Cybersecurity Analyst

At Jerry’s Enterprises, Inc. the Cybersecurity Analyst plays a crucial role in maintaining and ensuring the security of Jerry’s Enterprises digital infrastructure by identifying vulnerabilities, implementing protective measures, and responding to potential cyber threats.  The Cybersecurity Analyst partners closely with the infrastructure team to identify, implement, and maintain secure digital architecture, processes, controls, and safeguards. This role offers the opportunity to work on diverse cybersecurity initiatives, contribute to the development of innovative security strategies, and play a key role in protecting our organization from cyber threats.

Reports To: Corporate Director of Cybersecurity

Location: Corporate Office - Edina, MN

Classification: Full Time, Exempt

Rate of Pay: Commensurate based on experience

Hours: Monday – Friday with occasional evening and weekend work required

Jerry’s work perks:

• Health / Vision / Dental Insurance
• Paid Time Off
• 401K + match
• Store Discount
• Hybrid work schedule, 2 days remote and 3 days in office

Essential functions:

• Incident response: Participate in responding to a wide range of cybersecurity incidents.
• Security monitoring: Continuously monitor security alerts and events using SIEM and other security tools to identify potential threats. Continuously verify and enhance protections.
• Prevention and continuous improvement: Continually review, recommend improvements, and strive for operational excellence through tuning, and re-imagining of cybersecurity processes, tools, and architectures.
• Compliance assessments: Conduct assessments of systems, processes, and technologies.
• Log analysis: Perform detailed analysis of logs from various sources (e.g., EDR, firewalls, IDS/IPS, servers) to identify and investigate security incidents.
• Threat intelligence: Utilize threat intelligence feeds to stay informed about emerging threats.
• AI: Leverage AI for threat hunting, automation, scripting and to improve operational efficiency and overall cybersecurity effectiveness.
• Technical administration: Recommend, implement, configure, and maintain security products used to protect information assets both on-premises and in the cloud.
• Documentation: Document security incidents thoroughly, including steps taken and outcomes.
• Cyber services visibility: Create, maintain, and enhance key service indicators including cyber analytics, automations, communications, and standards.
• Security policy: Collaborate with internal and external teams to create policies needed to ensure robust security program measures are and aligned with industry best practice.
• Awareness and training: Create, manage, and deliver timely and relevant security awareness content to Jerry’s team members.
• Requirements and architecture: Collaborate with infrastructure team to define and implement secure architectures. Capture and translate cybersecurity requirements into technical specifications and integrate them into infrastructure design and deployment processes.
• Security testing: Coordinate, support, document, and participate in penetration testing, tabletop exercises, and business continuity/disaster recovery activities. 
• Third party compromise: Foster partnerships and procedures on third party compromise response activities to address and mitigate risks associated with external entities.
• Risk assessment: Provide technical support for a comprehensive risk management program. Conduct threat modeling and risk assessments.

Qualifications:

• College degree in Cybersecurity, Information Technology, Computer Science, or related field or equivalent industry experience and certifications, with proficiency in cybersecurity.
• Two to four years of relevant experience in cybersecurity, network, or information technology environments.
• Strong knowledge of cybersecurity principles, threat detection, incident response, and cybersecurity controls.
• Demonstrated knowledge of a broad range of technical concepts, examples include: firewall rule configuration, network segmentation, network intrusion detection and response, security vulnerability scanning, threat hunting, log analysis, security frameworks and methods both cloud and on-prem.
• Ability to work on-site or in a hybrid capacity as needed.
• Participation in after-hours incident response.
• High degree of initiative, strong work ethic, creativity, motivation, and accountability.
• Strong analytical and organizational skills. 
• Demonstrated ability to influence decisions by identifying risks and opportunities.

Our ideal candidate:

• Knowledge of cyber-attack stages (e.g., MITRE ATT&CK Framework, tactics, techniques and procedures for conducting reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

• Experienced with EDR tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint).
• Understands Microsoft Windows and Linux operating systems including Active Directory, Group Policy, system hardening, authentication protocols, privilege management.
• Familiar with SIEM/SOAR platforms, vulnerability scanners, and forensic tools.
• Knows scripting languages such as Python, PowerShell, or Bash. 
• Experience with cloud security tools and practices in AWS, Azure, or GCP.
• Knowledge of AI and LLM concepts and ability to leverage IA toolsets.
• Knows compliance frameworks such as NIST, ISO 27001, PCI-DSS, or HIPAA.
• Certifications for: CompTIA Security+, CEH, CISSP, OSCP, Microsoft SC-200, or AWS/Azure Security certifications.

Supervisory Responsibility

• This position has no supervisory responsibilities

Work Environment

• This position operates in a professional office environment.  
• Most work is performed in a temperature-controlled office environment.

Position Type / Expected Hours of Work

• This is a full-time, exempt position. This position works Monday through Friday, and may occasionally require long hours and occasional weekend work as job duties demand.  Eligible for hybrid work.

Travel

• Travel is primarily local during the business day, although some out-of-area travel may be expected. 

Must be able to perform duties with or without reasonable accommodation

Americans with Disabilities Act (ADA)

Jerry’s Enterprises, Inc. will provide reasonable accommodations (such as a qualified sign language interpreter or other personal assistance) with the application process upon your request as required to comply with applicable laws.  If you have a disability and require assistance in this application process, please visit the store to which you are applying. 
 

Equal Employment Opportunity (EEO)

In accordance with all requirements of federal, state, and local law, Jerry’s Enterprises, Inc. is an Equal Employment Opportunity employer.  Jerry’s Enterprises, Inc. prohibits discrimination in recruiting, hiring, training, promotion, termination, pay, discipline, transfer, fringe benefits, job training, classification, referral and all other aspects of employment on the basis of age, race, color, creed, religion, national origin, ancestry, sex, pregnancy (including lactation, child birth, or related conditions), physical or mental disability, marital status, familial status, veteran/military status, sexual orientation, gender identity or expression, genetic information, status with regard to public assistance, membership or activity in a local commission or any other status protected by federal, state or local law.

Privacy
We respect our applicants’ privacy.  Applicants will be required to provide specific information to complete the application process.  The information you provide, unless otherwise specified, will only be used in regard to our employment decision.