Information Security Analyst II

The Information Security Analyst II is responsible for conducting vulnerability assessments, risk assessments, and proactively monitoring networks for security events and incidents. This role involves performing penetration testing, analyzing threat intelligence, and supporting security operations. Additionally, the position includes communicating security risks and recommendations to stakeholders to ensure a secure environment.

Essential Duties and Responsibilities

• Track emerging threats and proactively identify vulnerabilities in networks and systems.
• Perform vulnerability assessments and penetration testing of IT infrastructure and web applications, leveraging tools like Burp Suite, Nessus, Nmap, and Metasploit.
• Monitor and respond to security incidents using SIEM, IDS/IPS, and EDR solutions.
• Administer and configure security systems, including firewalls, endpoint protection, and access controls.
• Conduct digital forensics and root cause analysis to investigate security incidents and recommend remediation strategies.
• Consult on security architecture and configuration, ensuring compliance with best practices.
• Develop and maintain security policies, standards, and procedures in alignment with industry frameworks such as NIST, HIPAA, PCI-DSS, HITRUST, and FISMA.
• Audit security policies and procedures to ensure they are being followed across the organization.
• Communicate security risks and mitigation strategies to both technical and non-technical stakeholders.
• Stay up to date with security technologies, cloud security advancements, and continuous development/continuous integration (CI/CD) practices.
• Participate in security projects and collaborate with IT, network operations, and other departments to enhance security posture.

Position Details, Work Environment & Physical Requirements

• Standard office hours for this role are Monday – Friday, 8:00am – 5:00pm local time zone.
• Occasional on-call responsibilities for security incident response.
• This is a full-time, salary exempt position.
• This is remote but may require periodic visits to the corporate office in York, Pennsylvania.
• Travel for this role is minimal.
• Ability to sit for extended periods and use a computer and keyboard for long durations. Frequent typing and use of a mouse, with fine motor skills required for accurate data entry and navigation. Must be able to maintain good posture and adjust seating and workstation to minimize physical strain.

Education, Qualifications & Experience

• Bachelor’s degree in computer science, cybersecurity, or a related field, or equivalent experience.
• Minimum 5 years of IT experience, with at least 2 years in network security.
• Hands-on experience with penetration testing, ethical hacking, and vulnerability management.
• Strong knowledge of SIEM, IDS/IPS, firewalls, antivirus, and endpoint security solutions.
• Experience in incident response, digital forensics, and root cause analysis.
• Familiarity with security frameworks and regulatory compliance standards (e.g., NIST, HIPAA, PCI-DSS, HITRUST, FISMA).
• Proficiency in scripting and automation using Python, PowerShell, or Bash.
• OSCP, CCNA Security, CEH, CCSP, SSCP, EC-ECIH, CISSP Certifications are a plus.

• Strong problem-solving skills with an analytical mindset.
• Ability to prioritize and manage multiple security tasks and incidents.
• Excellent written and verbal communication skills, including documentation and reporting.
• High level of integrity and trust, with the ability to handle sensitive security matters confidentially.
• Adaptability to a fast-paced security environment and willingness to continuously learn new threats and technologies

Why Join BIG?

• Work with a highly skilled security team dedicated to protecting organizations from cyber threats.
• Opportunity to perform real-world penetration testing, security assessments, and investigations.
• Support for certifications and continuing education in cybersecurity.
• A collaborative and engaging work environment where your expertise makes a direct impact

Equal Opportunity Employer

 It is the policy of Business Information Group, Inc. to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. All employees are subject to a pre-employment screening process including a background check and drug screen. In addition, we will provide reasonable accommodations for qualified individuals with disabilities. If you require reasonable accommodation in completing the application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to the Human Resources department.