Information Security Analyst
Syracuse University · Syracuse, NY · 1 wk ago
Information Technology$87k–$92k/yrFull-time
About the role
The Information Security Analyst is a technical role within the Information Security (InfoSec) group of Information Technology Services (ITS), responsible for defending the University’s data assets through policy controls, security operations, incident response, and AI-assisted tooling.
Responsibilities
- Monitor network, endpoint, and identity telemetry continuously using open-source and enterprise SIEM platforms including Splunk, Elastic/Opensearch, and Kibana.
- Review IDS alerts, system logs, and network traffic captures; triage for relevance and severity; distinguish genuine threats from false positives.
- Provide second-level analysis of alerts escalated by student SOC employees, with final disposition and escalation authority resting with this position.
- Operate, tune, and recommend enhancements to the SOC’s monitoring and detection platforms including Microsoft Defender and SIEM tools; leverage AI-assisted tooling to improve detection and response workflows.
- Implement threat hunting and detection strategies; identify new data sources to augment detection capability; integrate new tools and applications as needed.
- Write Python and PowerShell scripts to automate detection, response, and data analysis workflows.
- Aid in maintenance of firewall rulesets.
- Serve as first responder for security incident investigation, conducting log and system-level analysis to determine potential scope and impact. Assist with containment, eradication, and recovery efforts.
- Perform digital forensic analysis at the first-responder level to determine whether a breach has occurred and what steps are required to contain it.
- Provide written and verbal summaries of incident findings to be shared with ITS leadership and relevant stakeholders.
- Aid in maintaining and operating the University’s vulnerability assessment program, including scan configuration, finding analysis, risk prioritization based on exploitability and business impact, and remediation coordination with system owners.
- Track patching effectiveness and validate closure of critical findings.
- Assist in the hiring, continuous training, mentoring, and operational oversight of student SOC employees.
- Develop and maintain the SOC processes, runbooks, and escalation procedures that student analysts follow.
- Provide direct coaching on alert investigation techniques, log analysis, and documentation standards.
Qualifications
- Bachelor’s degree in information security/Cybersecurity, Information Management, Computer Science, Computer Engineering, or related discipline.
- Five (5+) plus years of experience in Information Technology, with a minimum of two (2) years in Information Security/Cybersecurity.
- Prior experience working in a functioning SOC or equivalent security operations environment is valued, including hands-on work triaging live alerts, investigating active incidents, and operating security tooling in a production setting.