[Remote] Sr Information Security Analyst

Note: The job is a remote job and is open to candidates in USA. SageNet is a managed services provider focused on connectivity and digital experiences for enterprises. The Senior Information Security Analyst will execute and mature the information security program, overseeing security operations, governance, risk, and compliance activities while collaborating with various teams to ensure security controls are effective.

Responsibilities

• Oversee SIEM alert tuning, investigation, triage, and escalation in coordination with SOC providers
• Serve as the primary incident response coordinator during security events, including investigation, documentation, and follow-up
• Develop and deliver security awareness and training initiatives
• Maintain operational security metrics and prepare reporting for leadership
• Partner with IT and system owners to manage IAM controls, access reviews, and privileged access governance
• Act as a subject matter expert for secure network architecture, including firewalls, VPNs, SD-WAN, wireless, and authentication systems
• Lead firewall and network security review processes to ensure alignment with internal policies and PCI DSS requirements
• Serve as the primary security stakeholder for internally developed and customer-facing applications
• Define and maintain application security requirements aligned with PCI DSS 4.0, OWASP ASVS, and secure SDLC practices
• Partner with development and engineering teams to integrate security into the software development lifecycle
• Review application designs and architectures for security risks related to authentication, authorization, data handling, and segmentation
• Oversee application vulnerability management activities, including SAST, DAST, and software composition analysis (SCA)
• Coordinate remediation, risk acceptance, and exception tracking for application security findings
• Support and validate application-layer penetration testing and remediation efforts
• Act as a security escalation point for application-related incidents
• Own the end-to-end vulnerability management lifecycle across infrastructure and applications
• Coordinate remediation efforts with Network Engineering, IT Infrastructure, Operations, and Development teams
• Conduct targeted risk assessments and support enterprise risk management activities
• Lead coordination of PCI DSS compliance activities, including evidence collection, control validation, and engagement with external QSAs
• Manage the lifecycle of security policies and procedures, ensuring alignment with regulatory and business requirements
• Support customer, regulatory, and internal audit activities

Skills

• 5+ years of experience in information security, network security, or security governance roles
• Bachelor's degree in information security, Computer Science, MIS, or equivalent professional experience
• At least one security certification is required (e.g., Security+, CySA+, SSCP, GSEC)
• Strong working knowledge of vulnerability management tools, SIEM platforms, and log analysis
• Solid understanding of firewall architectures and access control review methodologies
• Working knowledge of PCI DSS 4.0 and managed service provider shared-responsibility models
• Strong understanding of application security principles, including common web vulnerabilities (OWASP Top 10)
• Experience coordinating remediation efforts across technical and non-technical teams
• Excellent communication, documentation, and analytical skills
• Ability to independently manage multiple priorities in a fast-paced environment
• Advanced security certifications such as CISSP, CISM, ISA/QSA, or equivalent
• Familiarity with SD-WAN, WAF, IDS/IPS, VPN, identity management, and network segmentation
• Experience supporting or reviewing SAST, DAST, and penetration testing activities
• Comfortable serving as a functional lead and escalation point across security domains

Company Overview

Company H1B Sponsorship