Security Analyst III - Remote/Hybrid Location: Bar Harbor, Maine Farmington, Connecticut Remote Job Description: This position is an experienced cybersecurity professional responsible for advanced threat detection, response, and mitigation. This role bridges the gap between operational analysis and engineering and leads strategic initiatives in threat hunting and detection engineering. Key Responsibilities: - Lead threat hunting operations to proactively identify threats within the environment. - Design and develop advanced detection logic in SIEM, SOAR, and other security platforms. - Coordinate multi-disciplinary incident response activities and lead technical investigations. - Drive continuous improvement of observability pipelines by identifying gaps and implementing enhancements. - Create comprehensive root cause analysis (RCA) reports with actionable recommendations. - Collaborate with engineering and architecture teams to close visibility and telemetry gaps. - Participate in red/blue team exercises and tabletop simulations. - Serve as an escalation point for complex security incidents. - Participate in an on-call rotation to support after-hours incidents and ensure continuity of operations. Knowledge, Skills, and Abilities: - Advanced scripting and automation skills (Python, PowerShell). - In-depth understanding of detection engineering, forensic methodologies, and threat modeling. - Proficiency in using threat intelligence platforms and frameworks such as MITRE ATT&CK and Diamond Model. - Advanced certifications such as GIAC Certified Intrusion Analyst (GCIA), GIAC Reverse Engineering Malware (GREM), or Certified Information Security Manager (CISM). Education: Bachelor's Degree required/ Master's Degree preferred Experience: 5 years required/ 8 years preferred Pay Range: $85,987 - $143,962 #CA-EH8 About JAX: The Jackson Laboratory is an independent, nonprofit biomedical research institution with a National Cancer Institute-designated Cancer Center and nearly 3,000 employees in locations across the United States (Maine, Connecticut, California), Japan and China. Its mission is to discover precise genomic solutions for disease and empower the global biomedical community in the shared quest to improve human health. Founded in 1929, JAX applies over nine decades of expertise in genetics to increase understanding of human disease, advancing treatments and cures for cancer, neurological and immune disorders, diabetes, aging and heart disease. It models and interprets genomic complexity, integrates basic research with clinical application, educates current and future scientists, and provides critical data, tools and services to the global biomedical community. For more information, please visit www.jax.org. EEO Statement: The Jackson Laboratory provides equal employment opportunities to all employees and applicants for employment in all job classifications without regard to race, color, religion, age, mental disability, physical disability, medical condition, gender, sexual orientation, genetic information, ancestry, marital status, national origin, veteran status, and other classifications protected by applicable state and local non-discrimination laws.

• Monitor security alerts and notifications from various security tools (SIEM, IDS/IPS, firewalls, etc.), maintaining constant vigilance. Support a 24x7 roster. • Analyze security incidents to identify potential threats and vulnerabilities. • Assist in investigating security breaches and recommend corrective actions. • Participate in incident response activities, including containment and recovery efforts. • Document incidents and response actions for future reference and reporting. • Assist in conducting risk assessments to identify security risks and vulnerabilities. • Support the evaluation of security controls and recommend improvements. • Aid in the development and implementation of security policies and procedures. • Maintain accurate documentation of security incidents, investigations, and policies. • Generate reports for management on security incidents and compliance metrics. • Assist in promoting security awareness throughout the organization. • Participate in training sessions to enhance personal and team knowledge of security best practices.

• Assist in the development, implementation, maintenance, and documentation of information security policies, standards, procedures, controls, and baseline configurations aligned with industry best practices such as NIST and CIS. • Support security functions intended to protect the organization’s systems, applications, infrastructure, data, and operations. • Assist in securing modern infrastructure, including cloud platforms and containerized environments. • Learn and contribute to container security practices, including image scanning, runtime protections, and workload hardening. • Identify, analyze, document, and help address security risks, vulnerabilities, issues, findings, and control gaps across systems, applications, and infrastructure. • Collaborate with internal teams, senior analysts, and engineers to support remediation efforts, compensating controls, and the adoption of secure practices. • Assist with monitoring, testing, and maintaining security controls, related processes, and corporate systems in alignment with established policies and controls. • Support compliance, audit, and regulatory activities, including internal and external audit readiness, through documentation, evidence gathering, and control validation. • Contribute to security automation efforts, including scripting and tooling, primarily in Python, and support identity and access management processes such as SSO, IAM, and role based access controls. • Stay current on information security practices, technologies, certifications, and emerging threats, and perform other related duties as assigned.

• The IT Security Analyst is responsible for leading enterprise risk management, compliance, and security governance initiatives across Telecare’s technology environment. • This role ensures alignment with industry frameworks including NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls, while driving continuous improvement of the organization’s security posture. • The IT Security Analyst partners closely with Security Engineering, IT, and business stakeholders to assess risk, guide remediation, and ensure security controls are effectively implemented across systems, applications, and third-party environments. • This role also plays a key part in identity governance, including assisting with the design and implementation of role-based access control (RBAC) within enterprise platforms such as Workday, ensuring least privilege and regulatory compliance. • The position serves as a bridge between technical security operations and business risk management, providing actionable insights to leadership and supporting audit, compliance, and regulatory requirements.