntary benefits, paid time off and paid holidays, and parental leave.We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.Less