Edtech.com's Summary

WGU Corporation is hiring a Senior IT Security Analyst. This role involves leading various cybersecurity efforts including penetration testing, incident handling, continuous monitoring, risk analysis, and compliance, while developing security content aligned with the MITRE ATT&CK Framework. The analyst will also build cloud and data security roadmaps, manage security tools and vendor risk assessments, and collaborate with business and IT teams to enhance the organization's overall security posture.

Highlights

Lead senior analyst in penetration testing, incident handling, digital forensics, intrusion detection/prevention, auditing, risk analysis, compliance, and threat hunting.
Develop security content and use cases aligned with MITRE ATT&CK Framework.
Monitor endpoint security using tools such as DLP, HIPS, Client Proxy, EPP, IPS/IDS, and firewalls to identify anomalous behavior.
Manage security information and event management (SIEM), including tuning and filtering events, alerting, and problem resolution.
Build cloud and data security platform roadmaps; lead implementation of risk mitigation and security tools for cloud infrastructure.
Use scripting languages (Bash, Python) for automation and maintain cloud resources with infrastructure-as-code tools like CloudFormation and CDK.
Required qualifications include a Bachelor’s degree in IT Security or related field, 5 years of information security experience, experience with MITRE ATT&CK Framework, SIEM rule creation, and relevant security certifications (e.g., CISSP, GIAC, ISACA).
Knowledge of security standards and regulations such as NIST, ISO, PCI-DSS, FERPA, GLBA, GDPR, HIPAA, FTC regulations is essential.
Experience with open-source security tools such as Kali, Nessus, Fortify, Burp, Metasploit, Wireshark, and others.
Compensation range is approximately $127,700 to $191,500 per year, with benefits including bonuses, medical and dental coverage, retirement plans, paid leave including parental leave, and discounted tuition.

Senior IT Security Analyst Full Description

If you're passionate about building a better future for individuals, communities, and our country—and you're committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Grade: Technical 409Pay Range: $127,700.00 - $191,500.00

Job Description

Job Duties

Functions as a senior lead analyst in one or more efforts, such as penetration testing, incident handling/digital forensics, continuous monitoring, intrusion detection/prevention, auditing, risk analysis, compliance, security awareness, threat hunting, vendor risk analysis, and identity and access efforts.
Leads in the development of Security Content and Use Case Development. Alerting aligning to the MITRE ATT&CK Framework.
Monitors Endpoint Security utilizing tools such as DLP, HIPS, Client Proxy, EPP, IPS/IDS and local firewalls to establish a baseline and identify anomalous behavior. Understands data encryption strategies. Strives for optimal policy of balance in security and performance.
Participates in tactical projects as they arise to clarify and responds to identified security risks across different technical domains. Assists in project testing and technical documentation.
Executes established security practices with consistency and discipline. Monitors alerts for security incidents and escalates, as needed. Processes large quantities of data based on significance.
Collaborates with engineers to support standardized practices and follow routine processes to promote secure systems. Recommends new tools for penetration testing, assessment, and secure product validation.
Participates with incident response activities and risk assessment activities.
Monitors and tests fixes and patches to ensure vulnerabilities have been appropriately mitigated.
Maintains responsibility for tuning and filtering of events and information, creating custom views and content using available tools following approved methodology.
Facilitates an effective response to vendor risk assessments using industry-standard methods (i.e. SIG, HECVAT, VSAQ, or CIS, SANS Top 20) as well as business requests for information (ROIs).
Consults with various areas of the business as an information security subject matter expert.
Leads correlation efforts with data from IPS/IDS with data from other sources.
Administers security information and event management including devices, watch list, alerting, threat feeds, and problem resolution.
Researches emerging security technologies, tactics, trends, and exploits. Prepares reports and presentations periodically for management and developers.
Participates in ongoing status meetings to update Information Security members of initiatives and ongoing projects.
Manages multiple simultaneous projects and tasks that involve different team members.
Builds a Cloud and Data Security platform roadmap.
Leads implementation of risk mitigation tools and security tools for cloud migration and cloud infrastructure.
Builds and maintains relationships across the University to promote cloud security initiatives.
Researches and deconstructs cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through network device logs. Creates abstract rules to detect network intrusions based on IOCs. Conducts open-ended analysis of large data sets to find network activity baselines and abnormalities.
Implements SOAR functions to automate compliance enforcement, security configuration management, and malicious activity remediation.
Identifies gaps in the University's security model and suggests solutions, including tools and processes.
Engages with security architects to capture design requirements for cloud architectures and implementation strategies.
Contributes to security operations and technology projects that have tactical and operational impact to all business segments of the University.
Supports the creation and maintenance of an effective security architecture for the corporation that maps to business requirements.
Collaborates with IT leadership and other business leaders to provide integrated security planning and recommendations for innovative technologies that will enhance the current security posture of the organization system protection.
Manages subscriptions to vendors' security/vulnerability alerts and assesses vendor alerts by establishing a response plan based on the platform, severity, and applicability of the threat.
Performs other job-related duties as assigned.

