Information Security Analyst – Boston, MA (Hybrid) - $85,000 - $105,000
A leading professional services organization is seeking an Information Security Analyst to join its growing cybersecurity team in Boston.
This is a newly created growth hire driven by increased demand and expansion within the security function. The team is looking to add a technically focused cybersecurity professional who can support vulnerability management, security operations, and incident response activities within a highly collaborative environment.
The organization currently has a small security team with strong GRC and audit coverage in place and is specifically seeking someone with hands-on cybersecurity and technical security operations experience rather than a purely governance or compliance-focused background.
This is an excellent opportunity for someone who wants to continue building technical cybersecurity expertise while gaining exposure to enterprise security operations, detection engineering, vulnerability management, and future growth opportunities into engineering or security architecture roles.
Key Responsibilities:
Vulnerability Management
- Operate, configure, and tune enterprise vulnerability scanning platforms
- Identify, validate, prioritize, and track vulnerabilities across endpoints, servers, cloud environments, and applications
- Differentiate between true positives, false positives, and accepted risks or compensating controls
- Prioritize remediation activities using threat intelligence, CVSS, EPSS, and business impact analysis
- Partner with infrastructure and IT teams to coordinate remediation efforts and track progress
- Support reporting requirements for leadership, audits, compliance frameworks, and client security requests
- Assist with penetration test remediation and validation activities
Security Operations & Incident Response
- Monitor and respond to alerts from SIEM, EDR, email security, and identity management platforms
- Perform Tier 1–2 incident triage and investigation activities
- Support containment, eradication, and remediation efforts during security incidents
- Collect evidence, document findings, and contribute to post-incident reviews
- Participate in a light on-call rotation schedule shared across the team
Security Engineering & Tooling Support
- Assist with tuning and optimization of security monitoring and detection tools
- Support onboarding of new log sources and validation of detection logic
- Help maintain SOAR workflows and automation processes
- Contribute to security hardening initiatives and operational improvements
- Support ongoing enhancement of the organization’s security tooling and monitoring capabilities
Required Experience
- 3+ years of experience within cybersecurity, security operations, vulnerability management, or related technical security roles
- Hands-on experience with cybersecurity tools such as:
- Vulnerability scanners
- SIEM platforms
- Endpoint detection and response (EDR)
- Email security solutions
- Understanding of:
- CVE/CVSS
- EPSS
- Vulnerability remediation processes
- Incident response fundamentals
- Ability to investigate alerts and support incident handling activities
- Strong troubleshooting, analytical, and communication skills
- Ability to work collaboratively in a fast-paced, service-oriented environment
- Strong ownership mentality and ability to independently drive work to completion
Preferred Experience
- Experience with tools such as:
- Nessus
- Rapid7
- Qualys
- Microsoft Defender
- Splunk
- Sentinel
- CrowdStrike
- Proofpoint
- Mimecast
Familiarity with:
- ISO/IEC 27001
- NIST CSF
- HIPAA safeguards
- SOAR automations
- Certifications such as:
- Security+
- CySA+
- GSEC
- Equivalent cybersecurity certifications
- Experience working within legal, financial services, healthcare, or other regulated environments
What Makes This Opportunity Unique
- Newly created growth position within a collaborative and supportive security team
- Strong technical focus with exposure to enterprise cybersecurity operations
- Opportunity to work across vulnerability management, security operations, incident response, and detection engineering
- Open to candidates from both traditional and non-traditional cybersecurity backgrounds
- Clear long-term growth potential into security engineering and architecture roles
- Collaborative environment with strong mentorship and learning opportunities
