Information Security Analyst

The Information Security Analyst is a technical role within the Information Security (InfoSec) group of Information Technology Services (ITS), responsible for defending the University's data assets through policy controls, security operations, incident response, and AI-assisted tooling. As a primary network defender, the analyst works at the intersection of threat detection, vulnerability management, and forensic investigation within a Security Operations Center (SOC).

The role requires hands-on experience across several domains: SOC operations including alert triage, log analysis, and network traffic interpretation using tools such as Splunk, Kibana, or Microsoft Sentinel; Python 3 scripting for automation and detection support; firewall management for ruleset maintenance and network security enforcement; Microsoft Entra ID administration including identity architecture and PowerShell scripting; Linux system administration across mixed-OS environments; and digital forensics at a first-responder level, including breach assessment, evidence preservation, and containment.

This role is responsible for developing and overseeing student SOC employees. The SOC functions as both a live security operation and a learning environment, requiring the analyst to serve as senior practitioner and mentor.

Education and Experience

Education

• Bachelor's degree in information security/Cybersecurity, Information Management, Computer Science, Computer Engineering, or related discipline.

Experience

• Five (5+) plus years of experience in Information Technology, with a minimum of two (2) years in Information Security/Cybersecurity.
• Prior experience working in a functioning SOC or equivalent security operations environment is valued, including hands-on work triaging live alerts, investigating active incidents, and operating security tooling in a production setting.

Skills and Knowledge

Required Experience (2+ years each):

• SOC operations: IDS/EDR alert triage, log analysis, and network traffic interpretation using Splunk, Kibana, or Microsoft Sentinel
• Microsoft Defender for Endpoint: alert triage, investigation, and response
• Python 3 scripting for automation and SOC workflow support
• Firewall operation and network security fundamentals

Required Experience (1+ years each):

• Windows/Active Directory, endpoint log analysis, PowerShell, and group policies
• Linux system administration
• Digital forensics at a first-responder level
• AI-assisted security tools (e.g., Copilot, AI-enhanced SIEM features)
• Broader Technical Knowledge: Network protocols; IDS/IPS platforms; MITRE ATT&CK and Cyber Kill Chain; vulnerability scanning; cloud security fundamentals; SOAR and scripting-based automation; Microsoft security stack (Defender XDR, Sentinel, Purview, Entra ID) with KQL proficiency.
• Active use of AI tooling across all operational functions and the application of AI as a solution is a core expectation.
• Soft Skills: Cross-functional collaboration; student SOC mentorship; multi-source analytical precision; clear written and verbal communication to technical and non-technical audiences; composure during active incidents; commitment to continuous learning.

Responsibilities

Security Monitoring & Alert Triage

• Monitor network, endpoint, and identity telemetry continuously using open-source and enterprise SIEM platforms including Splunk, Elastic/Opensearch, and Kibana.
• Review IDS alerts, system logs, and network traffic captures; triage for relevance and severity; distinguish genuine threats from false positives.
• Provide second-level analysis of alerts escalated by student SOC employees, with final disposition and escalation authority resting with this position.

SOC Tools Operations & Engineering

• Operate, tune, and recommend enhancements to the SOC's monitoring and detection platforms including Microsoft Defender and SIEM tools; leverage AI-assisted tooling to improve detection and response workflows.
• Implement threat hunting and detection strategies; identify new data sources to augment detection capability; integrate new tools and applications as needed.
• Write Python and PowerShell scripts to automate detection, response, and data analysis workflows.
• Assist in maintenance of firewall rulesets.

Incident Response & Investigation

• Serve as first responder for security incident investigation, conducting log and system-level analysis to determine potential scope and impact. Assist with containment, eradication, and recovery efforts.
• Perform digital forensic analysis at the first-responder level to determine whether a breach has occurred and what steps are required to contain it.
• Provide written and verbal summaries of incident findings to be shared with ITS leadership and relevant stakeholders.

Vulnerability Management

• Assist in maintaining and operating the University's vulnerability assessment program, including scan configuration, finding analysis, risk prioritization based on exploitability and business impact, and remediation coordination with system owners.
• Track patching effectiveness and validate closure of critical findings.

Student Employee Development

• Assist in the hiring, continuous training, mentoring, and operational oversight of student SOC employees. Develop and maintain the SOC processes, runbooks, and escalation procedures that student analysts follow.
• Provide direct coaching on alert investigation techniques, log analysis, and documentation standards.

Physical Requirements

• Tools/Equipment
• Application Instructions

In addition to completing an online application, please attach a resume and cover letter.