Job Summary:

As a Security Analyst you will utilize your skill and knowledge set to protect the organization’s environments from internal and external threats while maintaining confidentiality, integrity, and accessibility of the privileged data. By leveraging your abilities to identify threats posed through emerging vulnerabilities, misconfigurations, and social engineering you will lower the amount of risk facing the organization and our customers.

Neumo is seeking a Security & Vulnerability Analyst to play a key role in strengthening and maintaining the organization’s overall security posture. This position is ideal for a hands-on professional with experience in incident response, vulnerability management, and security analysis who thrives in a collaborative, cross-functional environment.

In this role, you will be responsible for monitoring and responding to security events, conducting in-depth analysis of potential threats, and identifying vulnerabilities across systems, applications, and infrastructures.

For positions in Solano County, CA:
Please note that this position requires passing a California Law Enforcement Telecommunications (CLETS) background check, and authorization to work in the United Stats (see below for specifics):

https://www.fbi.gov/services/cjis

Duties and Responsibilities:

Monitor and analyze security alerts and events from SIEM, EDR, and other security tools to identify potential threats
Investigate and respond to security incidents, including containment, eradication, and recovery actions
Perform root cause analysis and document incidents with detailed findings and recommendations
Conduct regular vulnerability scans across systems, applications, and networks using approved tools
Analyze vulnerability scan results, prioritize risks based on severity and business impact, and track remediation efforts
Partner with system owners and engineering teams to ensure timely patching and mitigation of identified vulnerabilities
Drive end-to-end vulnerability remediation efforts, including validation of fixes and closure of findings
Maintain accurate reporting and metrics on vulnerabilities, remediation status, and overall risk posture
Perform proactive threat hunting and identify gaps in detection capabilities
Perform other duties as assigned

Education and Experience:

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field is preferred. Equivalent combination of education, training, and relevant work experience may be considered in lieu of a degree.
2–4 years of experience in cybersecurity, information security, or IT operations, with direct experience in at least one of the following areas:
- Security Operations Center (SOC) monitoring and incident response
- Vulnerability management and remediation
- Security analysis, threat detection, or risk assessment

Knowledge, Skills and Abilities:

Strong understanding of cybersecurity principles, including defense-in-depth, least privilege, and risk-based security management
Experience with Security Information and Event Management (SIEM) platforms for monitoring, alerting, and incident investigation (e.g. Microsoft Sentinel)
Hands-on experience with Endpoint Detection and Response (EDR) tools for threat detection, containment, and response(Microsoft Defender foe Endpoint)
Proficiency in vulnerability management tools (e.g., Tenable)
Vulnerability scanning and configuration
Solid understanding of incident response lifecycle, including detection, analysis, containment, eradication, and recovery
Knowledge of networking fundamentals, including TCP/IP, DNS, firewalls, VPNs, and common attack vectors
Familiarity with operating systems:
Experience analyzing and interpreting security logs, system logs, and threat intelligence feeds
Understanding of cloud security concepts in environments such as Microsoft Azure, AWS, or hybrid infrastructure
Ability to apply cybersecurity frameworks and standards, including NIST Cybersecurity Framework and ISO/IEC 27001
Strong skills in risk analysis and prioritization, translating technical vulnerabilities into business impact
Basic scripting or automation knowledge (e.g., PowerShell, Python, or Bash) is a plus for improving efficiency and reporting.
Hands on experience with Azure Identity

Work Environment:

Office setting with a moderate noise level.
The employee will work at an individual workstation, using a telephone and computer.

Physical Demands:

Must be able to remain seated for extended periods.
Regular use of a computer and other office machinery, such as printers and copy machines.
Occasional movement around the office.
Frequent communication via telephone.

Neumo Summary:

With the backing of four decades of public sector expertise and corporate capability, Neumo has successfully supported government services. Neumo was honored and recognized for four (4) consecutive years as a GovTech 100 Company representing the top 100 companies focused on making a difference in and selling to state and local government agencies across the United States.

Neumo is committed to helping communities thrive and brings a wealth of experience combined with innovation. Today, Neumo offers more administrative and financial support to government officials than any other organization. And with a responsive, client-focused approach, we foster partnerships that give our customers the certainty they need to accomplish more.

Neumo offers a competitive benefits and compensation package and are looking for team members who will thrive in our dynamic environment.

Neumo is an Equal Opportunity Employer. Selection for a position will be made without regard to race, religion, national origin, sex, political affiliation, marital status, non-disqualifying physical handicap, and age.

Security Analyst (On-Site)

Job Description