The Information Security Administrator will manage the firm’s enterprise vulnerability management program while supporting security monitoring and incident response. Responsibilities include operating and tuning vulnerability scanners, validating and prioritizing vulnerabilities across endpoints, servers, applications, and cloud environments, and coordinating remediation with IT teams. The role monitors alerts from SIEM, EDR, email security, and identity systems, performs Tier 1–2 incident triage, investigates security events, and contributes to containment, eradication, and post-incident reviews. The administrator also supports detection engineering, security tool configuration, onboarding of new log sources, SOAR workflow maintenance, and configuration hardening to ensure robust security operations.

Candidates should have 3–5 years of experience in vulnerability management or security operations, hands-on experience with vulnerability scanners (e.g., Nessus, Rapid7, Qualys, Defender TVM), and familiarity with SIEM, EDR, and email security tools (e.g., Splunk, Sentinel, CrowdStrike, Proofpoint). Knowledge of CVE/CVSS, EPSS, ISO/IEC 27001, NIST CSF, and HIPAA safeguards is required. Strong analytical, communication, and project management skills are essential, along with the ability to work independently and collaboratively in a fast-paced environment. Certifications such as Security+, CySA+, or GSEC and experience in regulated or legal environments are preferred.

This Boston-based role requires 60% in-office presence and offers a salary range of $85,000–$100,000.