Security Analyst

Description

Company Description:

Aspida is a tech-driven, nimble insurance carrier. Backed by Ares Management Corporation, a leading global alternative asset manager, we offer simple and secure retirement solutions and annuity products with speed and precision. More than that, we’re in the business of protecting dreams; those of our partners, our producers, and especially our clients. Our suite of products, available through our elegant and intuitive digital platform, focuses on secure, stable retirement solutions with attractive features and downside protection. A subsidiary of Ares Management Corporation (NYSE: ARES) acts as the dedicated investment manager, capital solutions and corporate development partner to Aspida.  For more information, please visit www.aspida.com or follow them on LinkedIn. 

Who We Are:

Sometimes, a group of people come together and create something amazing. They don’t let egos get in the way. They don’t settle for the status quo, and they don’t complain when things get tough. Instead, they see a common vision for the future and each person makes an unspoken commitment to building that future together. That’s the culture, the moxie, and the story of Aspida.

Our business focuses on annuities and life insurance. At first, it might not sound flashy, but that’s why we’re doing things differently than everyone else in our industry. We’re dedicated to developing data-driven tech solutions, providing amazing customer experiences, and applying an entrepreneurial spirit to everything we do. Our work ethic is built on three main tenets: Get $#!+ Done, Do It with Moxie, and Have Fun. If this sounds like the place for you, read on, and then apply at aspida.com/careers.

What We Are Looking For:

The Security Analyst will work closely with engineers, analysts, and architects across the company to analyze security risks, investigate potential threats, and enforce security policies. They will be responsible for monitoring security tools, conducting vulnerability assessments, analyzing logs, and supporting incident response efforts. Additionally, this role plays a key part in ensuring compliance with industry standards and regulations, including the Gramm-Leach-Bliley Act (GLBA). This position provides an opportunity to contribute to a strong security posture, helping protect both corporate and client data while gaining hands-on experience in threat detection, security automation, and continuous monitoring. This role reports to the Director of Cybersecurity and is required to be onsite 3 days a week at our Durham, NC headquarters.

What You Will Do:

· Monitor and analyze security events across infrastructure, applications, and networks to detect threats and ensure compliance with the Gramm-Leach-Bliley Act (GLBA) and other security policies.

· Collaborate with engineers, analysts, and architects across departments to assess security risks and support the implementation of secure solutions.

· Manage and optimize security monitoring tools, including SIEMs, endpoint detection and response (EDR), data loss prevention (DLP), and vulnerability management solutions to enhance threat detection capabilities.

· Assist with security automation and process improvements to reduce manual effort and improve efficiency in monitoring, analysis, and reporting.

· Conduct security assessments and risk analyses for new software, features, and infrastructure, identifying vulnerabilities and recommending mitigation strategies.

· Perform regular security monitoring and vulnerability scanning, supporting penetration testing efforts to proactively identify and address security gaps.

· Support incident detection and response efforts, investigating security alerts and working with other team members to analyze threats, contain incidents, and prevent future occurrences.

· Document security events, policies, procedures, and configurations, ensuring information is readily available for audits and regulatory compliance.

· Educate and assist employees and teams in following security best practices and complying with organizational policies.

Stay informed on emerging threats, vulnerabilities, and cybersecurity technologies, proactively recommending improvements to strengthen the organization's security posture. 

What We Provide:

· Salaried, DOE

· Full-Time

· Full Benefits Package Available

What We Believe:

Not sure if you meet every qualification? We still encourage you to apply! We value inclusivity, welcoming candidates from diverse backgrounds, including non-traditional paths. Unique experiences enrich our team, and the willingness to dream big makes you an exceptional candidate!

At Aspida Financial Services, LLC, we are committed to creating a diverse and inclusive environment and are proud to be an equal opportunity employer. As such, Aspida does not and will not discriminate in employment and personnel practices on the basis of race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.

Requirements

What We Require:

· Bachelor degree in computer science, information technology, information security, software development, or a related field.

· 2+ years of experience in information security, cybersecurity engineering, application security, application development, or a similar role, ideally within a regulated industry (e.g., finance, healthcare).

· Proficiency with security tools and technologies, including SIEMs, vulnerability scanners, DLP (Data Loss Prevention), code scanners, and EDR (Endpoint Detection and Response) tools.

· Hands-on experience with threat modeling, penetration testing, and vulnerability assessment techniques.

· Familiarity with scripting and automation (e.g., Python, Bash, PowerShell) to streamline security processes and reduce manual intervention.

· Understanding of networking and information technology fundamentals, cloud security practices, and DevSecOps principles.

· Strong knowledge of security frameworks, controls, and compliance requirements, with specific experience in Gramm-Leach-Bliley Act (GLBA) compliance.

· Demonstrated ability to assess, identify, and mitigate security risks across complex infrastructures and applications.

· Strong analytical and problem-solving skills, with a proactive approach to identifying potential security threats and areas for improvement.

· Excellent verbal and written communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders.

· Proven ability to collaborate effectively with cross-functional teams, including engineers, analysts, and architects, and to work independently when needed.

· Relevant certifications such as CompTIA Security+, or CompTIA CySA+ preferred.

· Strong attention to detail, with the ability to document processes and maintain records.

· Ability to stay current with the latest security trends, vulnerabilities, and industry regulations.