Security Analyst

Security Analyst (OOJ - 44857) 85000-115000 / US Dollars / Annual Salary NPAworldwide Recruitment Network update Last updated: Apr/21/2026 Job Description You'll be responsible for executing a structured monthly security program, managing a robust security toolset, maintaining NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) compliance, and serving as the organization's go-to resource for all things information security. If you're a hands-on security professional with audit experience, solid framework knowledge, and a methodical approach to risk and remediation, this role offers real ownership in a stable, respected organization. What You'll Do Execute a defined monthly security program including monitoring, alerting, vulnerability management, and follow-up on findings Monitor networks and endpoints via SIEM and EDR tools; investigate anomalies and triage security events Manage vendor vulnerability disclosures — assess severity, develop remediation plans, and track resolution Coordinate with internal stakeholders and external partners on annual

NYDFS 500

audits and ongoing compliance activities Conduct and oversee security assessments including penetration testing, phishing simulations (KnowBe4), vishing, and social engineering exercises; manage follow-up training for users who fail tests Work with an external security partner (monthly rotating engagements — external pen tests, internal attack simulations, and more) to maintain a layered security posture Develop, maintain, and enforce security policies and procedures; cross-train IT staff to build organizational resilience Prepare clear, standardized reports detailing threats, vulnerabilities, risks, and recommended mitigation steps Respond to ad-hoc internal security support requests Assist with company-wide system upgrades as needed Security Tools & Technologies You'll work within a well-established, multi-layered security stack, including:

Vulnerability Management:

Tenable

Penetration Testing:

Kali Linux, Acunetix / Invicti

Endpoint Detection & Response:

Carbon Black Detect and Protect

Security Awareness & Phishing Simulation:

KnowBe4 (managed internally)

External Security Partner:

Hack at Cyber (monthly rotating engagements)

SIEM:

Security Information and Event Management platform

Endpoint & Device Management:

Microsoft Intune compliance policies

Firewall:

Rule and policy management

OS Hardening:

Operating system hardening tools and best practices

Anti-malware:

Endpoint protection solutions

Qualifications:

Qualifications 5+ years of hands-on information security experience; equivalent experience considered in lieu of a degree Demonstrated experience with security audits, remediation tracking, and incident response — candidates who have never been through a full audit cycle will not be considered Working knowledge of security frameworks including CIS Controls, NIST, ISO 27001, or similar — ability to apply framework knowledge to real-world decisions (e.g., evaluating proposed changes against

NYDFS 500

requirements) Hands-on experience with vulnerability management, SIEM monitoring, EDR tools, and penetration testing methodologies Familiarity with NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) is a strong plus; broader regulated industry compliance experience acceptable Strong documentation skills; ability to write clear policies, procedures, and executive-ready reports Comfortable communicating security risk to both technical teams and non-technical leadership Strong organizational skills with the ability to manage a structured monthly program and respond to unplanned events Why is This a

Great Opportunity :

About the Role Our client, an established and highly regarded industry leader in Western New York, is seeking an experienced Information Security Analyst to serve as the primary security professional within their IT organization. This is a newly created role — the result of a long-tenured security leader stepping into an executive position — meaning the program is mature, the tools are in place, and this person walks into a well-documented, well-resourced environment rather than starting from scratch.

Outstanding Benefits! Employees may be eligible for a hybrid telecommuting schedule upon successful completion of onboarding period. Pension Plan ! Vert Generous Profit Sharing - annual payout 401K with match 4 weeks PTO to start 5 days Sick time 10 Holidays Newly renovated work space including sit/stand desks

Pay Type:

Annual Salary

Pay Rate:

85000-115000

Currency Type:

US Dollars Visa sponsorship provided: No

Location:

Buffalo, NY, New York, USA

Remote Status:

Partially Remote

Pay Type:

Annual Salary

Salary:

85000-115000 / US Dollars

Occupational Categories:

Information Technology/ Computing/ Cyber/ Software Industry(ies): Insurance