Security Analyst

The Security Analyst is responsible for the day-to-day execution of STARR's information security operations across a multi-concept restaurant and hotel portfolio of more than 40 locations. Reporting to the Director, Infrastructure and Security, this role provides hands-on monitoring, incident response triage, vulnerability management, and compliance support across STARR's hospitality technology environment. The Security Analyst serves as the operational backbone of STARR's PCI DSS v4.0 and CIS Controls v8 IG2 programs, executing the controls and processes that protect cardholder data, guest information, and operational systems.

The role is intended for an early- to mid-career security professional who is hands-on with security tooling, comfortable working under the direction of senior security leadership, and motivated to grow into a more senior role over time.

Security Monitoring and Threat Detection

• Monitor security event sources including CrowdStrike Falcon EDR, Proofpoint email security, protective DNS, and managed SOC alerting; triage events and escalate per documented incident response runbooks.
• Investigate phishing reports submitted, coordinate user remediation, and contribute to ongoing tuning of STARR's phishing simulation and awareness program.
• Maintain and tune vulnerability scanning across endpoints, infrastructure, and PCI-scoped systems; track remediation status with system owners and produce remediation reporting for IT leadership.
• Support managed detection and response engagement, including alert validation, false-positive tuning, and quarterly service review participation.

Identity, Access, and Compliance Operations

• Administer Cisco Duo for multifactor authentication, including user enrollments, group policy maintenance, and support for Cisco Duo Passport rollout in coordination with the Platform Engineer.
• Support SailPoint Identity Security Cloud operations including access certifications, role mining inputs, and onboarding/offboarding workflows in coordination with the Workday Systems team.
• Execute and coordinate semi-annual access reviews per the STARR Access Control Policy and PCI DSS Requirement 7.2.5, including both human and application/system accounts.
• Maintain evidence repositories supporting PCI DSS v4.0 and CIS Controls v8 IG2 audit cycles, including evidence packages for external assessors.

Incident Response

• Serve as a Tier 1 incident responder under the STARR Incident Response Plan; execute initial triage, evidence preservation, communications coordination, and stakeholder notification under the direction of the Director, Infrastructure and Security.
• Maintain incident playbook documentation; contribute to lessons-learned reviews and annual tabletop exercises.
• Coordinate with managed services partner and managed SOC during active incidents.

Endpoint and Mobile Security

• Support security configuration and compliance monitoring across Microsoft Intune and Jamf Pro managed devices.
• Validate endpoint security baseline compliance and remediate drift in coordination with the Technology Support team.

Documentation, Reporting, and Continuous Improvement

• Author and maintain security runbooks, evidence packages, and policy artifacts in alignment with STARR's policy library.
• Produce weekly operational reporting and monthly executive reporting for the Director, Infrastructure and Security and the Chief Information and Technology Officer.
• Contribute to STARR's broader security maturity roadmap including the migration toward post-Workday governance and the buildout of the Technology GRC pillar.

• Two to four years of hands-on information security operations experience, with demonstrated seat-time in a security operations or analyst role (consulting-only or audit-only backgrounds are not a fit for this role).
• Working knowledge of SIEM, EDR, vulnerability scanning, and email security tooling. Direct experience with at least one of: CrowdStrike, Microsoft Defender, Proofpoint, Mimecast, Qualys, Tenable, or Rapid7 is required.
• Demonstrated operational understanding of PCI DSS (v3.2.1 or v4.0); ability to discuss specific requirements and evidence collection in plain language.
• Familiarity with identity and access management concepts, including multifactor authentication, single sign-on, role-based access control, and least privilege.
• Strong written and verbal communication; ability to translate technical events into business-language reporting for non-technical executives.
• Demonstrated ability to operate effectively under direction in a fast-paced, multi-site operational environment.
• Foundational security certification (CompTIA Security+, SSCP, or equivalent) at hire, or commitment to obtain within twelve months of hire.

Preferred Qualifications

• Direct hands-on experience with Microsoft 365 Security, Microsoft Entra ID, Cisco Duo, CrowdStrike Falcon, Proofpoint, SailPoint Identity Security Cloud, or similar enterprise tooling.
• Hospitality, retail, healthcare, or other multi-site environment experience, particularly in environments with point-of-sale or cardholder data exposure.
• Experience with CIS Controls v8 implementation, gap assessment, or evidence collection.
• Exposure to FreshService or another enterprise IT service management platform.
• Experience supporting external audit cycles, including PCI assessments, SOC examinations, or financial audits with IT scope.
• Comfort with light scripting in PowerShell, Python, or Bash for repetitive task automation.

• Required at hire or within twelve months: CompTIA Security+ or SSCP.
• Preferred: GSEC, GCIH, GCFA, CySA+, CCNA Security, or equivalent technical security certifications in progress or completed.

Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or related discipline preferred. Equivalent professional experience, certifications, and demonstrated capability will be considered in lieu of a formal degree.