Security Analyst

At Morgan & Morgan, the work we do matters. For millions of Americans, we’re their last line of defense against insurance companies, large corporations or defective goods. From attorneys in all 50 states, to client support staff, creative marketing to operations teams, every member of our firm has a key role to play in the winning fight for consumer rights. Our over 6,000 employees are all united by one mission: For the People.

Security Analyst  This is an ON-SITE ROLE

Tampa, Florida, United States  

Summary

We are seeking a highly motivated and skilled Security Analyst to join our cybersecurity team.  This role will support employees and partners in all time zones and may require off hours support.  The successful candidate will be responsible for providing cybersecurity support via phone calls, email, and chat. The Security Analyst will respond to inquiries, troubleshoot problems, and provide resolution or escalation as required.

Responsibilities

• Monitor Internal Security Systems: Actively monitor security alerts and events using the firm's Security Information and Event Management (SIEM) platform, analyzing data from Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), Email Security Gateway(s), Identity and Access Management (IAM) systems, Secure Web Gateway(s) (SWG), firewalls, and other internal security tools.
• Manage Third-Party SOC Alerts: Receive, acknowledge, and validate security alerts and escalations from the firm's third-party Security Operations Center (SOC), correlating external alerts with internal security telemetry (logs and events from SIEM, EDR, network, identity systems, etc.) to confirm threats and initiate response.
• Email Threat Analysis & Release (Primary Duty): Review and meticulously analyze emails quarantined by the firm's email security systems upon user request for release. Assess legitimacy, identify malicious indicators, and make informed decisions to safely release or block messages.
• Alert Triage & Correlation: Triage and analyze security alerts from internal systems and the third-party SOC. Correlate alerts across diverse systems, including identity threats (from IAM and ITDR solutions), endpoint events (from EDR solutions), and network traffic (from SWG and firewalls), to identify attacks and policy violations.
• Incident Handling & Response: Serve as a key member of the incident response team, initiating response based on validated alerts. Utilize Security Orchestration, Automation, and Response (SOAR) platforms, EDR capabilities, and IAM systems for containment (e.g., disabling accounts, isolating endpoints), eradication, and recovery. Document all incident handling steps.
• Incident Investigation: Conduct detailed investigations into security incidents, leveraging data from SIEM, EDR, SWG, IAM, and other relevant security logs to determine scope, impact, and root cause.
• Vulnerability Management Support: Analyze vulnerability data from the firm's vulnerability management platform(s); assist in prioritizing and tracking remediation efforts with relevant IT teams.
• Threat Intelligence Awareness: Stay informed about emerging cybersecurity threats and vulnerabilities relevant to the legal sector and the firm's technology stack.
• Collaborate for Security Enhancement: Partner with relevant IT teams (Infrastructure, Networking, Applications, etc.) and business departments to advise on and assist with the implementation of enhanced security controls, configurations, and processes across the firm's infrastructure and applications.
• User Interaction & Support: Assist employees and business partners regarding security inquiries or processes (like email release requests) via appropriate channels (email, chat, phone) in a timely and professional manner, maintaining a high level of customer satisfaction.
• Documentation: Maintain accurate and detailed documentation for security incidents, investigations, analysis decisions, and procedures.
• Perform other duties as assigned.

Requirements

• Proven experience with core security technologies, including Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Email Security Gateways, Secure Web Gateways (SWG)/Web Security Proxies, Identity and Access Management (IAM), and Vulnerability Management tools in a midsize or enterprise environment. Strong familiarity with integrated enterprise security suites and cloud-native security tools is highly desirable.
• Equivalent of 1-2 years of experience in a Security Operations Center (SOC), Incident Response, or technical Helpdesk/Service Desk role with a security focus.
• Fundamental understanding of networking concepts (TCP/IP, DNS, HTTP/S) and operating systems (Windows/MAC).
• Basic knowledge of identity management concepts (e.g., Directory Services, Cloud IAM).
• Strong analytical and problem-solving skills with excellent attention to detail.
• Ability to correlate security events from multiple sources.
• Excellent communication skills (written and verbal) and professionalism.
• Self-motivated, action-oriented, and driven to learn continuously.
• Must embody trust, dignity, integrity, and accountability.
• Ability and willingness to work hours aligned with supporting the Pacific time zone.
• (Note: While specific certifications are listed as preferred, holding relevant industry certifications demonstrates a strong foundational knowledge highly valued for this role.)

Preferred Qualifications

• Hands-on experience with SIEM platforms, integrated EDR/ITDR/Email Security suites, cloud IAM solutions, and Secure Web Gateway technologies.
• Experience analyzing quarantined emails and identifying phishing/malware indicators.
• Experience responding to alerts from an MSSP or third-party SOC.
• Experience with enterprise-grade vulnerability management platforms.
• Familiarity with security frameworks such as NIST CISv8 or ISO 27001/27002.
• A demonstrated commitment to continuous learning and staying current with evolving cybersecurity threats, tactics, techniques, procedures (TTPs), and technologies.
• Relevant cybersecurity certifications are highly preferred. CompTIA Security+, CompTIA CySA+; Microsoft certifications like SC-200 (Security Operations Analyst) or AZ-500 (Azure Security Engineer); (ISC)² SSCP; or equivalent practical experience will also be strongly considered.

Key Technologies Currently in Use

• This section lists the primary tools currently deployed within our environment to fulfill the capabilities described above. While direct experience with these specific products is beneficial, the core requirement is proficiency in the underlying security concepts and functions. This list may evolve as our technology stack changes.
• SIEM / SOAR: Microsoft Sentinel
• Endpoint Detection & Response (EDR): Microsoft Defender for Endpoint
• Identity & Access Management (IAM) / Identity Threat Detection: Microsoft Azure Entra ID, Microsoft Defender for Identity
• Email Security: Microsoft Defender for Office 365
• Secure Web Gateway (SWG): Zscaler Internet Access
• Vulnerability Management: Microsoft Defender Vulnerability Management (among other potential tools)

#LI-MB1

Benefits

Morgan & Morgan is a leading personal injury law firm dedicated to protecting the people, not the powerful. This success starts with our staff.  For full-time employees, we offer an excellent benefits package including medical and dental insurance, 401(k) plan,  paid time off and paid holidays.

Equal Opportunity Statement

Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

E-Verify

This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the I-9 Form.   

Privacy Policy

Here is a link to Morgan & Morgan's privacy policy.