Senior Information Security Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Alacrinet · 17 hours ago

Senior Information Security Analyst

positionUnited States
timeContract
remoteRemote
senioritySenior Level
date7+ years exp

Alacrinet is seeking a Senior Information Security Analyst to support their Governance, Risk, and Compliance (GRC) program. This role involves leading security operations, investigating security alerts, and developing security policies while collaborating with various teams to protect technology and data across corporate and restaurant systems.

ConsultingInformation TechnologySecurity

Responsibilities

Monitor, triage, investigate, and respond to security alerts, events, and vulnerabilities across corporate IT, cloud platforms, restaurant systems, POS environments, and payment systems, ensuring timely containment, remediation, and documentation
Support in maintaining, and optimizing security tooling including EDR, SIEM, IAM, SOC portals, and threat intelligence platforms; tune detection rules and response playbooks to improve signal quality and reduce false positives
Act as the primary operational security contact for MDR/SOC partners, coordinating alert validation, incident response activities, and remediation follow-up
Lead vulnerability management efforts across systems, partnering with Infrastructure, Restaurant Technology, and Application teams to prioritize and remediate findings within defined SLAs, with a focus on PCI-related risks
Review and analyze reports from internal security tools and external partners to identify trends, systemic risks, and required corrective actions
Support security operations for point-of-sale (POS) systems, payment processing environments, and cardholder data, ensuring alignment with PCI-DSS Level 1 requirements
Develop and maintain security dashboards, metrics, and reports covering incidents, vulnerabilities, SLA performance, and risk trends for IT leadership
Support compliance and assurance activities related to PCI-DSS, SOX/ITGC, and NIST CSF by aligning operational security processes, controls, and documentation
Develop, document, and maintain security procedures, standards, and technical controls for on-premises, cloud, and restaurant technology environments
Maintain security risk artifacts including the risk register, risk acceptances and exceptions, third-party vendor risk profiles, onboarding records, and security asset inventories
Partner with IT and business stakeholders to embed security best practices into projects, system changes, and restaurant operations
Participate in incident response activities including escalation, coordination, root cause analysis, tabletop exercises, and after-hours on-call support as required

Qualification

Information SecurityVulnerability ManagementPCI-DSS ComplianceNIST CSFMicrosoft Security TechnologiesSecurity FrameworksIncident ResponseRisk ManagementAnalytical SkillsCommunication SkillsOrganizational SkillsProblem-Solving SkillsAdaptability

Required

7–10 years of progressive experience in Information Security, spanning cybersecurity operations, security assurance and risk management
Demonstrated experience operating vulnerability management programs, including scanning, risk assessment, remediation tracking, and reporting using tools such as Tenable or equivalent platforms
Proven experience working directly with SOC and MDR providers, including alert triage, incident escalation, response coordination, and validation of detection and remediation actions
Working knowledge of penetration testing methodologies, findings interpretation, and remediation processes
Experience supporting PCI-DSS (preferably Level 1) and SOX/ITGC compliance requirements in regulated environments
Solid understanding of security frameworks and control models, including NIST CSF, CIS Controls, and Zero Trust principles
Strong understanding of endpoint, application, database, and cloud security best practices across on-premises and cloud platforms
Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent professional experience

Preferred

Preferably hands-on experience with Microsoft security technologies, including Defender for Endpoint, Defender for Office, Cloud App Security, and Entra ID (Azure Active Directory), in enterprise and hybrid environments
Exposure to DevSecOps practices and secure SDLC processes is a plus
Industry certifications preferred, including Security+, CISSP, CISA, CRISC or equivalent
Experience in hospitality or retail environments

Company

Alacrinet

twittertwittertwitter
company-logo
Alacrinet is an IT consulting firm provides security solutions.
dateFounded in 2002
location
Palo Alto, California, USA
people-size11-50 employees
web-link
https://www.alacrinet.com/

Funding

Current Stage
Early Stage
Company data provided by crunchbase