Sr. Information Security Analyst

Overview

Who we are—

Transcat is a dynamic, innovative, growing company that has been recognized as the leading calibration and compliance services provider in North America and beyond.  With over 1,000 employees—in technical, consulting, operational, sales, finance, and corporate roles—we have stood the test of time by delivering on our Trust in Every Measure promise to our customers in vital industries, including life sciences, aerospace, defense, energy, and utilities.  We fulfill this promise through our employees, who live Our Values every day, the Transcat Way.  Our employees are at the center of the rewarding, challenging, and life-changing work we do for our customers and those they serve.  Are you ready to join a company where the work you do makes a difference, and where you can grow in your career? 

Here’s what Transcat has to offer—

 Work that matters

• A values-based culture where people care about each other and the work they do together
• Flexibility
• Training and development to accelerate learning and career advancement
• Competitive compensation and benefits, including paid time off, health insurance, tuition reimbursement, retirement, stock purchase plan, and MORE!
• Salary range is $115,000 - $140,000

Position Summary

We are seeking a highly motivated, hands-on, technically proficient, and detail-oriented senior security analyst to join our growing security team. The Senior Information Security Analyst is a key member of the Transcat Information Security team, responsible for protecting the organization’s digital assets, infrastructure, information systems, and data. This role is primarily technical, focusing on identifying, analyzing, and responding to security threats, managing security tools, and supporting incident response efforts. However, the ideal candidate will also have working knowledge of governance, risk, and compliance (GRC) principles to support policy development, risk assessments, audits, and regulatory requirements.

This individual will spearhead efforts across the organization, working with senior leaders in business and IT as well as external 3rd parties to enhance the organization’s security posture through proactive monitoring, threat detection, and continual improvement of controls and processes. This position requires a strong technical foundation, a pragmatic understanding of security frameworks (such as NIST, ISO 27001, CIS Controls), and the ability to translate security risk into business-relevant language.

This is a hybrid role based out of our Rochester, NY headquarters, requiring a minimum of 3-days a week in office.

Responsibilities

Essential Duties and Responsibilities

• Implement and manage security tools, such as firewalls, intrusion detection systems, anti-virus software, and authentication systems
• Performs senior-level administration and tuning of security management tools including SIEM, EDR, firewalls, IDS/IPS, secure email gateway, etc.
• Proactively hunt for threats in our environment
• Continuously evaluate the effectiveness of the SOC and make recommendations for continuous improvement
• Investigate escalated incidents from Managed Security Services Provider (Level 1 SOC) and analysts, performing second and third level analysis to assess risk
• Lead technical cyber incident response efforts as an active Cybersecurity Incident Response Plan (CIRP) participant, guiding team members and peers from Identification through Recovery.
• Provide detailed guidance to technical teams for their respective platforms, facilitating system hardening and incident response
• Support the definition and implementation of corporate security policies, procedures, standards and controls; ensuring they are tailored to specific business needs
• Analyze security incidents, responses, and resolutions. Prepare reports for management and stakeholders, providing insights into network security performance
• Conduct regular risk assessments of the network infrastructure and identify potential security weaknesses. Collaborate with others to prioritize and address the identified risks
• Work closely with executive management to determine acceptable levels of risk
• Promote a security-conscious culture within the organization by conducting training programs, workshops, and awareness campaigns to educate employees about network security best practices
• Foster a culture of security awareness and encourage proactive incident reporting
• Manage relationships with third-party security vendors, ensuring that outsourced security services meet the organization's requirements and compliance standards
• Monitor network security compliance with relevant regulations, policies, and frameworks.
• Stay up to date with evolving security threats and industry trends, recommend and implement necessary changes to maintain a strong security posture
• Ensure compliance with industry regulations and standards, such as ISO, PCI, SOX, and GDP
• Evaluate and implement new security technologies
• Oversee the monitoring and analysis of potential security threats and vulnerabilities
• Ensure the security of cloud services, data centers, network infrastructure, and end-user devices
• Conduct and/or coordinate regular security audits, penetration testing, and vulnerability assessments

Qualifications

Required Knowledge, Skills, and Abilities

• Self-starter with the ability to build partnerships and function effectively with limited oversight
• Refusal to accept “I don’t know why” as an answer; always digging deeper and to develop an understanding to solve the problem at hand

• Ability to quickly learn various systems
• Vulnerability scanning and/or penetration testing, including remediation experience
• Experience securing Windows Domain environments, including Windows Defender tools
• Experience with Zscaler Internet Security and Private Access
• Experience securing Amazon Web Services (AWS) environment
• Experience securing MS Office 365 environment
• Detailed understanding and experience with security frameworks, controls, and concepts such as NIST, ISO 27001, CIS Critical Controls, Cyber Kill Chain, MITRE ATT&CK framework, OWASP Top 10, etc.
• Deep understanding of infrastructure such as network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus\antimalware, IDS/IPS, SIEM, SMTP, email security, Active Directory (AD), Group Policy, DNS, DHCP, and VLANs.
• Risk management experience with proven ability to effectively apply risk principles to challenging business situations
• Excellent communication and interpersonal skills to effectively collaborate with technical and non-technical teams, both in-person and remotely; strong presentation skills
• Strong problem-solving and analytical skills to identify, triage and address security risks, especially in complex, distributed environments
• Proven experience in developing and implementing security strategies
• In-depth knowledge of cybersecurity trends, threats, and mitigation strategies
• Proven experience in managing and leading security teams, as well as hands-on involvement in incident response, security assessments, and compliance audits, including GDPR compliance.
• Strong troubleshooting skills for both network and endpoint security issues across Windows and Mac environments

Education and Experience

• 7+ years of experience in a combination of Risk Management, Information Security and IT roles
• Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field or equivalent combination of education and experience required. Post-graduate education or training a plus.
• Security Certifications such as: GIAC, CISSP, CISM, GRISC, or Cisco Security or similar preferred

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is regularly required to stand; walk; use hands to finger, handle, or feel; reach with hands and arms; climb or balance and stoop, kneel, crouch, or crawl. The employee is occasionally required to sit and talk or hear. Specific vision abilities required by this job include close vision, color vision and ability to adjust focus.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  The noise level in the work environment is usually moderate.

Contingencies

All offers of employment are contingent upon successfully completing all pre-employment requirements, which include verification of identity and employment eligibility, and when applicable, a motor vehicle driving record report.

Equal Opportunity and Non-Discrimination

Transcat is an equal-opportunity employer and prohibits discrimination based on any protected status.  As required by United States law, all qualified applicants will receive consideration for employment without regard to age, color, disability, genetic predisposition or carrier status, national origin, race, religion, sex (including pregnancy, sexual orientation, and gender identity), status as a protected veteran, or as a member of any other protected group or activity under federal, state, and local law.

We will make reasonable accommodations for employees with disabilities to enable them to perform the essential functions of their position unless doing so poses an undue hardship to the company or a direct threat to health or safety.