Managed Security Services - Analyst

Company: RSM
Location: Harrisburg
Posted on: July 4, 2025

Job Description:

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. In order to address the most critical needs of our clients, RSM US LLP established the Security and Privacy Services group, comprised of more than 300 professionals dedicated exclusively to serving the cybersecurity needs of our clients. This group includes experienced consultants located throughout the United States and Canada dedicated to helping clients with preventing, detecting, responding and recovering from security threats that may affect their critical systems and data. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise across the full suite of security and privacy capabilities including managing the daily activities associated with our clients’ security operations. We are seeking an Associate level individual with experience working in the field of cybersecurity and a desire to help organizations improve their operations to join our team and help run the ongoing security operations for RSM clients in a variety of industries and geographic locations. Successful candidates will have working knowledge in some or all of these areas – IT operations, security monitoring, active directory, IP networking and various cloud technologies. At RSM, analysts work with large and small companies in variety of industries. They develop strong working relationships with their peers within the security operations center (SOC) while learning their clients’ businesses and challenges facing their organizations. Analysts work as part of a broader team under the direction of more senior analysts, threat hunters, shift leads, intelligence analysts and SOC managers in support of multiple clients. Working in a mutually respectful team environment helps our analysts perform at their best and integrate their career with their personal life. You will have the opportunity to: Investigate security incidents using SIEM tools, automation, and other cybersecurity technologies (i.e ServiceNow, Stellar Cyber, Hyas Insight and DNS Protect, SentinelOne, ELK Stack, Virustotal, Shodan, Netflow, Passive DNS, Silobreaker, Tenable.io, Hatching Triage Sandbox) Analyze, escalate, and assist in remediation of critical security incidents Improve and challenge existing processes and procedures in a very agile and fast-paced information security environment serving multiple clients Process IDS alerts and identifying incidents and events in customer data. Setup and execution and analysis of vulnerability scans Perform advanced analysis and investigation into alerts as they are identified Performing initial basic malware analysis utilizing automated means (static and dynamic sandbox analysis or other available tools) Incident intake, ticket updates and reporting of cyber events and threat intelligence Understanding, identifying, and researching indicators of compromise (IOCs) from a variety of sources such as threat intelligence reports and feeds Writing incident reports, process documentation, and interact with clients as required Transcribe and implement atomic indicators into a monitoring environment. Consume policy documentation and determine applicability in a network. Work with protocols at layers 2 and higher in the OSI model, to include ARP TCP, UDP, ICMP, DNS, Telnet, SSH, HTTP, SSL, SNMP, SMTP, and other common protocols that use well-known ports. Develops the playbooks to respond and recovery from various attacks/incidents. Drives the automation efforts focused on the closing cases, responding to Cyber events and analyzing data required to enable efficient response activities. Processing of Cyber Threat Intel that is used across RSM detection platforms to understand and prepare for potential threats. Threat intel is heavily used across RSM platforms drive issue prioritization. Open to working shifts in a 24x7 operations environment Preferred qualifications for an associate-level position include: Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences or prior relevant military / law enforcement experience Computer science, information technology, information systems management, or other similar degrees preferably with a focus on information security 2-4 years’ experience working in a security operations center, networking operations center or threat intelligence capacity Possess at least one security industry certification such as CySA, Security, CISSP, SANS GIAC (GSOC, GCIA, GMON, CGCDA) Knowledge of security standards and information security and compliance frameworks, controls, and best practices, including SSAE 16, SOC 2 and SOC3, OWASP Top 10, SANS, NIST Must have a naturally curious mindset and approach to solving problems Basic understanding of cloud technologies and their operations Experience supporting various operating systems such as Windows/Linux Understanding of IP network protocols Motivated self-starter with strong written and verbal communication skills Strong analytical and troubleshooting skills A self-starter mindset Beneficial, but not required, qualifications for an associate-level position include: Security incident and event management (SIEM/Data) tools such as Stellar Cyber, Splunk, LogRhythm, Elasticsearch etc. Common cloud platforms – Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform Vulnerability tools such as: Kenna, Tenable, Qualys, etc. Threat intelligence tools such as Recorded Future and Silobreaker and MISP Endpoint/HIDS detection and response tools such as: SentinelOne, CarbonBlack, Crowdstrike, Wazuh etc. Cloud access service brokers such as Netskope, ZScaler, McAfee, Forcepoint Technical understanding of core current cybersecurity technologies and threats as well as emerging capabilities. Hands-on cybersecurity experience within a Computer Incident Response organization. Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs). At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits . All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at careers@rsmus.com . RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate. RSM will consider for employment qualified applicants with arrest or conviction records in accordance with the requirements of applicable law, including but not limited to, the California Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the San Francisco Fair Chance Ordinance. For additional information regarding RSM’s background check process, including information about job duties that necessitate the use of one or more types of background checks, click here . At RSM, an employee’s pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range. Compensation Range: $66,100 - $117,200 Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.

Keywords: RSM, Bowie , Managed Security Services - Analyst, IT / Software / Systems , Harrisburg, Maryland