AVP, Information Security Analyst

Overview: The AVP Security Analyst is a mid-level role within TCW's Information Security team, with a strong focus on vulnerability management and cloud security (Azure). The team is responsible for safeguarding the confidentiality, integrity, and availability of the firm's data and technology assets through proactive monitoring, response, and the continuous improvement of information security controls and processes. The AVP will play a key role in strengthening the firm's security posture by driving vulnerability management activities, advancing Azure security controls, and collaborating with both technology and business teams to reduce risk across the enterprise.

Purpose: The AVP Security Analyst will support and lead the enhancement of TCW's information security operations by managing the vulnerability lifecycle, analyzing and assessing threats, and contributing to cloud and enterprise incident response activities. The AVP will work closely with experienced security professionals and cross-functional partners to identify risks, validate security events, and coordinate remediation efforts. This position requires strong technical expertise, hands-on experience with cloud security and vulnerability management, and the ability to operate effectively in a dynamic, regulated environment.

Lead the full vulnerability management lifecycle (scanning, assessment, prioritization, reporting, and remediation) across cloud and on-prem environments.
• Support and enhance asset discovery and management by leveraging tools such as Armis to ensure complete visibility of cloud, on-prem, and hybrid assets, enabling more effective vulnerability management, threat detection, and incident response.
• Implement, monitor, and improve Azure-native security controls, including identity, workload, and data protection, as well as CSPM and CNAPP tooling for cloud risk management.
• Investigate, validate, and escalate suspicious or anomalous activity through available tools and telemetry.
• Provide strong support for incident response, including investigation, containment, remediation, and lessons learned across the lifecycle of security incidents
• Manage and optimize SIEM and SOC operations, including detection engineering, correlation rules, alert handling, and escalation processes (Microsoft Sentinel preferred).
• Configure, manage, and maintain EDR capabilities to ensure effective endpoint visibility, protection, and response.
• Conduct technical and practical threat hunting in Azure and hybrid environments to proactively detect and mitigate risks.
• Utilize basic scripting/querying skills (KQL, PowerShell, Python) to support investigations, analysis, and automation efforts.
• Partner with infrastructure, application, and cloud teams to assess existing controls and implement security improvements.
• Participate in regular security operations reviews and recommend improvements to processes, tools, and controls.
• Stay current on evolving cloud security risks, vulnerability trends, and attack techniques, with emphasis on Azure.
• Perform other security-related duties as assigned.

• Minimum of 5 years of experience in Information Security, with at least 3 years of in-depth experience with vulnerability management, cloud security, and/or security operations.
• Strong hands-on experience with cloud security (azure preferred), including policy enforcement, identity and access management, and secure configurations.
• Proven track record with vulnerability scanning tools (e.g., Defender, Qualys, Tenable, Vipr) and the ability to drive remediation programs across enterprise environments.
• Hands-on experience with SIEM/SOC operations (Microsoft Sentinel preferred), including detection engineering and event analysis.
• Experience with EDR platforms, including configuration, management, and optimization of endpoint security capabilities.
• Experience with asset management platforms (e.g., Armis, Axonious, ServiceNow CMDB, or similar) and applying asset intelligence to support security operations.
• Solid understanding of incident response methodologies, threat detection, and cloud-native attack vectors.
• Strong analytical skills with ability to identify root causes and provide actionable, risk-based recommendations.
• Excellent written and verbal communication skills, including clear documentation of investigations and outcomes.
• Ability to work independently and collaboratively with technical and non-technical stakeholders.
• Comfortable managing multiple priorities in a fast-paced, evolving environment.

• Bachelor's degree in Information Security, Computer Science, Information Systems, or related field or equitable working experience.
• Familiarity with threat modeling frameworks (e.g., MITRE ATT&CK).
• Knowledge of security frameworks (e.g., NIST, ISO, CSA).
• Proficiency with scripting/querying (e.g., KQL, PowerShell, Python) for analysis and automation.
• Certifications such as Security+, CySA+, CEH, GCIA, GSEC, AZ-500, SC-200, CISSP, CISM, GCIH or equivalent

This role requires candidates to work from a TCW office a minimum of four days a week. Flexibility for remote work is offered on one day, depending on business needs.

Estimated Compensation:

Base Salary: For a CA based position, the base salary is $135-150K.

Other Compensation:In addition to the base salary, this position will be eligible to be considered for an annual discretionary bonus.

Benefits: Eligible for TCW's comprehensive benefits package. See more information here.

#LI-JS1