Support Analyst I - Security

Summary

The Support Analyst I with Security focus plays a critical role in providing frontline technical support and customer service while actively supporting the organization's cybersecurity posture. Supporting a medium-sized enterprise with over 30 subsidiaries under a shared IT service model, this role serves as the primary point of contact for employees experiencing IT-related issues. In addition to troubleshooting hardware, software, access, and connectivity problems, the analyst assists with security monitoring, secure account handling, risk awareness, and escalation of potential security incidents. Success in this role requires meeting ITIL KPIs, knowledge sharing, strong communication skills, a customer-first mindset, and an interest in cybersecurity and continuous learning.

Key Responsibilities

Customer Support and Service Delivery

Serve as the first point of contact for inbound IT support requests via ticketing system, phone, and remote support tools.

Troubleshoot and resolve hardware, software, network connectivity, access, and endpoint issues.

Document incidents, service requests, and resolutions in the IT Service Management (ITSM) platform.

Communicate clearly with users regarding request status, resolution steps, and ETAs.

Escalate thoroughly documented tickets and resolve within Service Level Agreements (SLA).

Meet defined service metrics including Mean Time to Resolution, first contact resolution, and customer satisfaction.

Empower users with KB documentation and share knowledge with the IT team to operationalize the support of our technologies and processes.

Support onboarding and offboarding processes, as well as other routine operational tasks.

Maintain accurate documentation of IT assets, support procedures, and troubleshooting steps.

Provide data and insights to support trend analysis, coaching, and service improvement efforts.

Security and Risk Awareness

Assist with monitoring and triaging security alerts from endpoint protection, email security, identity, and monitoring tools.

Assist with delivery of security awareness activities such as phishing follow-ups and onboarding guidance.

Perform secure account management tasks including password resets, MFA support, and access validation.

Support patching activities, vulnerability remediation efforts, and routine audit evidence collection.

Apply least privilege and security-by-design principles when resolving end-user issues.

Reinforce data privacy, acceptable use, and security best practices during user interactions.

Incident and Operations Support

Identify and escalate suspected security incidents, phishing attempts, or anomalous behavior following defined procedures.

Participate in incident response activities for high-priority outages or security-related events.

Coordinate support with escalation teams, security staff, and vendors as required.

Monitor systems and dashboards for alerts or anomalies and notify appropriate stakeholders.

Identify recurring issues and contribute to continuous improvement of IT and security processes.

Required Skills and Qualifications

Soft Skills

Excellent written and verbal communication skills.

Strong customer service orientation and ability to explain technical concepts to non-technical users.

Ability to prioritize work, manage time effectively, and remain composed in high-volume environments.

Adaptability and willingness to learn new technologies and security practices.

Collaborative team player with strong problem-solving abilities.

Technical Skills and Experience

1-2 years of experience in a help desk, technical support, internship, or equivalent IT environment.

Working knowledge of Windows desktop environments, Microsoft 365, and identity platforms (Active Directory or Entra ID).

Knowledge of cybersecurity concepts including MFA, data privacy, and endpoint security.

Familiarity with NIST 800-171, NIST CSF, CIS Controls, and the MITRE ATT&CK knowledge base.

Scripting exposure in PowerShell or Python.

Demonstrated interest in cybersecurity, shown through cybersecurity training like: cybersecurity college coursework, TryHackMe or Hack The Box progression, or documented participation in CTF events or security clubs.

Exposure to SIEM platforms, EDR tools, and ticketing systems such as ServiceNow, Freshservice, or HaloITSM.

Educational Requirements

Associate degree in Information Technology, Computer Science, Cybersecurity, or related field.

Relevant completed or actively pursued certifications such as CompTIA Network+ or Security+.