Senior Cybersecurity Analyst (SY25-26)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a closely related field.
• Five (5) or more years of progressively responsible experience in cybersecurity, information security, or IT security operations, including experience in a senior or lead technical role.
• Demonstrated hands-on experience securing both network infrastructure and end-user devices, including: Firewalls and network security appliances.
• Endpoint protection and endpoint detection and response (EDR) tools
• Antivirus and anti-malware solutions
• Experience monitoring, investigating, and responding to cybersecurity incidents, threats, and vulnerabilities using security monitoring tools and established response procedures.
• Strong working knowledge of Zero Trust Architecture (ZTA) concepts, including identity-based access, least-privilege access, and continuous verification.
• Experience managing secure remote access technologies, including multi-factor authentication (MFA), endpoint posture validation, and role-based access controls.
• Experience administering and maintaining enterprise-level content filtering solutions, including configuration, policy enforcement, reporting, and compliance monitoring.
• Knowledge of Children’s Internet Protection Act (CIPA) requirements and experience supporting compliance through technical controls and reporting.
• Experience administering Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platforms for large device fleets (e.g., Chromebooks, laptops, tablets, desktops).
• Ability to develop, document, and enforce cybersecurity policies, standards, procedures, and technical controls.
• Strong analytical, troubleshooting, documentation, and communication skills, with the ability to translate technical security issues into clear guidance for non-technical stakeholders.

Nice To Haves

• Master’s degree in Cybersecurity, Information Assurance, Risk Management, Public Administration, or a related field.
• Experience working in a K–12 school district, higher education, or public-sector environment, particularly in large, distributed organizations.
• Advanced experience implementing or operating Zero Trust Network Access (ZTNA) solutions or modern VPN alternatives.
• Familiarity with cybersecurity frameworks and standards, including: NIST Cybersecurity Framework (CSF) CIS Critical Security Controls Zero Trust maturity models
• Experience generating and analyzing security, compliance, and usage reports to identify trends, risks, and policy violations.
• Experience collaborating with instructional technology, educational technology, or academic stakeholders to balance security requirements with instructional access.
• Professional cybersecurity certifications such as CISSP, GIAC, CEH, CySA+, Security+, or equivalent, or the ability to obtain certification within a specified period.
• Experience mentoring staff, serving as a senior technical escalation point, or providing cybersecurity guidance across teams.

Responsibilities

• Network and Endpoint Security Management Design, implement, and maintain security policies, standards, and procedures for the district's network and end-user devices.
• Monitor security systems for threats, vulnerabilities, and incidents. Respond to and resolve all detected security events promptly and effectively.
• Manage and configure firewalls, intrusion detection/prevention systems (IDS/IPS), and other network security appliances.
• Oversee antivirus/anti-malware solutions and endpoint detection and response (EDR) tools on all managed devices.
• Manage, configure, and maintain the secure remote access infrastructure, adhering strictly to the Zero Trust Architecture (ZTA) / Zero Trust Framework principles.
• Implement and enforce "Never Trust, Always Verify" policies, requiring continuous, risk-based verification for every user and device accessing district resources.
• Replace or augment traditional VPN functionality with solutions that provide granular, least-privilege access (Zero Trust Network Access - ZTNA), ensuring users and devices connect only to the specific applications or resources necessary for their role.
• Mandate and manage Multi-Factor Authentication (MFA) for our users, especially for all remote access and key administrative systems Develop, document, and automate clear procedures for the provisioning, continuous monitoring, and secure revocation of remote access based on user role and device posture.
• Monitor and validate the security posture and compliance of all connecting endpoints (e.g., up-to-date patches, EDR/AV status) before granting access.
• Administer, configure, and fine-tune the district’s enterprise-level content filtering platform (DNS-based, proxy, or cloud-based).
• Ensure the content filtering solution is continuously maintained and compliant with the Children's Internet Protection Act (CIPA) and all other federal, state, and district-specific acceptable use policies for students and staff.
• Develop and manage granular filtering rules (category, keyword, and URL-based) that balance security with necessary educational access and instructional needs.
• Manage the process for reviewing and responding to user requests for website unblocking or categorization adjustments, ensuring a quick turnaround for instructional continuity.
• Monitor, analyze, and generate detailed compliance and usage reports on internet activity, identifying trends, potential policy violations, and high-risk usage patterns.
• Work collaboratively with educational technology staff to test and validate filtering policies on various district devices and grade levels.
• Administer the Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platform for all district-owned devices (e.g., Chromebooks, laptops, tablets, and desktops).
• Perform secure device provisioning, configuration, deployment, and lifecycle management.
• Ensure all endpoints are properly patched, configured with mandated security controls, and inventoried.
• Collaboration and partnership with the City of Boston’s Cybersecurity and I.T. teams
• Other duties as assigned