KSAs

Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contributes to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.
Advanced understanding of core AWS services, including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM).
Hands on experience integrating security into the various stages of a CI/CD pipeline
Advanced understanding of cloud security engineering principles as applied in support of, and integration with, key business and strategic priorities
Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies
Ability to use network management tools to analyze network traffic patterns
Ability to tune sensors, read, and interpret signatures
Ability to create alerts and automated responses
Ability to generate and articulate performance metrics
Ability to identify and communicate the risk of vulnerabilities, specifically the ability to articulate risk to leadership
Ability to identify internal and external trends to identify risks
Results oriented, self-motivated, and self-directed
Ability to execute established security practices with consistency and discipline
Familiarity with network architectures, network services & devices, system types, development platforms, and software suites (Microsoft, Cisco, Oracle, Linux, etc.)
Technical skills in patch and vulnerability assessment, analytical theory, networking, operating systems, incident response methodology and ability to compose management level summaries as needed.
Understanding and working knowledge of security forensics
Ability to work well with others, maintaining a positive work environment by communicating in a manner to promote positive relations with customers, co-workers, and management
Effective oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy
Excellent analytical, problem solving, and decision-making skills. Able to identify and resolves problems in a timely manner with a solution driven approach to problems
Demonstrated pragmatic, adaptable, and result-driven approach to information security risk management
Methodical, data-driven approach to security and risk analysis; ability to think imaginatively in order to implement security improvements
Understands the implications of privacy laws and regulations (i.e. GDPR and CCPA)

Minimum Qualifications

Bachelor's Degree in IT Security, Computer Science, Engineering or related field
5 years of Information Security experience
Experience working with MITRE ATT&CK Framework
Experience with security industry standards and best practices, specifically with interpretation and implementation of those standards in a corporate environment
Hands-on experience creating, designing, and implementing SIEM content security rules to detect malicious, suspicious, and/or abnormal events
Experience maintaining cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.)
Scripting language experience (Bash, Python, etc.) with strong working knowledge of automation
Experience with open-source security tools (i.e. Kali, Nessus, Fortify, AppScan, Nexpose, SAINT, Burp, NMap, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng, Eramba, etc)
Relevant security certifications (CISSP, GIAC, ISACA, CCSP, CCSK, AWS, etc.)
Equivalent relevant experience performing the essential functions of this job may substitute for education degree requirements. Generally, equivalent relevant experience is defined as 1 year of experience for 1 year of education and is the discretion of the hiring manager.

Preferred Qualifications

10 years of Information Security experience
Experience recommending additional security requirements and safeguards
Experience in development of end user operating manuals and documentation
Familiarity with Cloud infrastructure
Experience preparing System Security Plans and supporting Cybersecurity/IA testing
Knowledge of OWASP

Job Description Disclaimer: This position description provides the major duties/responsibilities, requirements and working conditions for the position. It is intended to be an accurate reflection of the current position, however management reserves the right to revise or change as necessary to meet organizational needs. Other responsibilities may be assigned when circumstances require.

Position & Application Details
Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.

