Cyber Security Specialist

HEICO is seeking a SENIOR IT SECURITY ANALYST for an immediate full time direct hire position in Hollywood, FL.

NO THIRD PARTIES!

The Senior IT Security Analyst acts as a trusted advisor and liaison to ensure security operations align with HEICO standards while accounting for subsidiary-specific business needs and technical nuances. The role mentors junior analysts, improves operational rigor (playbooks, automation, metrics), and supports compliance-driven security requirements through disciplined execution and documentation.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Security Monitoring & Triage
• Analyze and triage security alerts from managed detection and response (MDR) services and internal monitoring platforms; determine severity, scope, and required actions.
• Serve as an escalation point for high-impact or complex alerts and investigations; provide guidance to junior analysts during active cases.
• Incident Response Leadership
• Lead cybersecurity incident investigations, including evidence preservation, containment, eradication, and recovery validation in accordance with established procedures.
• Coordinate incident communications and technical actions across IT teams, impacted sites, and third-party providers; ensure timely escalation when elevated authorization is required.
• Perform post-incident reviews, document timelines and lessons learned, and implement improvements to reduce recurrence.
• Conduct malware and suspicious artifact analysis using investigative tooling (including sandboxing) to determine behavior, impact, and mitigation steps.
• Perform proactive threat hunting to identify stealthy or low-signal adversary activity and improve detection coverage.
• Detection Engineering & Security Tool Optimization
• Evaluate, tune, and optimize EDR/XDR detection logic, response policies, and automated containment actions to improve efficacy and reduce false positives.
• Enhance alert fidelity and investigative effectiveness through rule refinement, contextual enrichment, telemetry validation, and playbook improvements.
• Design and maintain application control and endpoint protection policies to strengthen visibility, restrict unauthorized software execution, and address detection or response gaps.
• Security Automation
• Develop, test, and implement SOAR/security automation workflows to improve response consistency and enable action when staffing is limited.
• Identify repetitive analyst tasks and implement automation to increase operational capacity and reduce mean time to respond (MTTR).
• Incident-Driven Vulnerability Escalation
• Escalate vulnerabilities or control weaknesses identified during incident response or threat hunting, providing technical impact analysis and attack-path context to the vulnerability management function.
• Confirm that remediation actions adequately address the specific incident vector or exploited control gap.
• Control Gap Identification & Advisory
• Provide operational feedback on control effectiveness based on real-world incident activity and detection gaps (including emerging technology guidance such as AI usage controls).
• Recommend improvements to technical safeguards or enforcement mechanisms when investigative findings reveal system weaknesses (e.g., SOX and NIST-aligned requirements).
• Third-Party / MSP Oversight
• Engage third-party IT providers/MSPs to communicate HEICO security requirements and incident handling expectations (including evidence retention).
• Assess MSP execution against requirements, identify gaps, and elevate non-compliance through appropriate channels.
• Business Partnership, Reporting, and Travel
• Act as a liaison between HEICO Corporate security and supported subsidiaries to maintain alignment on security initiatives, upgrades, and operational expectations.
• Required quarterly travel to supported out-of-state sites (i.e. quarterly planned visits and additional travel during escalations) to understand environment baselines, strengthen stakeholder relationships, and improve response readiness.
• On-Call Support
• Participate in an on-call rotation and respond independently to security events outside standard business hours.
• Perform other professional cybersecurity duties consistent with the scope and level of the position.

Requirements

Education:

• Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or a related field; or an equivalent combination of education and professional experience.

Experience:

• Minimum five (5) years of progressively responsible experience in cybersecurity operations, incident response, or closely related IT security roles.
• Prior experience working in or closely supporting a Security Operations Center (SOC) environment, including incident handling under time pressure.
• Demonstrated experience leading incident investigations end-to-end (triage, containment, eradication, recovery validation, post-incident improvement).
• Strong working knowledge of:
• Windows, macOS, and Linux operating system security, hardening practices, and configuration analysis
• TCP/IP networking fundamentals and common enterprise network services/protocols
• Enterprise security tooling such as EDR/XDR, SIEM/log analysis, identity security, and vulnerability management
• Experience developing or implementing automation (SOAR or scripted workflows) to improve operational response.
• Proven ability to document technical findings clearly, communicate effectively with technical and non-technical stakeholders, and drive work to closure across teams.
• Ability to manage multiple priorities and perform effectively during time-sensitive security events.
• Willingness and ability to travel to supported sites as needed.

Desired Qualifications:

• Advanced certifications such as CISSP, GIAC (e.g., GCIH/GCIA/GCED), OffSec (e.g., OSCP/related), CASP+, or comparable expert-level credentials.
• Experience mapping detections/hunts to common threat frameworks (e.g., MITRE ATT&CK) and improving detection coverage.
• Practical understanding of how technical security controls support regulatory/contractual needs (e.g., SOX and NIST SP 800-171), including evidence and audit readiness.
• Experience improving security programs through metrics/KPIs, playbooks/runbooks, tabletop exercises, and continuous improvement cycles.
• Experience engaging third-party providers/MSPs on security requirements, incident handling expectations, and remediation follow-through.
• Familiarity with hybrid and virtualized infrastructure environments and applying security controls across those platforms.