Security Analyst

Our client is seeking a Security Information Analyst for a 1-year contract to support the design, development, and implementation of security awareness initiatives and risk management activities. The role will focus heavily on executing Threat Risk and Vulnerability Assessments (TRVA) and ensuring ongoing PCI-DSS compliance. This individual will play a key role in monitoring, analyzing, and strengthening the organization’s overall security posture.

Key Responsibilities

Threat Monitoring & Incident Response

• Monitor security alerts, logs, and network activity to identify risks and respond to incidents.
• Investigate and remediate security events with a focus on protecting cardholder data.

PCI-DSS Compliance & Risk Management

• Ensure adherence to PCI-DSS requirements and controls.
• Conduct risk assessments, audits, and vulnerability scans.
• Collaborate with QSAs during compliance assessments and implement recommendations.

Security Policies & Awareness

• Develop and enforce security policies, procedures, and best practices.
• Train staff on PCI-DSS requirements and promote security awareness.

Tool & Systems Management

• Administer and optimize security tools (e.g., firewalls, endpoint protection, vulnerability scanners, SIEM solutions).
• Support operational and project teams in embedding security into processes and systems.

Documentation & Reporting

• Maintain compliance documentation, incident records, and investigation reports.
• Provide detailed reporting to management and stakeholders

Forensics & Investigations

• Perform forensic data collection and analysis, ensuring full chain of custody.
• Use forensic and data mining tools to recover and analyze information for investigations.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field.
• Certifications such as CISSP, CEH, CompTIA Security+, or PCI Professional (asset).
• 5+ years of experience in Information Security, with hands-on administration of:
• Palo Alto, CrowdStrike, Cisco ASA, Checkpoint, Microsoft Defender, Microsoft Purview, Symantec, Qualys, Tenable.
• Strong knowledge of PCI-DSS, ITIL, COBIT, ISO/IEC 27000 & 31000 series, SOC 2.
• Experience with TRVA methodologies (e.g., Harmonized Threat and Risk Assessment).
• Proficiency in SIEM platforms (LogRhythm, Splunk).
• Experience with IT audits and forensic analysis.
• Solid understanding of networks, operating systems, and security protocols.
• Strong analytical and problem-solving skills with attention to detail.
• High level of integrity, confidentiality, and ability to work collaboratively across teams.