Staff/Senior IT Security Analyst

Company Overview 

10Pearls is an award-winning end-to-end digital innovation company that helps businesses imagine and build the future. We are proud to announce that 10Pearls was named as winner of the Best Tech Work Culture Timmy Award in Washington DC by Tech in Motion, recognized on the Inc. 5000 Fastest-Growing Companies List, and was ranked the #1 Most Diverse Midsize Company in Greater Washington. We partner with businesses to help them transform, scale, and accelerate by adopting digital and exponential technologies. Our work has ranged from creating highly usable, secure digital experiences, mobile and software products, to helping businesses modernize through cloud adoption and development and the digitalization of their business processes. Our clientele is highly diverse, including Global 1000 enterprises, mid-market businesses, and high-growth start-ups. But those are just the facts. What makes us unique is that we have true heart and soul. We have a strong focus on a double bottom line and actively support and engage with the communities where we live and work to make the world a better place. In a nutshell, we believe in doing well, while doing good, and know how to balance the two. 
 
Role 

10Pearls is looking for an experienced IT Security Analyst to join our growing team. The ideal candidate will have a strong foundation in information security, risk management, and security operations, along with a proactive approach to identifying and mitigating threats. 
 
Responsibilities: 

• Implement, manage ISO 27001, and update information security policies and procedures  

  
  

• Monitor network and endpoint security, investigate issues, and respond to breaches  

  
  

• Perform vulnerability assessments, identify security gaps in networks and websites, and conduct penetration testing  

  
  

• Conduct internal audits and reporting related to ISO 27001 and technical compliance  

  
  

• Manage Windows Server Security, PowerShell, and Linux system administration  

  
  

• Ensure 100% deployment of endpoint security, email security, phishing, and malware protection  

  
  

• Continuously audit systems to ensure implementation of approved security controls  

  
  

• Coordinate with IT teams and other stakeholders  

  
  

• Analyze IT requirements and provide objective security recommendations  

  
  

• Lead tasks to completion and ensure timely execution of security operations  

  
  

• Stay updated on the latest security threats, trends, and technologies  

  
  

• Demonstrate adaptability and a creative approach to problem-solving  

  
  

• Perform additional duties as assigned 

  
  

Key Responsibilities (Operational): 

• Support day-to-day security operations including monitoring, triaging, and investigating alerts  

  
  

• Assist in incident response, root cause analysis, and documentation of security events  

  
  

• Troubleshoot user access and connectivity issues related to security controls  

  
  

• Support identity and access management, including access reviews and least privilege enforcement  

  
  

• Assist in securing cloud and SaaS environments, including reviewing integrations and permissions  

  
  

• Perform vulnerability assessments and support remediation efforts  

  
  

• Identify and reduce external security risks such as misconfigurations and exposed assets  

  
  

• Support compliance activities (e.g., ISO 27001), audits, and documentation  

  
  

• Contribute to security awareness initiatives and analyze phishing/fraud attempts  

  
  

• Maintain documentation, runbooks, and provide regular security updates 

  
  

Requirements: 

• Experience in IT/security operations with exposure to endpoint, network, or cloud security  

  
  

• Strong troubleshooting skills with a basic understanding of networking and system concepts  

  
  

• Familiarity with incident handling and common security threats  

  
  

• Good communication skills and ability to collaborate with technical and business teams 

  
  

Good to Have: 

• Hands-on experience with tools such as Zscaler, CrowdStrike, and Tenable  

  
  

• Microsoft security certifications (e.g., SC-200, SC-300, AZ-500, or equivalent)