Analysis Group is one of the largest international economics consulting firms, with more than 1,500 professionals across 15 offices in North America, Europe, and Asia. Since 1981, we have provided expertise in economics, finance, health care analytics, and strategy to top law firms, Fortune Global 500 companies, and government agencies worldwide. Our internal experts, together with our network of affiliated experts from academia, industry, and government, offer our clients exceptional breadth and depth of expertise.
The Senior Information Security Engineer will serve as a trusted security leader and subject matter expert, partnering closely with the Information Security Manager to advance the firm’s cybersecurity strategy, architecture, and operations. This role will take ownership of critical security initiatives, lead the design and enhancement of security programs, and guide cross-functional teams in implementing secure, resilient, and compliant solutions. The Senior Information Security Engineer will be responsible for architecting and managing enterprise security tools, leading incident response efforts, ensuring robust cloud security, and proactively addressing emerging threats. This position requires a deep understanding of both the firm’s business objectives and the evolving cybersecurity landscape, ensuring that security solutions are business-enabling, scalable, and aligned with industry best practices.
Essential Job Functions and Responsibilities:
- Architect and oversee enterprise identity governance initiatives and the Privileged Access Management (PAM) platform, ensuring access control frameworks meet regulatory and business requirements.
- Serve as a principal advisor to IT and business leaders on balancing business needs with security best practices in technology adoption and process design.
- Lead advanced incident response activities, including root cause analysis, threat hunting, containment, and post-incident improvement plans.
- Lead the design, implementation, and optimization of Data Loss Prevention (DLP) solutions and related controls to safeguard sensitive data and prevent breaches.
- Define and enforce robust cloud security strategies, including Netskope and other zero trust/SASE solutions.
- Drive the maturity of the identity and access management program across cloud services, high-performance computing environments, and hybrid infrastructures.
- Provide senior-level oversight of information security tools and operations, including SIEM platforms, EDR solutions, and advanced malware defense.
- Represent Information Security in enterprise architecture and technical project reviews, guiding secure design and implementation decisions.
- Lead investigations into phishing campaigns, targeted threats, and complex security incidents, providing actionable intelligence to stakeholders.
- Conduct continuous threat landscape assessments, recommending both tactical mitigations and strategic security investments.
- Participate in the vulnerability management lifecycle, from pre-deployment risk assessment to remediation validation and compliance reporting.
- Guide the ongoing development of the Information Security Management System (ISMS) and related governance processes.
- Mentor and coach junior security engineers, fostering skill growth and a proactive security culture across the organization.
- Partner with business stakeholders to elevate security training, awareness programs, and process improvements.
- Establish and refine advanced technical security controls to ensure visibility, rapid incident response, and adherence to compliance frameworks.
- Participate in rotational on-call responsibilities to support the firm and respond to critical security events and incidents.
Qualifications:
- Bachelor’s degree required; degree in Information Systems Security, Computer Science, or related field preferred.
- Industry-recognized certifications strongly preferred (e.g., CISSP, CISM, GIAC, CCSP).
- Minimum of 5 years of substantive relevant experience required.
- An ideal candidate will have 7-10 years of progressive cybersecurity experience, with at least 3 years in a senior or lead engineering role.
- Proven track record designing, implementing, and managing enterprise security architectures in cloud and hybrid environments (AWS, Azure strongly preferred).
- Advanced expertise in identity governance, privileged access management, cloud security controls, and incident response.
- Experience with data security engineering and data loss prevention solutions.
- Deep understanding of enterprise IT systems, networking, and application architecture.
- Exceptional communication, documentation, and stakeholder engagement skills, with the ability to influence at all organizational levels.
- Strong project leadership skills, with the ability to drive multiple high-impact initiatives concurrently under tight deadlines.
- Demonstrated experience mentoring and developing technical talent.
- Strategic thinker with a results-driven mindset and a passion for continuous learning in cybersecurity.
- An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences
- To the extent permitted by applicable law, eligible candidates must be authorized to work in the United States without sponsorship or restriction, now and in the future
Analysis Group embraces equal opportunity. We are committed to building teams that bring a variety of backgrounds, perspectives, and skills, as we believe that a strong and inclusive workforce directly supports our goal of providing the highest-quality work. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other class protected under applicable federal, state, or local law, and we encourage candidates of all backgrounds to apply.
#LI-Hybrid
