Remote Information Security Analyst – Full‑Time Senior Cybersecurity Engineer (Remote) – St. Michael, Minnesota – $110k‑$150k – Cloud‑First Defense & Incident Response

TITLE: Remote Information Security Analyst – Full‑Time Senior Cybersecurity Engineer (Remote) – St. Michael, Minnesota – $110k‑$150k – Cloud‑First Defense & Incident Response --- **Why this role exists right now** Just three months ago our product‑delivery pipeline in St. Michael, Minnesota added a new micro‑service that handles payment tokenization for over 1 million end‑users. Within the first week, our SOC logged a 23 % spike in anomalous traffic, and the senior leadership team asked the security organization to expand its coverage *overnight*. The surge revealed gaps in our cloud‑native detection rules and a shortage of hands‑on engineers who can translate noisy logs into actionable threat hunts. We need a seasoned security analyst who can lift the whole program while we keep scaling. If you’ve ever built hunting queries in Splunk, scripted detections in Azure Sentinel, and led a post‑mortem that cut mean‑time‑to‑resolution (MTTR) from 72 hours to under 24, you’ll feel right at home. **Who we are** We’re a 200‑person software platform that grew 45 % YoY, built on a fully remote model but with a cultural hub in St. Michael, Minnesota. Our engineering squads are distributed across North America and Europe, yet we all check‑in daily on a shared Discord channel. The security team, currently nine full‑time members plus two part‑time contractors, reports directly to the VP of Risk & Compliance. In the past year we’ve reduced the average incident response SLA from 48 hours to 12 hours, achieved a 98 % vulnerability remediation rate within the 30‑day window, and saved $1.3 M in avoided breach costs by automating routine ticket creation. **The team you’ll join** Our InfoSec group is split into three pillars: *Threat Detection & Hunting*, *Vulnerability Management*, and *Security Engineering*. The detection squad (four analysts) runs a 24 × 7 on‑call rotation, handling roughly 450 alerts per week. The engineering wing (three engineers) builds and maintains our security tooling stack, currently spending about $250 k annually on SaaS licenses and cloud services, and the vulnerability team (two analysts) owns the quarterly Nessus scans for more than 4 500 assets. You will sit at the intersection of hunting and engineering, partnering with both sides to turn raw data into hardened controls. **What you’ll do (day‑to‑day)** - **Monitor, triage, and respond** to alerts from Splunk Enterprise Security, Azure Sentinel, and Palo Alto Cortex XSOAR, applying a risk‑based approach that keeps our high‑value workloads protected. - **Develop and tune detection rules** for cloud environments (AWS GuardDuty, Azure Security Center) and on‑prem firewalls (Palo Alto NGFW, Cisco ASA), aiming to improve detection precision by at least 15 % each quarter. - **Lead threat‑hunts** using Wireshark, Zeek, and Open‑Source Intelligence (OSINT) feeds to uncover stealthy adversary tactics; document findings in Confluence and share playbooks across the organization. - **Automate repetitive tasks** with Python, Bash, and Terraform, reducing manual ticket creation by 30 % and freeing analysts for deeper investigations. - **Own the vulnerability lifecycle** with Tenable Nessus and Qualys, ensuring 90 % of critical findings are patched within 7 days, and report progress to the quarterly Board risk review. - **Collaborate with engineering** to embed security controls into CI/CD pipelines via GitLab CI, Docker image scanning (Trivy), and SAST tools (Checkmarx), raising our code‑security coverage from 68 % to 85 % over the next year. - **Mentor junior analysts** and run monthly “Lunch‑and‑Learn” sessions where the team dissects recent breach reports (e.g., Log4j, SolarWinds) and explores mitigation strategies. - **Represent security** in cross‑functional meetings with Product, Legal, and Finance to translate regulatory requirements (PCI‑DSS, GDPR) into practical, testable controls. **Our toolbox (the tech you’ll get to master)** | Category | Tools & Platforms | |----------|-------------------| | SIEM & Log Management | Splunk Enterprise Security, Azure Sentinel | | Endpoint & Network Detection | Palo Alto Cortex XSOAR, Wireshark, Zeek | | Cloud Security | AWS GuardDuty, Azure Security