Information Security Analyst/Compliance Lead
Location
United States
Posted
1 day ago
Salary
0
Seniority
Lead
Job Description
Information Security Analyst/Compliance Lead
Nexus Technologies LLC
Role Description A fast-growing healthcare services company is undergoing its first SOC 2 audit and building its information security program from the ground up. The organization operates in a HIPAA-compliant, high-trust environment and is now taking on enterprise clients who require formal compliance credentials. We are placing one Security Analyst / Compliance Lead as a dedicated, embedded resource. This person will function as an extension of the internal team — owning day-to-day security operations and SOC 2 evidence collection. This is a hybrid role, not a senior architect or vCISO seat, and it does not involve facing the auditor directly. What You Will Do - Upload and manage security policies within a leading compliance automation platform - Gather, organize, and upload evidence for SOC 2 controls across the defined audit scope - Map evidence to applicable Trust Service Criteria; identify and flag gaps - Support remediation efforts and compensating controls as audit findings surface - Monitor and triage EDR alerts; perform initial investigations on security incidents - Execute incident response procedures in accordance with the client's IR plan - Handle ad hoc security and compliance tasks as directed by client leadership - Support the team in establishing repeatable security processes as the program matures Qualifications - Hands-on experience with SOC 2 compliance — familiarity with Trust Service Criteria, evidence collection, and control mapping - Proficiency with Vanta or a comparable GRC / compliance automation platform - Working knowledge of CrowdStrike or comparable EDR platforms for alert triage and basic incident response - Understanding of HIPAA compliance requirements and high-trust environments - Ability to translate technical security controls into audit-ready documentation - Strong organizational skills — able to independently manage a large volume of evidence across multiple control areas - Available to start mid-July 2026 and commit through December 31, 2026 - U.S.-based, available to work fully remote Preferred Qualifications - Prior experience in a healthcare or health services organization - Familiarity with third-party audit firms and evidence submission processes - Exposure to additional frameworks such as ISO 27001, NIST RMF, GDPR, or PCI DSS - Experience with Azure environments or cloud-hosted infrastructure - Background in GRC (Governance, Risk, and Compliance) in addition to hands-on security operations What This Role Is Not - Not a senior security architect or vCISO seat — this is a mid-level, hybrid role - Not the primary interface with the auditor — client leadership owns that relationship - Not initially scoped for vulnerability management or third-party risk — those may be added as the engagement grows
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Analista de Governança – Segurança da Informação SR
SGA TI em NuvemO poder da nuvem é ilimitado. See ahead. Go ahead.
• Conduzir avaliações (*assessments*) de maturidade em cibersegurança e mapeamento de lacunas (*gaps*) utilizando os principais frameworks de mercado. • Traduzir métricas e riscos puramente técnicos para uma linguagem corporativa e executiva acessível, apoiando diretamente a tomada de decisão da alta liderança. • Avaliar a conformidade e a eficácia prática de controles técnicos de segurança em ambientes *Cloud* e *On-premise*, atuando de forma profunda e baseada em evidências (fugindo de questionários superficiais). • Apoiar o ciclo completo de gestão de riscos, elaborando recomendações robustas de tratamento e estruturando fluxos formais de aprovação (incluindo a formalização de aceites de risco com condições e comentários técnicos). • Elaborar, revisar e atualizar políticas, normas e procedimentos de segurança da informação, garantindo que sejam de fato aplicáveis e conectados à realidade das áreas de negócio. • Desenvolver, monitorar e reportar indicadores de desempenho (KPIs) e de risco (KRIs) que demonstrem a evolução real e madura da segurança na companhia. • Apoiar no desenvolvimento de materiais, conteúdos pedagógicos e condução de treinamentos internos para a conscientização de colaboradores nos temas de Segurança da Informação.
Cybersecurity Analyst
CyberMaxxCyberMaxx prevents, detects, and responds to cyberattacks so organizations can have peace of mind.
• Formalize and deliver security product tuning requests to improve detection capabilities and overall efficiency • Develop and maintain incident response use incidents, knowledge base articles, and other relevant documentation • Coordinate basic forensics activities as needed • Conduct after action reviews on high impact and otherwise noteworthy incidents to identify process and human capital improvements • Aid in onboarding and mentoring new team members • Drive and Implement continuous improvement, open communication, and sharing of knowledge • Assist with creation, review, and upkeep of internal documentation • Facilitate reasonable out-of-hours communications such as company email and occasional SOC operations related phone calls to resolve escalated issues • Actively influence team collaboration, cross-training, and documentation • Act as a primary subject matter expert for one or more security products • Act as initial escalation point for complicated or sensitive work • Identify and resolve opportunities to automate repetitive tasks • Proactively propose improvements for how to reduce risk and potential future incidents • Maintain high-level of expertise with products in use and the ability to quickly familiarize with related technologies
SOC Investigation Analyst
24-MAGThis opportunity is available through a leading AI-driven work platform.
