Skip to main content

Senior Information Security Operations Analyst

Employer
University of Massachusetts Boston
Location
UMass Boston
View more categoriesView less categories

Job Details

Job no: 526229
Position Type: Staff Full Time
Campus: UMass Boston
Department: IT Comm & Infrastructure Serv
Pay Grade: 34
Date opened: 27 Jan 2025 Eastern Standard Time
Applications close: 17 Feb 2025 Eastern Standard Time

General Summary:

The Senior Information Security Operations Analyst is a critical member of the University’s cybersecurity team, reporting directly to the Chief Information Security Officer (CISO). Responsible for comprehensive security operations, this role focuses on proactively monitoring, analyzing, and mitigating potential cyber threats across the institution’s digital infrastructure. The analyst will leverage advanced security monitoring tools, including Sentinel (SIEM), CASB, SOAR, endpoint protection, email security, firewalls, and vulnerability management systems to detect, investigate, and respond to security incidents. Key responsibilities include developing robust incident response protocols, conducting thorough vulnerability assessments, and implementing strategic containment measures to protect university systems and data. The position demands continuous professional development and a forward-thinking approach to cybersecurity, emphasizing anticipating and neutralizing potential threats before they impact the organization’s operational integrity.

Examples of Duties:

  • Oversee the day-to-day activities, ensuring real-time threat monitoring, detection, and incident response, serving as the first-line primary incident coordinator at the Network and Security Operations Center (NSOC/SOC).
  • Develop and enforce SOC processes, incident management workflows, and escalation procedures.
  • Maintain up-to-date playbooks and ensure compliance with relevant security policies and regulations.
  • Design, implement, and maintain security automation workflows to streamline security operations by leveraging Security Orchestration, Automation, and Response (SOAR) and custom-developed software applications.
  • Automate repetitive security tasks to reduce incident response time to resolution and reduce manual workload.
  • Develop scripts and playbooks to integrate, automate, and enrich data from multiple security platforms such as SIEM, IDS/IPS, EDR, firewalls, and more.
  • Architect, deploy, maintain, and manage the University’s Microsoft Sentinel environment (SIEM), including configuring data connectors, log sources, workbooks, analytics rules, and playbooks.
  • Conduct comprehensive daily performance evaluations of Sentinel, optimizing log ingestion processes and incident response workflows. Proactively refine threat detection mechanisms by systematically analyzing detection efficacy, false positive rates, and potential alert gaps, ensuring adaptive and precise threat identification strategies.
  • Evaluate and implement cutting-edge security technologies to improve detection and response times.
  • Design and deploy advanced detection rules, alerts, and signatures to identify security threats within a complex enterprise environment.
  • Enhance threat intelligence ingestion efforts to develop detection strategies based on the latest threat landscapes, vulnerabilities, and attacker tactics.
  • Manage real-time security event monitoring and incident response, proactively detecting threats and mitigating risks through comprehensive investigation, cross-functional coordination, and continuous improvement of security protocols.
  • Serve as a liaison between the Desktop Services and Information Security teams to ensure that desktop environments comply with the University’s system security practices.
  • Continuously study trends in cybercrime around threat actors’ behaviors, tactics, and goals.
  • Organize and analyze the collected data from Microsoft Threat Hunting consoles, SIEMs, Tenable scanning tools, and other security services sources to investigate security trends and make predictions to eliminate current and future vulnerabilities.
  • To support the University’s information security posture, analyze and report on security threats and incidents across platforms, develop performance metrics, create incident reports, maintain comprehensive documentation and audit trails, and provide strategic insights to senior leadership.
  • Provide comprehensive mentorship and training to junior SOC analysts, apprentices, and students, developing and leading educational programs that enhance cybersecurity skills, threat-hunting techniques, and technical proficiency in tools like Microsoft Sentinel across internal and external learning environments.
  • Provide high-level customer service and deliver timely, courteous, and knowledgeable customer support and awareness training and coaching.
  • Actively supports the University in advancing the concepts of Diversity, Equity, Inclusion, and accessibility in the workplace.
  • Perform other duties as assigned.
  • Qualifications:

  • A bachelor’s degree in computer science, Information Systems, Information Technology, or a related field is non-waivable—preference is given to those holding a Master’s Degree in Cybersecurity or a related field of study.
  • A minimum of five (5) years of information security experience, preferably in a higher education setting, Three (3) of which are spent at a Security Operations Center (SOC), including but not limited to demonstrable threat detection, incident response/remediation, threat hunting, and post-incident forensics experience is required and non-waivable.
  • A minimum of three (3) years of automation experience is a must (Microsoft A5 preferred).
  • A strong foundation of networks and troubleshooting knowledge is required.
  • CompTIA Security+, CASP+, GIAC (GSP, GSE), or equivalent is required, with preference given to those holding a CISSP or CISM Certification. A certificate number and proof of certification must be submitted with your application.
  • Advanced logic apps and automation skills, especially in Kusto Query Language (KQL) or similar coding languages, to explore data, discover patterns, identify anomalies and outliers, and create statistical modeling and reports are strongly preferred.
  • Must have solid experience with Sentinel, SOAR, Purview, Microsoft A5, and Microsoft Defender products and services.
  • At least 5 years of experience in a multi-cloud environment (Microsoft A5 preferred)
  • Must have a solid knowledge and experience in Detection Engineering.
  • Must have an excellent understanding and experience in multiple security domains, such as intrusion detection, incident response, malware analysis, application security, and forensics. Knowledge of specific digital forensic tools, such as FTK Imager and Autopsy, is strongly preferred.
  • Must have experience detecting abuse and large-scale attacks in diverse environments.
  • Experience working with multiple stakeholders in a matrixed environment of Systems, Network Operations, Information Security, internal business units, attorneys, vendors, Cyber insurance consultants, and external incident response teams.
  • Strong familiarity with the following cybersecurity-related tools and disciplines with deep experience in one or more of the following:
  • Microsoft Suite of Defender Applications (XDR, Endpoint, Identity, O365, Cloud Apps, Vulnerability, Microsoft’s unified security operations platform)
  • Microsoft Windows, Macintosh Operating System, Linux platforms, and common applications and utilities.
  • Strong knowledge of Multi-Factor Authentication (MFA) tools and principles
  • Microsoft A5 Email threat protection and Microsoft 365 security center tools
  • Analysis of log data using SIEM tools such as Azure Sentinel
  • Modern Cloud Access Security Broker (CASB)
  • Analysis of network traffic from intrusion detection systems and flow monitoring systems
  • Infoblox DNS, DHCP, IPAM (DDI)
  • Knowledge of security risks, copyright violations, and other inappropriate or unlawful computing practices.
  • Ability to maintain an understanding and awareness of the overall cyber threat landscape (advanced persistent threat groups, malware campaigns, botnets, hacktivism, DDoS attacks, geopolitical activities, etc.).
  • Must have strong interpersonal skills that facilitate positive working relationships with co-workers and end-users.
  • Strong oral and written communication skills for personal interaction with end-users, written reports, documentation, and call ticket tracking.
  • Desire and willingness to work with end-users and provide high-quality customer service at all levels in a university setting.
  • Experience supervising student employees is a plus.
  • Strong commitment to customer service.
  • Application Instructions:

    Please apply online with your resume, cover letter and list of three professional references.

    Review of candidates will begin following the application closing date.

    Only Internal candidates in the Professional Staff Bargaining Unit will be considered during the first 10 business days of the posting. All other candidates will be considered after that period.

    Salary Ranges for the appropriate Pay Grade can be found at the following link:

    Grade: 34

    Salary Ranges

    This is an exempt union position.

    All official salary offers must be approved by Human Resources.

    UMass Boston is committed to the full inclusion of all qualified individuals. As part of this commitment, we will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact HRDirect@umb.edu or 617-287-5150.

    Applications close: 17 Feb 2025 Eastern Standard Time

    Organization

    Working at University of Massachusetts Boston

    The University of Massachusetts Boston is nationally recognized as a model of excellence for urban public universities. The scenic waterfront campus is located next to the John F. Kennedy Library, with easy access to downtown Boston. 

    The second-largest campus in the UMass system, UMass Boston combines a small-college experience with the vast resources of a major research university. With a 16:1 student-to-faculty ratio, students easily interact with professors because most teaching occurs in small class sizes. Ninety-three percent of full-time faculty hold the highest degree in their fields.

    UMass Boston’s academic excellence is reflected by a growing student body of nearly 16,000 undergraduate and graduate students. The university’s eight colleges offer more than 100 undergraduate programs and 50 graduate programs. The University Honors Program serves 300 students who thrive on intellectual challenge. Enriched courses probe more deeply into theory or venture further into application.

    UMass Boston’s diverse student body provides a global context for student learning, and its location in a major U.S. city provides connections to employers in industries such as finance, health care, technology, service, and education, offering students opportunities to gain valuable in-school experience via internships, clinicals, and other career-related placements.

    More than 100 student organizations — including clubs, literary magazines, newspaperradio stationart gallery, and 16 NCAA Division III sports teams — offer a rich campus life. Students live throughout Greater Boston and in apartment communities just steps from the campus, and enjoy the rich amenities, cultural attractions, and educational opportunities that make the city the biggest and best college town in the nation.

    Get job alerts

    Create a job alert and receive personalized job recommendations straight to your inbox.

    Create alert