Help Desk + Security Analyst

Help Desk + Security Analyst Employment: Full-time, W-2 employee of our Winchester, Virginia-based client Location: Winchester, VA. On-site at the CPA firm (160 Exeter Drive) 2-3 days per week closer to 3. Remote the remainder. Reports to: The security team of our Winchester, Virginia-based client; coordinates day-to-day with the CPA firm's IT and security leadership Compensation: Base salary $62,000-$67,000, commensurate with experience About the engagement We are recruiting on behalf of our Winchester, Virginia-based client for a hybrid Help Desk + Security Analyst role embedded inside their anchor CPA firm engagement. Time splits roughly 50/50: half supplementing the CPA firm's internal help desk, half working as a security analyst inside the security program our client manages on the firm's behalf. The hire is our client's hands-on presence in the CPA firm's office. This is a strong seat for someone who wants to grow into deeper security work without giving up the IT generalist skills that keep them sharp and useful. Responsibilities Help Desk (~50%) Tier 1 / Tier 2 end-user support: workstations, accounts, productivity software, common application issues Microsoft 365 administration (Exchange Online, Teams, SharePoint, Entra ID basics) Hardware support, imaging, and provisioning alongside the CPA firm's IT team Ticket queue ownership and triage Security (~50%) Vulnerability management: scan operations, finding triage, remediation tracking with IT and end users Phishing simulation campaigns: planning, deployment, reporting, follow-up training Security ticket triage and investigation (EDR alerts, email security, identity) Incident response support under the senior leadership of our Winchester, Virginia-based client Routine hygiene: access reviews, configuration checks, hardening tasks Required Experience 2-4+ years across IT support / help desk / junior SOC or security analyst work (any combination) Strong Microsoft 365, Azure, and Windows endpoint fundamentals Familiarity with vulnerability scanning workflows not an expert, but knows what a CVSS score is and how to drive a fix Solid customer service instincts: patient, professional, willing to help Lives within reliable commuting distance of Winchester, VA, and can be on-site 2-3 days per week Preferred Experience Security+, Network+, or equivalent certifications Experience with EDR platforms (Microsoft Defender, SentinelOne) Prior exposure to phishing simulation tools (KnowBe4, etc.) Curiosity about offensive security there is real room to grow toward pentest and red-team adjacent work over time Compensation Base salary $62,000-$67,000, commensurate with experience Full benefits: medical, dental, vision, and 401(k) with employer match Paid time off and supported professional development