Original Job Description

Job Description

Job Duties

Functions as a senior lead analyst in one or more efforts, such as penetration testing, incident handling/digital forensics, continuous monitoring, intrusion detection/prevention, auditing, risk analysis, compliance, security awareness, threat hunting, vendor risk analysis, and identity and access efforts.
Leads in the development of Security Content and Use Case Development. Alerting aligning to the MITRE ATT&CK Framework.
Monitors Endpoint Security utilizing tools such as DLP, HIPS, Client Proxy, EPP, IPS/IDS and local firewalls to establish a baseline and identify anomalous behavior. Understands data encryption strategies. Strives for optimal policy of balance in security and performance.
Participates in tactical projects as they arise to clarify and responds to identified security risks across different technical domains. Assists in project testing and technical documentation.
Executes established security practices with consistency and discipline. Monitors alerts for security incidents and escalates, as needed. Processes large quantities of data based on significance.
Collaborates with engineers to support standardized practices and follow routine processes to promote secure systems. Recommends new tools for penetration testing, assessment, and secure product validation.
Participates with incident response activities and risk assessment activities.
Monitors and tests fixes and patches to ensure vulnerabilities have been appropriately mitigated.
Maintains responsibility for tuning and filtering of events and information, creating custom views and content using available tools following approved methodology.
Facilitates an effective response to vendor risk assessments using industry-standard methods (i.e. SIG, HECVAT, VSAQ, or CIS, SANS Top 20) as well as business requests for information (ROIs).
Consults with various areas of the business as an information security subject matter expert.
Leads correlation efforts with data from IPS/IDS with data from other sources.
Administers security information and event management including devices, watch list, alerting, threat feeds, and problem resolution.
Researches emerging security technologies, tactics, trends, and exploits. Prepares reports and presentations periodically for management and developers.
Participates in ongoing status meetings to update Information Security members of initiatives and ongoing projects.
Manages multiple simultaneous projects and tasks that involve different team members.
Builds a Cloud and Data Security platform roadmap.
Leads implementation of risk mitigation tools and security tools for cloud migration and cloud infrastructure.
Builds and maintains relationships across the University to promote cloud security initiatives.
Researches and deconstructs cyber-attacks into sequenced Indicators of Compromise (IOC) detectable through network device logs. Creates abstract rules to detect network intrusions based on IOCs. Conducts open-ended analysis of large data sets to find network activity baselines and abnormalities.
Implements SOAR functions to automate compliance enforcement, security configuration management, and malicious activity remediation.
Identifies gaps in the University's security model and suggests solutions, including tools and processes.
Engages with security architects to capture design requirements for cloud architectures and implementation strategies.
Contributes to security operations and technology projects that have tactical and operational impact to all business segments of the University.
Supports the creation and maintenance of an effective security architecture for the corporation that maps to business requirements.
Collaborates with IT leadership and other business leaders to provide integrated security planning and recommendations for innovative technologies that will enhance the current security posture of the organization system protection.
Manages subscriptions to vendors' security/vulnerability alerts and assesses vendor alerts by establishing a response plan based on the platform, severity, and applicability of the threat.
Performs other job-related duties as assigned.

KSAs

Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contributes to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.
Advanced understanding of core AWS services, including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM).
Hands on experience integrating security into the various stages of a CI/CD pipeline
Advanced understanding of cloud security engineering principles as applied in support of, and integration with, key business and strategic priorities
Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies
Ability to use network management tools to analyze network traffic patterns
Ability to tune sensors, read, and interpret signatures
Ability to create alerts and automated responses
Ability to generate and articulate performance metrics
Ability to identify and communicate the risk of vulnerabilities, specifically the ability to articulate risk to leadership
Ability to identify internal and external trends to identify risks
Results oriented, self-motivated, and self-directed
Ability to execute established security practices with consistency and discipline
Familiarity with network architectures, network services & devices, system types, development platforms, and software suites (Microsoft, Cisco, Oracle, Linux, etc.)
Technical skills in patch and vulnerability assessment, analytical theory, networking, operating systems, incident response methodology and ability to compose management level summaries as needed.
Understanding and working knowledge of security forensics
Ability to work well with others, maintaining a positive work environment by communicating in a manner to promote positive relations with customers, co-workers, and management
Effective oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy
Excellent analytical, problem solving, and decision-making skills. Able to identify and resolves problems in a timely manner with a solution driven approach to problems
Demonstrated pragmatic, adaptable, and result-driven approach to information security risk management
Methodical, data-driven approach to security and risk analysis; ability to think imaginatively in order to implement security improvements
Understands the implications of privacy laws and regulations (i.e. GDPR and CCPA)

Minimum Qualifications

Bachelor's Degree in IT Security, Computer Science, Engineering or related field
5 years of Information Security experience
Experience working with MITRE ATT&CK Framework
Experience with security industry standards and best practices, specifically with interpretation and implementation of those standards in a corporate environment
Hands-on experience creating, designing, and implementing SIEM content security rules to detect malicious, suspicious, and/or abnormal events
Experience maintaining cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.)
Scripting language experience (Bash, Python, etc.) with strong working knowledge of automation
Experience with open-source security tools (i.e. Kali, Nessus, Fortify, AppScan, Nexpose, SAINT, Burp, NMap, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng, Eramba, etc)
Relevant security certifications (CISSP, GIAC, ISACA, CCSP, CCSK, AWS, etc.)
Equivalent relevant experience performing the essential functions of this job may substitute for education degree requirements. Generally, equivalent relevant experience is defined as 1 year of experience for 1 year of education and is the discretion of the hiring manager.

Preferred Qualifications

10 years of Information Security experience
Experience recommending additional security requirements and safeguards
Experience in development of end user operating manuals and documentation
Familiarity with Cloud infrastructure
Experience preparing System Security Plans and supporting Cybersecurity/IA testing
Knowledge of OWASP

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.

Let me find your next job.

Thanks - you're signed up.

Senior IT Security Analyst

Edtech.com's Summary

Senior IT Security Analyst Full Description

Lead Information Security Analyst

Cybersecurity Analyst- McCrary

IT Security Architect

Solutions Architect I

Identity & Access Management Specialists