IT Security Analyst

Sandy Hook Promise

1d•Remote

About The Position

Sandy Hook Promise (SHP) is a national nonprofit organization dedicated to preventing school shootings and other acts of violence. Their mission is to educate and empower youth and adults through evidence-informed programs like Know the Signs, which teaches how to identify individuals at risk and seek help. SHP also advocates for school safety, youth mental health, and responsible gun ownership through policy and partnerships. The organization was founded by family members of victims of the Sandy Hook Elementary School shooting. SHP values belonging, community, engagement, and respect, actively seeking to create a diverse and inclusive work environment where all employees feel valued and heard. Most of their staff work remotely as they are a U.S. based organization. This role is for a proactive and detail-oriented IT Security Analyst with expertise in Microsoft security and compliance tools. The analyst will be crucial in strengthening their cloud-first environment, monitoring for threats, and improving prevention and detection capabilities. The position involves protecting organizational data and systems by implementing, monitoring, and enhancing cybersecurity controls across Microsoft 365, Salesforce, and other cloud platforms. Key responsibilities include threat detection, incident response, and ensuring regulatory compliance, all while adhering to Zero Trust principles and industry best practices. The analyst will collaborate with IT and Operations teams to manage endpoint security, conduct risk assessments, and ensure secure configurations for a fully remote workforce. The ideal candidate is collaborative, analytical, and motivated by the mission of securing a nonprofit organization in a dynamic, distributed setting.

Requirements

3+ years of experience in IT security, cybersecurity operations, or related roles.
Hands-on experience with Microsoft security tools (Defender, Sentinel, Intune, Entra ID/Azure AD, Purview).
Strong understanding of identity management, endpoint protection, threat detection, and incident response.
Familiarity with compliance frameworks (CIS Controls, ISO 27001, or similar).
Excellent analytical and problem-solving skills; ability to communicate technical issues to non-technical audiences.
Microsoft certifications: SC-200 (Microsoft Certified: Security Operations Analyst Associate), SC-300 (Microsoft Certified: Identity and Access Administrator Associate), SC-401 (Microsoft Certified: Information Security Administrator Associate).
Applicants must be based in the U.S.

Nice To Haves

MS-102 (Microsoft 365 Certified: Administrator Expert)
Experience supporting cybersecurity in nonprofit or resource-constrained environments.
Knowledge of PowerShell scripting, KQL (Kusto Query Language), or automation in Microsoft Sentinel.
Experience with vendor security assessments and SaaS risk management.

Responsibilities

Develop and execute a comprehensive security roadmap aligned with Zero-Trust principles, organizational goals, and regulatory frameworks (CIS, NIST, ISO 27001, GDPR, HIPAA, PCI DSS).
Maintain the enterprise risk register, conduct periodic risk assessments, and oversee remediation of identified vulnerabilities to strengthen resilience.
Harden and manage Microsoft 365 tenant security (MFA, conditional access, DLP, encryption, data residency) and perform ongoing security reviews of third-party SaaS vendors and integrations (e.g., Salesforce).
Ensure secure device configurations, patch management, and endpoint compliance across a fully remote workforce.
Monitor, investigate, and respond to security alerts using Microsoft Sentinel and Defender; conduct root-cause analyses and coordinate cross-functional incident response and recovery.
Lead proactive testing (penetration, vulnerability, phishing simulations) and maintain continuous threat-intelligence monitoring.
Support data-protection, backup, and recovery strategies; participate in business-continuity and disaster-recovery planning and exercises.
Maintain audit-ready security documentation; generate dashboards and KPIs that measure security posture, compliance, and incident trends.
Develop and deliver cybersecurity training programs to promote a security-first culture and reduce organizational risk through education.
Partner with IT, Programs, and Operations to embed security in project design and technology adoption; advise on security implications of new initiatives.
A commitment to SHP's vision and values.
Other duties identified as organizational needs.