Center, Prisma Cloud | | Vulnerability Scanning | Tenable Nessus, Qualys VM | | IAM & Identity | Okta, Azure AD, CyberArk | | Automation & Orchestration | Python, Bash, Terraform, Ansible | | Container & CI/CD Security | Docker, GitLab CI, Trivy, Checkmarx | | Collaboration & Documentation | JIRA, Confluence, Slack, Discord | **What you bring** - **Experience:** Minimum 5 years in InfoSec roles (security analyst, cyber analyst, security engineer) with at least two years leading incident response in a cloud‑first environment. - **Certifications:** CISSP, GSEC, or AWS Security Specialty are strong signals; we also value practical experience over paper credentials. - **Skills:** Proficient in writing SPL queries for Splunk, building detection logic in Azure Sentinel, and scripting in Python/Bash. Familiarity with NIST CSF and ISO 27001 frameworks is essential. - **Mindset:** You thrive on ambiguous data, enjoy turning “noise” into clear, concise recommendations, and can articulate technical concepts to non‑technical leaders. - **Soft‑skills:** Strong written communication (you’ll author incident reports that executives read), collaborative spirit (you’ll pair program with devs on security tickets), and a willingness to mentor. **A human moment** > “I remember the night we caught a credential‑stuffing attack on our staging environment. The alert lit up in Splunk, and within ten minutes I was on a Zoom call with a junior analyst in St. Michael, Minnesota. We wrote a detection rule together, pushed it live, and the next hour the attack vector vanished. That moment reminded me why I love remote security work – you can be miles apart, but you still feel like you’re in the same room.” – *Riley Martinez, Senior Threat Analyst* **Why remote works for us** Our core hours are 10 AM–3 PM CT, which aligns with the majority of our team in St. Michael, Minnesota and the West Coast. Outside those windows we rely on async communication: recorded Loom walkthroughs, detailed ticket notes in JIRA, and comprehensive runbooks in Confluence. We provide a $2,000 annual home‑office stipend, a corporate‑grade VPN, and a shared “virtual coffee” channel so you never feel isolated. **Compensation & benefits** - **Base salary:** $110 k – $150 k, calibrated to experience and market data for St. Michael, Minnesota. - **Equity:** Stock options that vest over four years, with an average grant valued at $25 k for senior hires. - **Bonuses:** Quarterly performance bonus up to 15 % of base. - **Health:** Medical, dental, vision, and a $1,200 wellness allowance. - **Time off:** Unlimited PTO (with a minimum of 20 days taken per year) plus 12 paid holidays. - **Learning:** $5 k annual education budget, paid conferences (e.g., RSA, Black Hat) and access to Pluralsight, O'Reilly. - **Retirement:** 401(k) match up to 4 %. **How we hire – the process** 1. **Resume & short questionnaire** – we ask for a brief threat‑hunt story and your preferred tools. 2. **Phone screen (30 min)** – with our talent acquisition partner to confirm logistics, salary expectations, and cultural fit. 3. **Technical interview (90 min)** – a live scenario where you’ll write a SPL query in Splunk and walk through a mock incident. 4. **Team interview (60 min)** – a conversational chat with two members of the security team (one analyst, one engineer) and a product manager from St. Michael, Minnesota. 5. **Leadership interview (45 min)** – with the VP of Risk & Compliance to discuss strategy, career goals, and how you’d shape the future of our security program. 6. **Offer & onboarding** – we aim to extend an offer within ten business days of the final interview. **Our promise to you** We know you have options. We’ll be transparent about compensation, give you a realistic view of the challenges we face, and let you see the impact of your work from day one. Our security roadmap for the next 12 months includes expanding automated response playbooks, achieving a 90 % detection coverage across AWS and Azure, and hiring two additional analysts to support our growing product suite. If you’re ready to own the security posture of a fast‑growing SaaS platform, enjoy solving puzzles with data, and want to collaborate with a tight‑knit team spread across St. Michael, Minnesota and beyond, hit “Apply” now. Let’s make the internet a safer place—together. Apply tot his job Apply To this Job