About Crexi
Crexi is reimagining commercial real estate with an AI-powered platform built to deliver smarter, more efficient solutions at every stage of the deal lifecycle. From real-time data and market insights generated by Crexi Intelligence, to targeted property marketing and seamless deal management through Crexi PRO, and a transparent, time-bound bidding experience with Crexi Auction— Crexi enables users to evaluate opportunities, maximize exposure, and close with speed and confidence. To date, Crexi has facilitated over $1 trillion in transactions, 8.6 billion square feet leased, and supports a growing community of more than 2 million monthly active users.
Crexi’s mission is to catalyze the next generation of commercial real estate through three core pillars: Access, Innovation, and Connection. Crexi’s platform democratizes CRE by providing unprecedented access to market insights and opportunities, accelerates CRE dealmaking with purpose-built technology that enhances speed and transparency; and empowers CRE professionals with a centralized platform designed for real-time collaboration and success.
About This Role:
The Senior Security Operations Analyst is Crexi’s primary internal security practitioner, responsible for day-to-day security operations, threat detection and response, and maintaining a strong security posture across the organization. Reporting to the Director, Information Technology, this role serves as the internal first line of defense for security events, protecting company systems, endpoints, identities, and data against evolving threats.
What You’ll Do
- Monitor and triage security alerts, serve as the first internal escalation point for managed SOC vendors, investigate flagged incidents, and maintain accurate, timely incident logs.
- Manage endpoint security tooling, administer EDR and MDM platforms, enforce policy compliance across employee devices, and remediate vulnerabilities identified through scans or alerts
- Owns identity and access management (IAM) policy, access review design and audit reporting.
- Run the phishing simulation and security awareness program, schedule and manage campaigns, track completion rates, report results to leadership, and follow up with repeat offenders or high-risk user groups.
- Support SOC 2 evidence collection, pull logs, screenshots, and control artifacts on a recurring cadence to support corporate-side controls for audit and compliance readiness.
- Maintain security documentation, keep runbooks, incident response procedures, and access control policies current, accurate, and accessible.
- Partner with IT and engineering on security architecture reviews, vulnerability management, and secure configuration standards to reduce attack surface.
- Support vendor and third-party security assessments, including reviewing security questionnaires and tracking remediation commitments.
- Track and report key security metrics, alert volumes, mean time to respond, endpoint coverage, phishing click rates, and open vulnerabilities, on a recurring basis to the Director, IT.
- Leverage AI-assisted threat detection and SIEM analytics to improve alert fidelity, reduce noise, and surface high-priority incidents faster.
- Evaluate and pilot AI-powered security tools (e.g., AI-assisted SOAR, behavioral anomaly detection) to augment manual investigation workflows and accelerate response.
- Performs other duties as assigned.
Who You Are
- Strong working knowledge of security operations concepts: threat detection, incident response, vulnerability management, and identity and access control.
- Hands-on experience with EDR platforms (e.g., CrowdStrike), MDM tools, and SIEM or log management platforms.
- Working knowledge of IAM principles and tools (e.g., Azure AD / Entra ID), including SSO, SCIM, and privileged access management.
- Familiarity with SOC 2 trust service criteria and the practical evidence collection requirements for a corporate IT environment.
- Strong written communication skills, able to produce clear incident reports, runbooks, and executive-facing security summaries.
- Detail-oriented and organized, with the ability to manage multiple open incidents, tasks, and recurring compliance obligations simultaneously.
- Collaborative approach to working with cross-functional stakeholders including IT, engineering, legal, and HR.
- Self-starter who operates with a high degree of ownership and escalates appropriately when uncertainty or risk warrants it.
- Familiarity with AI/ML-assisted security tooling and an understanding of how AI both augments defensive capabilities and introduces new risk vectors to the environment.
Qualifications:
- Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field preferred; equivalent professional experience considered.
- 5–8 years of experience in a security operations, IT security, or similar hands-on role.
- Hands-on experience supporting compliance frameworks, particularly SOC 2; familiarity with control evidence collection and audit preparation.
- Security certifications preferred, e.g., CompTIA Security+, GCIA, GCIH, SSCP, or equivalent.
- Experience working in cloud environments (AWS, Azure) with an understanding of cloud security fundamentals.
- Experience with AI-powered security tools, SOAR platforms, or automated threat detection workflows is a plus.
Why Crexi?
- Rapidly growing startup with a dynamic work environment
- Flexible team structure with the ability to progress in career
- Health, Dental, and Vision insurance
- Collaborative culture and numerous team activities
The California base pay range for this position is $148,000-$201,000 per year with eligibility for generous bonus, equity, and healthcare insurance. The total compensation package offered to a successful candidate will depend on several factors, which may include, but are not limited to, the type and length of experience applicable to the role and within the industry, job-related skills, job level, and geographic location. Commercial Real Estate Exchange, Inc (“Crexi”) is a multi-state employer, and this salary range may not reflect positions that work in other states.
Crexi is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Crexi will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.