Senior Security Analyst

About The Position

Requirements

• 4 years of experience and strong knowledge of back up services (cloud and physical).
• 6 years of experience working with information systems, computing, and networks.
• 6 years working knowledge of Windows, Linux, and MacOS CLI.
• Strong understanding and/or experience with NIST Cybersecurity Framework, Cybersecurity Policy Management, Security Information and Event Management (SIEM), vulnerability management, penetration testing, authentication methods, Identity and Access Management (IAM), anti-malware and malware analysis/remediation, Endpoint Detection Response (EDR/XDR), Intrusion Detection and Intrusion Prevention Systems (IDS/IPS), web application firewalls, File Integrity Monitoring (FIM), incident response/forensics, physical access controls and security best practices
• Understand security & policy configurations in Office 365.
• Ability to understand firewall and network configurations.
• Advanced understanding of Microsoft product suite; Microsoft certifications preferred.
• Understand infrastructure systems and components including networking, servers, authentication.
• Experience with cloud based systems, APIs, communication protocols, firewalls.
• Advanced experience with security systems, protocols, and standards.
• ISACA certifications preferred.
• Ability to work collaboratively as part of a team, and to interact effectively with colleagues, administrators, faculty, staff and students as well as external constituencies.
• Excellent written and verbal communication skills and a proactive mindset.
• Ability to a work a flexible schedule, including evenings.

Responsibilities

• Collaborate with University IT teams and departments to identify areas of risk to the organization and assist with reducing those risks to acceptable levels.
• Coordinate with systems administrators, developers, and other teams to embed best practices in design and development.
• Ensure network and computing systems devices are up to date with latest versions of software and patches.
• Ensure that all systems are resilient to cyber events using the Security Information and Event Management (SIEM) tool.
• Manage inbound and outbound security rules for email (filtering, whitelists, spam, etc.).
• Participate in quarterly audit reporting, including reports to leadership and external compliance entities.
• Conduct, monitor, evaluate, and report Key Performance and Key Risk Indicators (KPIs and KRIs) to provide leadership with accurate and timely information regarding the effectiveness of the information security strategy.
• Gather and analyze University data to ensure actionable information is available and responded to in accordance with defined SLAs.
• Communicate and promote the awareness of information security, information risk, and privacy to business units, customers, and partners.
• Build and maintain a comprehensive vulnerability testing and reporting schedule. This includes actively threat hunting to identify vulnerabilities within University assets and building a plan for remediation of vulnerabilities.
• Monitor, implement and enforce IT Security policies and procedures.
• May perform other duties and responsibilities that management may deem necessary from time to time.