IT Security Analyst

About The Position

Requirements

• A commitment to SHP’s mission and values.
• 3+ years of experience in IT security, cybersecurity operations, or related roles.
• Hands-on experience with Microsoft security tools (Defender, Sentinel, Intune, Entra ID/Azure AD, Purview).
• Strong understanding of identity management, endpoint protection, threat detection, and incident response.
• Familiarity with compliance frameworks (CIS Controls, ISO 27001, or similar).
• Excellent analytical and problem-solving skills; ability to communicate technical issues to non-technical audiences.

Nice To Haves

• Microsoft certifications such as SC-200 (Security Operations Analyst Associate), SC-300 (Identity & Access Administrator), AZ-500 (Security Engineer Associate), or MS-500 (Security Administrator).
• Experience supporting cybersecurity in nonprofit or resource-constrained environments.
• Knowledge of PowerShell scripting, KQL (Kusto Query Language), or automation in Microsoft Sentinel.
• Experience with vendor security assessments and SaaS risk management.

Responsibilities

• Lead Cybersecurity Strategy & Governance: Develop and execute a comprehensive security roadmap aligned with Zero-Trust principles, organizational goals, and regulatory frameworks (CIS, NIST, ISO 27001, GDPR, HIPAA, PCI DSS).
• Risk Management & Compliance: Maintain the enterprise risk register, conduct periodic risk assessments, and oversee remediation of identified vulnerabilities to strengthen resilience.
• Cloud & SaaS Security Oversight: Harden and manage Microsoft 365 tenant security (MFA, conditional access, DLP, encryption, data residency) and perform ongoing security reviews of third-party SaaS vendors and integrations (e.g., Salesforce).
• Endpoint & Remote Workforce Protection: Ensure secure device configurations, patch management, and endpoint compliance across a fully remote workforce.
• Threat Detection & Incident Response: Monitor, investigate, and respond to security alerts using Microsoft Sentinel and Defender; conduct root-cause analyses and coordinate cross-functional incident response and recovery.
• Vulnerability & Threat Management: Lead proactive testing (penetration, vulnerability, phishing simulations) and maintain continuous threat-intelligence monitoring.
• Security Architecture & Continuity Planning: Support data-protection, backup, and recovery strategies; participate in business-continuity and disaster-recovery planning and exercises.
• Policy, Documentation & Reporting: Maintain audit-ready security documentation; generate dashboards and KPIs that measure security posture, compliance, and incident trends.
• Training & Awareness: Develop and deliver cybersecurity training programs to promote a security-first culture and reduce organizational risk through education.
• Collaboration & Advisory Support: Partner with IT, Programs, and Operations to embed security in project design and technology adoption; advise on security implications of new initiatives.
• Other duties as identified given organizational needs.

Benefits

• Unlimited PTO
• Flexible schedules
• Paid holidays and 10 days sick leave
• Paid parental leave
• Health, dental, and vision
• Employer paid life insurance and short- and long-term disability
• 401k match
• Professional development stipend
• Wellness & mental health support
• Employer Paid Employee Assistance Program.
• Our organization operates within a distributed workforce, allowing for location flexibility across the country for most positions. We provide remote office support for all staff, which includes a laptop, home office reimbursement, monthly Wi-Fi reimbursement up to $40, and monthly cell phone reimbursement up to $50.