ForgePath Security IT Security Analyst Remote · Full time Company website

Apply for IT Security Analyst

Founded in 2023, ForgePath Security is a cybersecurity and IT services consultancy that helps small and mid-sized organizations, especially in regulated, professional-services industries reduce risk and stay compliant. We deliver a full suite of cybersecurity coverage including virtual CISO programs, penetration testing, and managed security operations through a small, senior, fully distributed team. We're growing deliberately, and we build roles that give people real ownership and a genuine path to go deeper in security.

What you'll do

Help desk (~50%)

• Tier 1 / Tier 2 end-user support: workstations, accounts, productivity software, common application issues
• Microsoft 365 administration (Exchange Online, Teams, SharePoint, Entra ID basics)
• Remote endpoint provisioning and support workflows, coordinating with the client's on-site staff for physical hardware tasks
• Own and triage the ticket queue

Security (~50%)

• Vulnerability management — own the operational program end to end: scan operations, finding triage, prioritization, remediation tracking with IT and end users, and reporting
• Third-party / vendor risk reviews: send, track, and coordinate vendor review questionnaires; perform first-pass analysis against established criteria; draft initial vendor review reports for senior review
• Risk assessment support: evidence gathering, control verification, asset and system documentation, and interview coordination under vCISO direction
• Phishing simulation campaigns: planning, deployment, reporting, follow-up training
• Security ticket triage and investigation (EDR alerts, email security, identity)
• Incident response support under ForgePath senior leadership
• Routine hygiene: access reviews, configuration checks, hardening tasks

What we're looking for

• 2–4+ years across IT support / help desk / junior SOC or security analyst work (any combination)
• Strong Microsoft 365 and Windows endpoint fundamentals
• Familiarity with vulnerability scanning — you don't need to be an expert, but you should know what a CVSS score is and how to drive a fix
• Strong written communication — you'll be drafting vendor review reports and remediation summaries that leadership reads
• Solid customer-service instincts: patient, professional, and willing to help
• Organized and self-directed enough to run recurring programs (scans, questionnaires, campaigns) without daily oversight

Nice to have

• Security+, Network+, or equivalent certifications
• Experience with EDR platforms (Microsoft Defender, CrowdStrike, SentinelOne)
• Exposure to third-party / vendor risk management or GRC work (questionnaires, SOC 2 report review, risk registers)
• Exposure to phishing-simulation tools (KnowBe4, Hoxhunt, etc.)
• Curiosity about offensive security — there's real room to grow toward pentest and red-team-adjacent work over time
• A genuine interest in security research and the wider community, such as digging into new vulnerabilities and security news and writing them up. We love people who would want to publish blog posts or research to benefit the security world.

Perks

• Full benefits: medical, dental, vision, and 401(k) with employer match
• Paid time off and ForgePath-supported professional development
• Mentorship from ForgePath's security team and a real path to grow into deeper security work