Senior Security Analyst

Envestnet is seeking a Senior Security Analyst to join our Enterprise Security team. This is a hybrid role, with in-office work required at our Berwyn, PA office location.

Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions – backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nation’s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnet’s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients. 

Envestnet’s Strategy:

• Deliver the industry-leading wealth management platform, powered by advanced data and insights 
  
• Leverage our scale and efficiencies to serve our clients’ needs comprehensively 
  
• Enable financial advisors to deliver more holistic advice – reflecting a more complete view of their clients’ financial lives, and in a more connected environment
  

For more information, please visit www.envestnet.com.

Job Summary:

We are seeking a highly skilled and experienced Senior Security Analyst to join Envestnet's Cyber Defense Team. This role will report into the Director of Security Operations. In this pivotal role, you will be entrusted with safeguarding our organization's assets through leading incident response, conducting thorough security triage and analysis, Vulnerability assessment, Threat Hunting, Security response Automation and continuously enhancing our overall security framework. As a vital member of our team, you will contribute significantly to the development and maintenance of our Security Operations Center (SOC) processes and procedures.

The ideal candidate will possess extensive experience in cybersecurity, exceptional analytical skills, and a demonstrated ability to effectively manage and resolve intricate security incidents. This position is fundamental to our mission of fortifying our security posture and ensuring the protection of our critical assets.

Job Responsibilities:

• Lead and manage all stages of the incident response lifecycle, which includes detection, analysis, containment, eradication, recovery, and post-incident review. Prepare comprehensive incident reports and effectively communicate findings to both technical and non-technical stakeholders.
  
• Perform in-depth analysis of security events, alerts, and logs from various tools such as SIEM, EDR, IDS/IPS, and firewalls to identify and investigate potential threats. Update and implement incident response playbooks and procedures to ensure the efficient and effective handling of security incidents. Streamline and automate detection and prevention processes to enable rapid response, consistent triage, and swift root cause analysis and recovery.
  
• Contribute to the development and fine-tuning of the EDR platform, automating incident triage and response tasks using SOAR to create state-of-the-art detection capabilities. Ensure alignment of security operations and detection platforms with industry-standard frameworks such as MITRE ATT&CK and NIST CSF.
  
• Manage the relationship with the MDR vendor, tracking performance against SLAs and key performance indicators (KPIs). Conduct regular reviews of reports, incident trends, and feedback from internal teams.
  
• Conduct vulnerability assessments and gap analyses to determine security weaknesses in systems, applications, and networks. Collaborate with workload owners and cross-functional teams to coordinate remediation activities.
  
• Engage in proactive threat and vulnerability searches, leveraging threat intelligence and Envestnet's network knowledge. Collaborate with the offensive security team on Breach and Attack Simulation (BAS) platform exercises. Automate repetitive searches using various tools, monitor threat actor tactics, and manage simulated cyber-attacks based on prioritized threats.
  
• Participate in the evaluation, selection, and implementation of new security technologies and solutions.
  
• Assist in writing best practice procedures for services such as incident analysis, incident response coordination, security audits or assessments, certificate authority, log analysis and diagnostics, and host vulnerability scanning. Implement end-point security using EDR, EPM, and AV tools.
  
• Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested. 
  
• As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk
  

Required Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent practical experience).
  
• 8+ years of cybersecurity experience, specializing in Security Operations and Incident Response.
  
• Relevant industry certifications in Incident Response and Forensics related certificates areas, such as GIAC (GCIH, GCFA, GCFE), CISSP, or CEH is highly desirable.
  
• Excellent communication skills, both written and verbal, with the ability to convey technical information clearly.
  
• Expertise in incident handling, threat hunting, digital forensics, malware analysis, SOAR, operating systems, network security, purple teaming, and emerging security intelligence.
  
• Skilled in using tools like CrowdStrike EDR, Breach & Attack Simulation platforms, NDR, Splunk Enterprise Security, and IDP/ITDR.
  
• Comprehensive understanding of network protocols, Windows and Linux operating systems, and security architectures.
  
• Capable of working independently or within a team in high-pressure environments.
  
• Knowledgeable about the MITRE ATT&CK framework.
  
• Process-oriented with strong analytical and decision-making skills.
  
• Effective team player with excellent interpersonal abilities.
  
• Familiarity with cloud security (AWS, Azure, GCP) is advantageous.
  

Envestnet: 

• Be a member of an innovative and industry leading financial technology and solutions company 
  
• Competitive Compensation/Total Reward Packages that include:
  
  • Health Benefits (Health/Dental/Vision)
    
  • Paid Time Off (PTO) & Volunteer Time Off (VTO)
    
  • 401K – Company Match
    
  • Annual Bonus Incentives
    
  • Parental Stipend 
    
  • Tuition Reimbursement
    
  • Student Debt Program
    
  • Charitable Match 
    
  • Wellness Program
    

Envestnet is an Equal Opportunity Employer.

#LI-AQ1