Security at NPA Buffalo, New York

Information Security Analyst

You'll be responsible for executing a structured monthly security program, managing a robust security toolset, maintaining NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) compliance, and serving as the organization's go-to resource for all things information security. If you're a hands-on security professional with audit experience, solid framework knowledge, and a methodical approach to risk and remediation, this role offers real ownership in a stable, respected organization.

What You'll Do

• Execute a defined monthly security program including monitoring, alerting, vulnerability management, and follow-up on findings
• Monitor networks and endpoints via SIEM and EDR tools; investigate anomalies and triage security events
• Manage vendor vulnerability disclosures assess severity, develop remediation plans, and track resolution
• Coordinate with internal stakeholders and external partners on annual NYDFS 500 audits and ongoing compliance activities
• Conduct and oversee security assessments including penetration testing, phishing simulations (KnowBe4), vishing, and social engineering exercises; manage follow-up training for users who fail tests
• Work with an external security partner (monthly rotating engagements external pen tests, internal attack simulations, and more) to maintain a layered security posture
• Develop, maintain, and enforce security policies and procedures; cross-train IT staff to build organizational resilience
• Prepare clear, standardized reports detailing threats, vulnerabilities, risks, and recommended mitigation steps
• Respond to ad-hoc internal security support requests
• Assist with company-wide system upgrades as needed

Security Tools & Technologies You'll work within a well-established, multi-layered security stack, including:

• Vulnerability Management: Tenable
• Penetration Testing: Kali Linux, Acunetix / Invicti
• Endpoint Detection & Response: Carbon Black Detect and Protect
• Security Awareness & Phishing Simulation: KnowBe4 (managed internally)
• External Security Partner: Hack at Cyber (monthly rotating engagements)
• SIEM: Security Information and Event Management platform
• Endpoint & Device Management: Microsoft Intune compliance policies
• Firewall: Rule and policy management
• OS Hardening: Operating system hardening tools and best practices
• Anti-malware: Endpoint protection solutions

Qualifications

• 5+ years of hands-on information security experience; equivalent experience considered in lieu of a degree
• Demonstrated experience with security audits, remediation tracking, and incident response candidates who have never been through a full audit cycle will not be considered
• Working knowledge of security frameworks including CIS Controls, NIST, ISO 27001, or similar ability to apply framework knowledge to real-world decisions (e.g., evaluating proposed changes against NYDFS 500 requirements)
• Hands-on experience with vulnerability management, SIEM monitoring, EDR tools, and penetration testing methodologies
• Familiarity with NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) is a strong plus; broader regulated industry compliance experience acceptable
• Strong documentation skills; ability to write clear policies, procedures, and executive-ready reports
• Comfortable communicating security risk to both technical teams and non-technical leadership
• Strong organizational skills with the ability to manage a structured monthly program and respond to unplanned events

Why is This a Great Opportunity

About the Role Our client, an established and highly regarded industry leader in Western New York, is seeking an experienced Information Security Analyst to serve as the primary security professional within their IT organization. This is a newly created role the result of a long-tenured security leader stepping into an executive position meaning the program is mature, the tools are in place, and this person walks into a well-documented, well-resourced environment rather than starting from scratch. Outstanding Benefits! Employees may be eligible for a hybrid telecommuting schedule upon successful completion of onboarding period.

• Pension Plan!
• Very Generous Profit Sharing - annual payout
• 401K with match
• 4 weeks PTO to start
• 5 days Sick time
• 10 Holidays
• Newly renovated work space including sit/stand desks

Salary Type: Annual Salary Salary Min: $85000 Salary Max: $115000 Currency Type: USD

Information Security Analyst

You'll be responsible for executing a structured monthly security program, managing a robust security toolset, maintaining NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) compliance, and serving as the organization's go-to resource for all things information security. If you're a hands-on security professional with audit experience, solid framework knowledge, and a methodical approach to risk and remediation, this role offers real ownership in a stable, respected organization.

What You'll Do

• Execute a defined monthly security program including monitoring, alerting, vulnerability management, and follow-up on findings
• Monitor networks and endpoints via SIEM and EDR tools; investigate anomalies and triage security events
• Manage vendor vulnerability disclosures assess severity, develop remediation plans, and track resolution
• Coordinate with internal stakeholders and external partners on annual NYDFS 500 audits and ongoing compliance activities
• Conduct and oversee security assessments including penetration testing, phishing simulations (KnowBe4), vishing, and social engineering exercises; manage follow-up training for users who fail tests
• Work with an external security partner (monthly rotating engagements external pen tests, internal attack simulations, and more) to maintain a layered security posture
• Develop, maintain, and enforce security policies and procedures; cross-train IT staff to build organizational resilience
• Prepare clear, standardized reports detailing threats, vulnerabilities, risks, and recommended mitigation steps
• Respond to ad-hoc internal security support requests
• Assist with company-wide system upgrades as needed

Security Tools & Technologies You'll work within a well-established, multi-layered security stack, including:

• Vulnerability Management: Tenable
• Penetration Testing: Kali Linux, Acunetix / Invicti
• Endpoint Detection & Response: Carbon Black Detect and Protect
• Security Awareness & Phishing Simulation: KnowBe4 (managed internally)
• External Security Partner: Hack at Cyber (monthly rotating engagements)
• SIEM: Security Information and Event Management platform
• Endpoint & Device Management: Microsoft Intune compliance policies
• Firewall: Rule and policy management
• OS Hardening: Operating system hardening tools and best practices
• Anti-malware: Endpoint protection solutions

Qualifications

• 5+ years of hands-on information security experience; equivalent experience considered in lieu of a degree
• Demonstrated experience with security audits, remediation tracking, and incident response candidates who have never been through a full audit cycle will not be considered
• Working knowledge of security frameworks including CIS Controls, NIST, ISO 27001, or similar ability to apply framework knowledge to real-world decisions (e.g., evaluating proposed changes against NYDFS 500 requirements)
• Hands-on experience with vulnerability management, SIEM monitoring, EDR tools, and penetration testing methodologies
• Familiarity with NYDFS Cybersecurity Regulation 500 (23 NYCRR 500) is a strong plus; broader regulated industry compliance experience acceptable
• Strong documentation skills; ability to write clear policies, procedures, and executive-ready reports
• Comfortable communicating security risk to both technical teams and non-technical leadership
• Strong organizational skills with the ability to manage a structured monthly program and respond to unplanned events

Why is This a Great Opportunity

About the Role Our client, an established and highly regarded industry leader in Western New York, is seeking an experienced Information Security Analyst to serve as the primary security professional within their IT organization. This is a newly created role the result of a long-tenured security leader stepping into an executive position meaning the program is mature, the tools are in place, and this person walks into a well-documented, well-resourced environment rather than starting from scratch. Outstanding Benefits! Employees may be eligible for a hybrid telecommuting schedule upon successful completion of onboarding period.

• Pension Plan!
• Very Generous Profit Sharing - annual payout
• 401K with match
• 4 weeks PTO to start
• 5 days Sick time
• 10 Holidays
• Newly renovated work space including sit/stand desks

Salary Type: Annual Salary Salary Min: $85000 Salary Max: $115000 Currency Type: USD

• 

• Government Careers