Junior Security Analyst

Overview The Junior Security Analyst is responsible for assessing, monitoring, and improving the organization’s security posture, with a primary focus on incident detection, vulnerability management, response, and resolution across Quarterhill’s Roadside, Back Office, Safety divisions. This role involves conducting vulnerability assessments, correlating security events, and guiding the organization’s incident response efforts to prevent security breaches. In addition, this position will collaborate with cross-functional teams to enhance security awareness and integrate best practices across the enterprise. As a key contributor to the cybersecurity team, the Security Analyst works to ensure the organization is prepared for, and resilient against, evolving cyber threats. Responsibilities Incident Detection and Response Perform security event correlation using information from multiple sources to detect threats. Conduct cyber incident triage to assess scope, urgency, and impact. Respond, elevate, and resolve by enforcing security protocols and implementing solutions. Track cyber actions from initial detection through final resolution. Collaborate with internal IT teams and relevant stakeholders to develop and refine runbooks and escalation procedures. Vulnerability Management Maintain and update an inventory of all in-scope systems and software, ensuring it remains accurate and up to date. Reconcile data from multiple sources (e.g., CMDBs, network scans, asset management systems) to ensure inventory completeness. Ensure all in-scope systems and software are routinely scanned by the appropriate vulnerability management tools. Analyze and prioritize vulnerability scan results; open tickets, provide technical remediation guidance, and track resolution efforts to closure. Analysis and Reporting Conduct trend analysis and provide regular security performance reports. Operate with an awareness of applicable governance, risk, and compliance (GRC) regulations and policies. Utilize SIEM and other monitoring tools (e.g., Splunk, QRadar, Sentinel) to gather data for dashboards and executive summaries. Policy Development and Training Assist with the development and refining security protocols, policies, and incident response plans. Assist in the development of employee training programs to enhance organizational cybersecurity awareness. Post-Incident Analysis Assess and analyze damage to data and infrastructure. Provide post-incident reports to management, including root cause analysis and recommendations for prevention. Qualifications Education and Experience Bachelor’s degree in a computer-related field, cybersecurity, or equivalent experience (including military experience, such as communications or cyber-MOS). Minimum of 1+ year in a cybersecurity role. Experience with Windows and Linux operating systems and database security. Certifications (Required) Security+ (CompTIA) Preferred Certifications (Optional) CYSA+ (CompTIA Cybersecurity Analyst). Additional relevant certifications (e.g., CEH, GSEC, GCIA) are a plus. Skills and Knowledge Working knowledge of current commercial off-the-shelf (COTS) cybersecurity technologies and trends to include SIEM, EDR, and vulnerability management. Familiarity with cybersecurity operations center (SOC) environments. Knowledge of security principles, techniques, and incident response frameworks (e.g., NIST, MITRE ATT&CK). Strong analytical skills for identifying and mitigating threats. Ability to operate effectively in high-pressure environments with shifting priorities. Scripting or automation skills (e.g., Python, PowerShell) and experience with SIEM log queries are highly desirable. Preferred Qualifications Hands-On SOC or CSIRT Experience Experience working in a cybersecurity operations center (SOC) or computer security incident response team (CSIRT) environment. Familiarity with EDR, XDR, or threat-hunting tools. Project and Time Management Ability to manage multiple tasks simultaneously, with effective prioritization and communication with senior management. Proven track record of delivering security improvements and initiatives on schedule. Cybersecurity Engineering Familiarity Familiarity with tools and technologies used in cybersecurity engineering. Comfortable working with cloud platforms (AWS, Azure, GCP), container security, and DevSecOps practices. Soft Skills Strong communication skills to articulate technical concepts to both technical and non-technical audiences. Team-oriented mindset, with a willingness to collaborate across departments to drive a culture of security. #J-18808-Ljbffr UNAVAILABLE