IT Security Operations Analyst

For 68 years, HEICO Corporation, a NYSE traded company, has thrived by serving niche segments of the aviation, defense, space and electronics industries by providing innovative and cost-saving products and services. HEICO's high-energy culture focuses our Team Members on providing high quality products and services to our customer base, which is made up of most of the world's airlines, the defense industry, satellite manufacturers and other electronics companies. Our leadership approach creates a dynamic environment that continually challenges our Team Members to grow professionally and develop in an entrepreneurially-spirited setting.

ROLE: The Senior IT Security Analyst applies advanced systems analysis techniques and deep cybersecurity operations expertise to protect sensitive and mission-critical systems across HEICO and its subsidiaries. This role serves as a senior technical escalation point for security monitoring and incident response, leads complex investigations, and drives continuous improvement of detection, response, and security hardening capabilities.

The Senior IT Security Analyst acts as a trusted advisor and liaison to ensure security operations align with HEICO standards while accounting for subsidiary-specific business needs and technical nuances. The role mentors junior analysts, improves operational rigor (playbooks, automation, metrics), and supports compliance-driven security requirements through disciplined execution and documentation.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Security Monitoring & Triage



• Analyze and triage security alerts from managed detection and response (MDR) services and internal monitoring platforms; determine severity, scope, and required actions.
• Serve as an escalation point for high-impact or complex alerts and investigations; provide guidance to junior analysts during active cases.



• Incident Response Leadership
• Lead cybersecurity incident investigations, including evidence preservation, containment, eradication, and recovery validation in accordance with established procedures.
• Coordinate incident communications and technical actions across IT teams, impacted sites, and third-party providers; ensure timely escalation when elevated authorization is required.
• Perform post-incident reviews, document timelines and lessons learned, and implement improvements to reduce recurrence.



• Threat Investigation & Analysis
• Conduct malware and suspicious artifact analysis using investigative tooling (including sandboxing) to determine behavior, impact, and mitigation steps.
• Perform proactive threat hunting to identify stealthy or low-signal adversary activity and improve detection coverage.



• Detection Engineering & Security Tool Optimization
• Evaluate, tune, and optimize EDR/XDR detection logic, response policies, and automated containment actions to improve efficacy and reduce false positives.
• Enhance alert fidelity and investigative effectiveness through rule refinement, contextual enrichment, telemetry validation, and playbook improvements.
• Design and maintain application control and endpoint protection policies to strengthen visibility, restrict unauthorized software execution, and address detection or response gaps.

• Security Automation
• Develop, test, and implement SOAR/security automation workflows to improve response consistency and enable action when staffing is limited.
• Identify repetitive analyst tasks and implement automation to increase operational capacity and reduce mean time to respond (MTTR).



• Incident-Driven Vulnerability Escalation
• Escalate vulnerabilities or control weaknesses identified during incident response or threat hunting, providing technical impact analysis and attack-path context to the vulnerability management function.
• Confirm that remediation actions adequately address the specific incident vector or exploited control gap.



• Control Gap Identification & Advisory
• Provide operational feedback on control effectiveness based on real-world incident activity and detection gaps (including emerging technology guidance such as AI usage controls).
• Recommend improvements to technical safeguards or enforcement mechanisms when investigative findings reveal system weaknesses (e.g., SOX and NIST-aligned requirements).



• Third-Party / MSP Oversight
• Engage third-party IT providers/MSPs to communicate HEICO security requirements and incident handling expectations (including evidence retention).
• Assess MSP execution against requirements, identify gaps, and escalate non-compliance through appropriate channels.



• Business Partnership, Reporting, and Travel
• Act as a liaison between HEICO Corporate security and supported subsidiaries to maintain alignment on security initiatives, upgrades, and operational expectations.
• Provide regular operational reporting (risk trends, incident metrics, remediation status, tooling effectiveness).
• Required quarterly travel to supported out-of-state sites (i.e. quarterly planned visits and additional travel during escalations) to understand environment baselines, strengthen stakeholder relationships, and improve response readiness.



• On-Call Support
• Participate in an on-call rotation and respond independently to security events outside standard business hours.
• Perform other professional cybersecurity duties consistent with the scope and level of the position.

Education :

• Bachelor's degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or a related field; or an equivalent combination of education and professional experience.

Experience :

• Minimum five (5) years of progressively responsible experience in cybersecurity operations, incident response, or closely related IT security roles.
• Prior experience working in or closely supporting a Security Operations Center (SOC) environment, including incident handling under time pressure.
• Demonstrated experience leading incident investigations end-to-end (triage, containment, eradication, recovery validation, post-incident improvement).
• Strong working knowledge of:

• Windows, macOS, and Linux operating system security, hardening practices, and configuration analysis
• TCP/IP networking fundamentals and common enterprise network services/protocols
• Enterprise security tooling such as EDR/XDR, SIEM/log analysis, identity security, and vulnerability management

• Experience developing or implementing automation (SOAR or scripted workflows) to improve operational response.
• Proven ability to document technical findings clearly, communicate effectively with technical and non-technical stakeholders, and drive work to closure across teams.
• Ability to manage multiple priorities and perform effectively during time-sensitive security events.
• Willingness and ability to travel to supported sites as needed.

Desired Qualifications:

• Advanced certifications such as CISSP, GIAC (e.g., GCIH/GCIA/GCED), OffSec (e.g., OSCP/related), CASP+, or comparable expert-level credentials.
• Experience mapping detections/hunts to common threat frameworks (e.g., MITRE ATT&CK) and improving detection coverage.
• Practical understanding of how technical security controls support regulatory/contractual needs (e.g., SOX and NIST SP 800-171), including evidence and audit readiness.
• Experience improving security programs through metrics/KPIs, playbooks/runbooks, tabletop exercises, and continuous improvement cycles.
• Experience engaging third-party providers/MSPs on security requirements, incident handling expectations, and remediation follow-through.
• Familiarity with hybrid and virtualized infrastructure environments and applying security controls across those platforms.

PHYSICAL DEMANDS: Office environment with phone/computer work; low noise level except when on the manufacturing floor where noise may be medium to high. Periodic travel to operating sites may be required.