IT Security Operations Analyst

For 68 years, HEICO Corporation, a NYSE traded company, has thrived by serving niche segments of the aviation, defense, space and electronics industries by providing innovative and cost-saving products and services. HEICO's high-energy culture focuses our Team Members on providing high quality products and services to our customer base, which is made up of most of the world's airlines, the defense industry, satellite manufacturers and other electronics companies. Our leadership approach creates a dynamic environment that continually challenges our Team Members to grow professionally and develop in an entrepreneurially-spirited setting.

ROLE: The Senior IT Security Analyst applies advanced systems analysis techniques and deep cybersecurity operations expertise to protect sensitive and mission-critical systems across HEICO and its subsidiaries. This role serves as a senior technical escalation point for security monitoring and incident response, leads complex investigations, and drives continuous improvement of detection, response, and security hardening capabilities.

The Senior IT Security Analyst acts as a trusted advisor and liaison to ensure security operations align with HEICO standards while accounting for subsidiary-specific business needs and technical nuances. The role mentors junior analysts, improves operational rigor (playbooks, automation, metrics), and supports compliance-driven security requirements through disciplined execution and documentation.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Security Monitoring & Triage
• Analyze and triage security alerts from managed detection and response (MDR) services and internal monitoring platforms; determine severity, scope, and required actions.
• Serve as an escalation point for high-impact or complex alerts and investigations; provide guidance to junior analysts during active cases.
• Incident Response Leadership
• Lead cybersecurity incident investigations, including evidence preservation, containment, eradication, and recovery validation in accordance with established procedures.
• Coordinate incident communications and technical actions across IT teams, impacted sites, and third-party providers; ensure timely escalation when elevated authorization is required.
• Perform post-incident reviews, document timelines and lessons learned, and implement improvements to reduce recurrence.
• Threat Investigation & Analysis
• Conduct malware and suspicious artifact analysis using investigative tooling (including sandboxing) to determine behavior, impact, and mitigation steps.
• Perform proactive threat hunting to identify stealthy or low-signal adversary activity and improve detection coverage.
• Detection Engineering & Security Tool Optimization
• Evaluate, tune, and optimize EDR/XDR detection logic, response policies, and automated containment actions to improve efficacy and reduce false positives.
• Enhance alert fidelity and investigative effectiveness through rule refinement, contextual enrichment, telemetry validation, and playbook improvements.
• Design and maintain application control and endpoint protection policies to strengthen visibility, restrict unauthorized software execution, and address detection or response gaps.
• Security Automation
• Develop, test, and implement SOAR/security automation workflows to improve response consistency and enable action when staffing is limited.
• Identify repetitive analyst tasks and implement automation to increase operational capacity and reduce mean time to respond (MTTR).
• Incident-Driven Vulnerability Escalation
• Escalate vulnerabilities or control weaknesses identified during incident response or threat hunting, providing technical impact analysis and attack-path context to the vulnerability management function.
• Confirm that remediation actions adequately address the specific incident vector or exploited control gap.
• Control Gap Identification & Advisory
• Provide operational feedback on control effectiveness based on real-world incident activity and detection gaps (including emerging technology guidance such as AI usage controls).
• Recommend improvements to technical safeguards or enforcement mechanisms when investigative findings reveal system weaknesses (e.g., SOX and NIST-aligned requirements).
• Third-Party / MSP Oversight
• Engage third-party IT providers/MSPs to communicate HEICO security requirements and incident handling expectations (including evidence retention).
• Assess MSP execution against requirements, identify gaps, and escalate non-compliance through appropriate channels.
• Business Partnership, Reporting, and Travel
• Act as a liaison between HEICO Corporate security and supported subsidiaries to maintain alignment on security initiatives, upgrades, and operational expectations.
• Provide regular operational reporting (risk trends, incident metrics, remediation status, tooling effectiveness).
• Required quarterly travel to supported out-of-state sites (i.e. quarterly planned visits and additional travel during escalations) to understand environment baselines, strengthen stakeholder relationships, and improve response readiness.
• On-Call Support
• Participate in an on-call rotation and respond independently to security events outside standard business hours.
• Perform other professional cybersecurity duties consistent with the scope and level of the position.