Information Security Analyst (Information Security Analyst II)

About The Position

Requirements

• An equivalent to a bachelor's degree in a related field and two years of relevant experience. Additional experience which demonstrates acquired and successfully applied knowledge and abilities shown above may be substituted for the required education on a year-for-year basis. An advanced degree in a related field may be substituted for the required experience on a year-for-year basis.
• Experience with Windows endpoint management and automation tools (e.g., scripting, device management platforms, provisioning solutions).
• Knowledge of Windows endpoint configuration and policy management (e.g., Group Policy or similar tools).
• Experience supporting Windows system updates, patch management, and endpoint security tools (e.g., antivirus, EDR).
• Familiarity with Windows-based enterprise identity and access management systems (e.g., Active Directory or similar).
• Ability to translate technical requirements into actionable security and operational tasks.
• Working knowledge of common cybersecurity frameworks and standards (e.g., PCI-DSS, CIS Controls, NIST).
• Strong problem-solving skills with the ability to manage and prioritize multiple technical tasks.
• Effective communication skills with the ability to collaborate across technical and non-technical teams.

Nice To Haves

• Preferred experience supporting Jamf or similar endpoint management platforms and third-party application patching systems.
• Preferred experience with vulnerability management processes, including validation, remediation coordination, and exception handling.
• Preferred experience with endpoint security operations, including incident triage, evidence preservation, and ticket/workflow management.
• Preferred familiarity with endpoint security baselines/benchmarks and applying configuration hardening at scale, along with the ability to report on metrics and communicate findings to varied audiences.

Responsibilities

• Endpoint Security & System Protection Implement, manage, and continuously improve endpoint security controls across university devices.
• Monitor and strengthen protections such as malware defense, system configurations, and access controls.
• Partner with IT teams to deploy secure solutions that balance security with operational needs.
• Vulnerability Management & Compliance Conduct vulnerability scans, assess risks, and coordinate timely remediation efforts.
• Manage patching processes and ensure systems meet security and compliance standards.
• Monitor and report on system compliance, identifying and addressing gaps.
• Security Monitoring & Incident Response Analyze security alerts and logs to detect, investigate, and respond to potential threats.
• Support incident response efforts, including containment, documentation, and follow-up actions.
• Help improve response procedures and security playbooks.
• Reporting, Documentation & Collaboration Develop dashboards and reports to communicate security posture and trends.
• Maintain documentation to support audit readiness and operational continuity.
• Provide guidance to campus stakeholders on secure practices and data protection.
• Governance & Risk Support Contribute to security standards, risk assessments, and compliance initiatives.
• Support audit processes and ensure alignment with CSU and regulatory requirements.

Benefits

• Generous Time Off : 15 paid holidays, vacation, and sick leave.
• Retirement : CalPERS pension plan with retiree healthcare, and reciprocal agreements with other California public retirement systems, including the UC.
• Health Coverage : Medical, dental, and vision options at low or no cost.
• Education Support : CSU tuition fee waiver for employees and eligible dependents.
• Optional Offerings : FlexCash, life and disability insurance, legal and pet plans.
• Campus & Community : Access to the library, campus events, employee groups, and volunteer and social activities.