Security Analyst

For more than 40 years, Aspira has been the market-leading provider of software and services that help public agencies protect natural and cultural resources while making them accessible for all. Our platform supports everything from campground reservations to hunting licenses, helping millions of people discover, enjoy, and care for the outdoors.

We share our client partners' mission: to steward resources for future generations, create opportunities for genuine enjoyment of the outdoors today, and expand access so more people can experience its benefits.

Aspira is transforming its technology and service model to give agencies more capacity and insight—streamlined tools, smarter automation, and better connections with their communities. Our goal is simple: make it easier for our clients to conserve what matters most and for their customers to enjoy it to the fullest.

The Security Analyst is a proactive, detail-oriented professional with strong hands-on experience in cloud security monitoring, incident response, and log analysis. This individual will leverage Aspira's AWS-native tools and industry SIEM platforms to detect, analyze, and respond to threats while continuously improving security controls. The ideal candidate thrives in fast-paced environments, is curious and analytical, and collaborates closely with IT, DevOps, and Network Engineering teams.

Monitoring & Threat Detection

• Monitor and correlate events across AWS CloudWatch, CloudTrail, GuardDuty, and Security Hub.
• Configure and maintain Rapid7, LogRhythm, and related monitoring tools for ingestion of logs from servers, PCs, and laptops.
• Develop detection rules, alerts, and dashboards for real-time visibility into threats and anomalies.
• Conduct continuous log analysis, identifying suspicious activity, compromised accounts, or policy violations.
• Monitor logs and events across AWS and on-premises environments (Dallas and China offices), ensuring consistent visibility into threats.

Incident Response & Investigation

• Perform Tier 1/Tier 2 triage of alerts and escalate to senior security/engineering staff as appropriate.
• Support incident response exercises, playbook development, and forensic analysis.
• Lead investigations of security events: review indicators of compromise, assess impact, and recommend containment/remediation actions.
• Collaborate with IT Operations, Network Engineering, and DevOps to remediate vulnerabilities and harden systems.
• Escalate incidents and findings to the Senior Cloud Network Engineer or Senior Security System & Network Engineer as appropriate, with oversight from the Director of Information Security.

Compliance & Governance

• Support compliance initiatives (PCI, SOC, NIST, CIS) by maintaining monitoring evidence, documenting incidents, and assisting with audit requests under the guidance of the Director of Information Security.
• Document incidents, vulnerabilities, and remediation efforts for audit and reporting purposes.
• Assist in the rollout and implementation of zero-trust controls (MFA, IAM policies, endpoint protection) as directed by the Director of Information Security."

Automation & Continuous Improvement

• Create and maintain scripts and automation (Python, PowerShell, Terraform) for log ingestion, enrichment, and reporting.
• Develop runbooks for common security incidents and monitoring alerts.
• Recommend enhancements to SIEM rules, AWS GuardDuty findings, and log retention strategies.
• Identify and implement emerging security best practices to keep pace with evolving threats.
• Contribute to security KPIs, including SIEM coverage across assets, incident response times, and patch/vulnerability remediation metrics, by providing accurate monitoring and escalation

• 5+ years of experience in Security Operations, Threat Monitoring, or Incident Response.
• Strong familiarity with AWS-native security/monitoring tools (CloudWatch, CloudTrail, Security Hub, GuardDuty).
• Hands-on experience with SIEM platforms, preferably Rapid7 InsightIDR, LogRhythm, or Splunk.
• Knowledge of security frameworks (NIST 800-53, CIS Benchmarks, PCI DSS).
• Understanding of networking (TCP/IP, firewalls, VPNs) and operating system hardening (Windows, Linux).
• Strong analytical skills with experience conducting log analysis, packet captures, and event correlation.
• Practical scripting/automation knowledge (Python, PowerShell, Bash).
• Relevant certifications a plus (CompTIA Security+, GSEC, AWS Security Specialty, CEH, or similar).