Senior Information Security Analyst

About The Position

Requirements

• Bachelor's degree in computer science, information technology, cybersecurity, or related field AND Five (5) years of current work experience in cybersecurity engineering or related field
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or GIAC Security Expert (GSE) preferred
• Advanced knowledge of network security principles, firewalls, and intrusion detection/prevention systems (IDS/IPS)
• Extensive experience with common vulnerability assessment tools (e.g., Nessus, Nmap)
• Strong quantitative and qualitative analytical abilities
• Excellent communication, collaboration, and teamwork abilities
• A combination of education and experience may be substituted for requirements of the position

Nice To Haves

• 5+ years cybersecurity experience
• CISSP/CISM/GIAC preferred
• SIEM, incident response, vulnerability management
• Experience with NIST/CIS frameworks
• Higher ed/public sector preferred

Responsibilities

• Leads operational tasks, incident response, and troubleshooting within the Office of Information Security.
• Provides expert-level guidance, training, and leadership to Information Security Office team members.
• Utilizes security tools and technologies including firewalls, IDS/IPS, SIEM, antivirus solutions, and encryption.
• Monitors security systems and promptly responds to security incidents, including incident triage, containment, eradication, and recovery efforts.
• Designs, implements, and maintains cybersecurity solutions such as firewalls, IDS/IPS, SIEM, endpoint protection, access management, and encryption technologies.
• Analyzes security logs, event data, and network traffic to identify and investigate potential security incidents and role discovery.
• Conducts security risk assessments and audits to identify vulnerabilities and recommend remediation measures.
• Performs security assessments of third-party vendors and service providers to ensure compliance with security requirements.
• Participates in incident response exercises, tabletop simulations, and security awareness campaigns.
• Develops and enforces security policies, procedures, and standards to ensure compliance with regulations and best practices.
• Collaborates with IT teams to integrate security controls into software and infrastructure projects.
• Engages with business users to understand application data needs and prioritize requirements.
• Stays updated with cybersecurity threats, vulnerabilities, and industry trends to mitigate risks proactively.
• Provides security awareness training to the CNM user community on data protection best practices.
• Participates in the Emergency on-Call rotation for the department and the team.
• Provides audit responses, oversees information security administrative and technical controls, and performs forensic analysis of security incidents.
• Monitors critical infrastructure and information security threats, providing first response services and delegating remediation tasks.
• Maintains technical currency in the evolving threat landscape and contributes to information security incident response teams.
• Enforces policies and procedures as appropriate.
• Performs other related duties as assigned.