JOB TITLE:  Sr. Cybersecurity Analyst    LOCATION: Santiago DR   GENERAL DESCRIPTION OR PURPOSE OF JOB:   The Senior Cybersecurity Analyst – SOC is an experienced-level role responsible for leading the capability of detection, analysis, escalation, and remediation of cyber threats across Jostens. This position plays a key part in security operations, including the management of security tools, log monitoring, incident response, and threat analysis. Analysts at this level are expected to handle incidents independently and assist other analysts. They would also assist and escalate higher-severity issues as needed.   The role involves managing and tuning security tools such as SIEM, endpoint protection, IDS/IPS, vulnerability scanners, and related platforms. The analyst collaborates with IT, Legal, Privacy, Audit, and other business functions to support cybersecurity operations and continuous improvement of Jostens’ security posture. capabilities   RESPONSIBILITIES / ESSENTIAL FUNCTIONS:    Threat Analysis and Security Event Monitoring   Monitor security alerts and logs for potential threats using security tools. Correlate data from multiple sources to identify suspicious activity Analyze malicious activity to determine methods, impact, and potential remediation Manage and implement tuning security rules and log onboarding Manage security operations tools such as endpoint detection, vulnerability management, email security and attack surface management. Stay informed on current threats, vulnerabilities, and TTPs relevant to the organization   Alert/Incident Response   Leads cyber security alerts and incidents including identification, assessment, quantification, reporting, communication, and mitigation. Leads the full incident response lifecycle: detection, containment, eradication, recovery, and lessons learned Participate in technology remediation efforts through cross functional working teams and across business units. Leads incident response operations and development of standard operating procedures, run books and related templates. Recommends and assists with implementing process improvements. Perform advanced static and dynamic malware analysis, including reverse engineering of binaries and behavioral profiling, to inform threat detection strategies and enhance the organization’s understanding of threat actor TTPs. Provide actionable intelligence to improve detection rules and guide incident response efforts. Preforms forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors. Escalates and leads high-severity or complex incidents. Leads and documents root cause investigations Coordinates across IT, Legal, and other stakeholders during active investigations   Documentation, Metrics and Reporting   Provide daily summary reports of events and activity relevant to security practices. Perform security trend analysis and reporting. Update incident response plan and procedures as well as SOC runbooks. Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls. Performs forensic investigations and data acquisition supporting legal holds. Report common and repeated problems (trend analysis) to SOC Team lead and propose process and technical improvements. Provide metrics to measure the effectiveness of the incident response program at request of Security leadership and SOC lead. Other   Provide evidence for compliance activities, such as SOX, PCI, Data Privacy. Develops and refines SOC processes and procedures Engages in proactive threat hunting and strategic security initiatives Participate in strategic planning with the SOC management or cybersecurity leadership, contributing insights from the front lines to inform broader security strategy and policy development Provide expertise, guidance and advice related to all information security issues. Collaborate with other information security and IT team members to develop governance and implement strategies for monitoring and preventing attacks Participate in all tabletop exercises. Suggest process improvement opportunities where available to shape the future of Jostens Cybersecurity posture.   Required:   Minimum 5 years of experience in combination of Incident Response, Information Security or Information Technology role Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related work experience required In-depth knowledge and technical experience of incident response standards and information security incident management In-depth knowledge and technical experience of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc. Understanding of current threats and exploits to include experience with threat detection, analysis, and remediation Expertise in SOC tool management and technologies, including advanced threat detection, analysis, and response strategies Deep understanding of threat landscape, advanced persistent threats (APT), and sophisticated attack methodologies Capable of conducting advanced security research and analysis, threat hunting, and developing security policies and procedures Excellent communication skills are required, including the ability to articulate security risks and recommendations to non-technical stakeholders within the organization Ability to triage, define criticality, and resolve or escalate alerts Experience with Windows and Linux servers, IDS/IPS, A/V, SIEMs, DLP, Firewalls and workstations Working knowledge of email messaging flow Working knowledge of Microsoft 365, Okta, Duo, Microsoft Azure and Active Directory Experience using automation and scripting (PowerShell) to monitor systems Knowledge and/or experience in threat hunting Working knowledge of intrusion detection prevention, data loss prevention and vulnerability management Working knowledge of application architectures, platforms, and protocols; and their inherent security strengths and weaknesses Ability to troubleshoot and problem solve to address critical security issues Ability to communicate technical information in understandable business terms     Preferred: Professional security management certification is desirable, such as Systems Security Certified Practitioner (SSCP) certification, Certified Hacking Forensic Investigation (CHFI), GFCA Certified Forensic Analyst (GIAC) or other similar credentials.