Senior Information Security Analyst
Serving the needs of all families with young children, Carter’s Inc. is the largest North American apparel retailer exclusively for babies and young children, encompassing Carter’s, OshKosh B’gosh, Skip*Hop and Little Planet brands. Meaningful work, constant learning, genuine people, and a community guided by core values that promote inclusion and innovation is in everything we do. There are many reasons to build your career at Carter's.
How you’ll make an impact:
The Senior Security is a member of the IT Security team reporting to the Sr. Manager, IT Security. Security Senior Analyst are primarily focused on leading complex investigations, driving departmental improvement efforts on monitoring, detecting, administration, or responding to security events and threats across the organization. Working under general supervision, this role exercises considerable independent judgment and takes ownership of advanced cyber security activities. The Senior Analyst is a key technical contributor and a bridge between operational execution and strategic security initiatives. This position could also serve as a foundation for building deeper expertise in various other security domains.
Key Responsibilities
Depending on the needs of the department, the duties of this role could include:
Security monitoring & day-to-day operations (30%)
- Day-to-day information security analysis across events, alerts, and threats
- Supporting the security manager with vulnerability, alert, and incident oversight
- Staying current on the threat landscape and zero-day vulnerabilities
- Translating threat intelligence into actionable detection and defense improvements
- Reporting, Metrics and dashboarding
Vulnerability & risk management (20%)
- Leading threat & vulnerability management (TVM) activities
- Risk prioritization, remediation tracking, and stakeholder reporting
- Representing the security team in audits and regulatory compliance activities
- Contributing to security policy, standards, and procedure development
Incident response & digital forensics (15%)
- Leading investigation and response to high-severity and complex security incidents
- Driving containment through post-incident review and lessons learned
- Performing digital forensic investigations on endpoints, servers, and cloud environments
- Conducting static and dynamic malware analysis to understand attacker TTPs
Threat detection & hunting (15%)
- Proactive threat hunting using behavioral analytics and hypothesis-driven methodologies
- Developing and maintaining threat models for critical business systems and data assets
- Mentoring and coaching junior analysts on threat analysis and detection techniques
Security engineering & architecture (20)%
- Collaborating with IT, DevOps, and business teams to integrate security into system design
- Evaluating and recommending new security technologies, tools, and vendors
- Participating in proof-of-concept testing for new security solutions
Physical Demands
- Sitting-Frequently (activity or condition exists up to 1/3 of time)
Travel Requirements
- Open-to-travel between various Carter's offices (Buckhead, warehouses, international offices, etc.) and other locations (QTS datacenter, Irving, Retail stores, vendor sites, etc.) as needed.
We’d Love to hear from you if: (Requirements section)
Must have:
- 2+ years of IT, IT Audit, IT Networking or Network security experience
- Ability to professionally communicate, verbally and in writing
- Ability to meet deadlines and work with management across various disciplines
- A collaborative team player spirit willing to learn and adapt
- Ability to perform on-call duties during off-hours and holidays
- An adaptable and flexible attitude towards changing business needs
Preferred skills and experience:
- Experience with endpoint configurations and/or security.
- Knowledge of application security concepts and secure SDLC practices.
- Experience with red team or penetration testing activities.
- Proficiency with log analysis at scale and big data security analytics.
- Exposure to regulatory compliance frameworks (PCI DSS, HIPAA, SOC 2, GDPR).
- Experience in a cloud-native or hybrid-cloud enterprise environment.
- Experience with one or more security domain
- Bachelor’s degree in computer science or related field
- Security +, ISC2 CC, CompTIA A+, CompTIA Network +, SSCP or CCT certifications
Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.