Role Description We are sharing a specialised part-time consulting opportunity for experienced SOC investigation professionals with strong backgrounds in alert triage, incident investigation, Splunk-based log analysis, evidence correlation, timeline reconstruction, and security investigation quality review. This role supports current and upcoming remote consulting opportunities focused on SOC investigation evaluation, alert validation, security evidence review, investigation workflow assessment, and high-quality technical documentation. Selected professionals may apply hands-on experience across SIEM, endpoint, cloud, and identity environments to review, validate, and construct accurate security investigations based on real-world scenarios. Key Responsibilities - SOC Alert Review & Investigation Evaluation - Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria. - Distinguish true positives from false positives by validating alert context, investigative evidence, and supporting signals. - Assess whether security investigation conclusions are correct, incomplete, unsupported, or inaccurate. - Apply consistent investigative judgment while recognizing that more than one valid investigation path may exist for the same alert. - Splunk-Based Investigation & Log Analysis - Use Splunk to pivot across logs, entities, timelines, alerts, and investigation artifacts. - Read, understand, and reason about SPL queries in the context of security investigations. - Perform log analysis, entity pivoting, timeline reconstruction, and evidence correlation when required. - Identify relevant signals across SIEM data and explain how evidence supports an investigation conclusion. - Security Evidence & Ground-Truth Review - Evaluate the correctness, completeness, and quality of SOC investigations produced through structured workflows. - Make clear quality determinations while also producing detailed ground-truth investigations when required. - Review investigation steps, assumptions, supporting evidence, and final conclusions for accuracy and consistency. - Help ensure investigation outputs reflect practical SOC judgment and evidence-based security reasoning. - Documentation & Quality Standards - Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions. - Provide structured feedback on investigation quality, alert handling, and technical reasoning. - Collaborate with project leads and other security specialists to uphold high-quality investigation standards. - Support or mentor other analysts where applicable, particularly in long-term or lead reviewer roles. Qualifications - 3+ years of hands-on experience as a SOC analyst in a production SOC environment. - Tier 2 or higher SOC analyst experience is strongly preferred. - Strong understanding of alert triage, incident investigation workflows, security evidence, and time-sensitive decision-making. - Mandatory hands-on experience with Splunk, including conducting investigations, reading SPL queries, and pivoting between logs, entities, and timelines. - Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect. - Strong investigative judgment and comfort making clear, evidence-based evaluations. - Fluent English communication skills, with strong written documentation ability. - Ability to work independently in a remote, project-based environment. Educational Background - A degree in Cybersecurity, Computer Science, Information Security, Information Systems, Digital Forensics, or a related technical field is helpful. - Equivalent professional experience in SOC analysis, incident response, threat detection, or security investigation work is also highly relevant. Nice to Have - Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or comparable platforms. - Experience analyzing cloud security logs and signals, including AWS CloudTrail, GuardDuty, Azure Activity Log, Microsoft Defender for Cloud, or GCP Cloud Audit Logs. - Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID. - Experience with email security tools such as Proofpoint, Mimecast, or similar platforms. - SOC leadership, mentoring, or lead analyst experience. - Basic scripting experience with Python or comparable languages. - Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications. Why This Opportunity - Flexible, remote consulting work aligned with your SOC investigation and security analysis expertise. - Opportunity to contribute to high-impact security investigation evaluation and ground-truth case review. - Suitable for experienced SOC professionals who enjoy evidence-based investigation, structured review, and technical decision-making. - Project-based work that can align with part-time availability and remote schedules. Contract Details - Independent contractor engagement. - Fully remote and flexible scheduling. - Part-time, project-based availability. - Expected commitment may vary by project, with many opportunities ranging from approximately 15–30 hours per week. - Competitive hourly compensation in the range of $50–$70/hour, depending on project scope, experience, and fit. - Payments are made weekly via Stripe or Wise based on services rendered. - Projects may be extended, shortened, adjusted, or concluded based on project needs and performance. - Eligible locations include Albania, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, India, Ireland, Italy, Kosovo, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Monaco, Netherlands, North Macedonia, Norway, Poland, Portugal, Romania, San Marino, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom. - Candidates requiring H1-B or STEM OPT sponsorship support are not eligible at this time. - Work must not involve sharing confidential or proprietary information from any employer, client, or institution. About the Platform This opportunity is available through 24-MAG LLC. We connect experienced professionals with remote consulting opportunities across technical, evaluation, and project-based workstreams. By submitting this application, you acknowledge that your information may be processed by 24-MAG LLC for recruitment and opportunity matching in accordance with our Privacy Policy: https://www.24-mag.com/privacy-policy .
Information Security Analyst I
SNHU CareersAt SNHU, we do life-changing work — and not just for our students. Find out how your life can change, too.
• Respond and perform analysis on security alerts and incidents. • Support technical investigations of complex or high-severity security threats or incidents. • Coordinate information security incident response with SNHU's Information Security Incident Response Plan. • Support the incident response lifecycle and have the analytical mindset needed when it comes to escalated investigations and investigations into novel security incidents. • Participate in incident containment and eradication activities like endpoint isolation, malware remediation, forensic analysis, malware analysis, community member interviews, and network traffic analysis. • Work cross-functionally across ITS and all SNHU teams to provide support, guidance, and technical implementations where appropriate, to include triage, containment, and remediation when applicable. • Analyze digital evidence to identify indicators of compromise, adversary activity, root cause, incident timelines, and attack vector(s). • Conduct real-time monitoring of security events from multiple sources and use analytical and critical thinking skills to identify, triage, analyze, investigate, and escalate information security events and alerts. • Help perform investigations in complex or high-severity security threats or incidents. • Communicate with partners, in a non-technical manner, at all organizational levels as part of incident response and remediation activities. • Review and help implement standard operational processes for handling common incident types. • Demonstrate a deep source of ethics, integrity, and confidentiality. • Can remain calm and function at the highest level during a crisis.


