Careers

General Summary: 

The Senior Information Security Operations Analyst is a critical member of the University’s cybersecurity team, reporting directly to the Chief Information Security Officer (CISO). Responsible for comprehensive security operations, this role focuses on proactively monitoring, analyzing, and mitigating potential cyber threats across the institution’s digital infrastructure. The analyst will leverage advanced security monitoring tools, including Sentinel (SIEM), CASB, SOAR, endpoint protection, email security, firewalls, and vulnerability management systems to detect, investigate, and respond to security incidents. Key responsibilities include developing robust incident response protocols, conducting thorough vulnerability assessments, and implementing strategic containment measures to protect university systems and data. The position demands continuous professional development and a forward-thinking approach to cybersecurity, emphasizing anticipating and neutralizing potential threats before they impact the organization’s operational integrity.

Examples of Duties: 

• Oversee the day-to-day activities, ensuring real-time threat monitoring, detection, and incident response, serving as the first-line primary incident coordinator at the Network and Security Operations Center (NSOC/SOC).
• Develop and enforce SOC processes, incident management workflows, and escalation procedures.
• Maintain up-to-date playbooks and ensure compliance with relevant security policies and regulations.
• Design, implement, and maintain security automation workflows to streamline security operations by leveraging Security Orchestration, Automation, and Response (SOAR) and custom-developed software applications.
• Automate repetitive security tasks to reduce incident response time to resolution and reduce manual workload.
• Develop scripts and playbooks to integrate, automate, and enrich data from multiple security platforms such as SIEM, IDS/IPS, EDR, firewalls, and more.
• Architect, deploy, maintain, and manage the University’s Microsoft Sentinel environment (SIEM), including configuring data connectors, log sources, workbooks, analytics rules, and playbooks.
• Conduct comprehensive daily performance evaluations of Sentinel, optimizing log ingestion processes and incident response workflows. Proactively refine threat detection mechanisms by systematically analyzing detection efficacy, false positive rates, and potential alert gaps, ensuring adaptive and precise threat identification strategies.
• Evaluate and implement cutting-edge security technologies to improve detection and response times.
• Design and deploy advanced detection rules, alerts, and signatures to identify security threats within a complex enterprise environment.
• Enhance threat intelligence ingestion efforts to develop detection strategies based on the latest threat landscapes, vulnerabilities, and attacker tactics.
• Manage real-time security event monitoring and incident response, proactively detecting threats and mitigating risks through comprehensive investigation, cross-functional coordination, and continuous improvement of security protocols.
• Serve as a liaison between the Desktop Services and Information Security teams to ensure that desktop environments comply with the University’s system security practices.
• Continuously study trends in cybercrime around threat actors’ behaviors, tactics, and goals.
• Organize and analyze the collected data from Microsoft Threat Hunting consoles, SIEMs, Tenable scanning tools, and other security services sources to investigate security trends and make predictions to eliminate current and future vulnerabilities.
• To support the University’s information security posture, analyze and report on security threats and incidents across platforms, develop performance metrics, create incident reports, maintain comprehensive documentation and audit trails, and provide strategic insights to senior leadership.
• Provide comprehensive mentorship and training to junior SOC analysts, apprentices, and students, developing and leading educational programs that enhance cybersecurity skills, threat-hunting techniques, and technical proficiency in tools like Microsoft Sentinel across internal and external learning environments.
• Provide high-level customer service and deliver timely, courteous, and knowledgeable customer support and awareness training and coaching.
• Actively supports the University in advancing the concepts of Diversity, Equity, Inclusion, and accessibility in the workplace.
• Perform other duties as assigned.

Qualifications: 

• A bachelor’s degree in computer science, Information Systems, Information Technology, or a related field is non-waivable—preference is given to those holding a Master’s Degree in Cybersecurity or a related field of study.
• A minimum of five (5) years of information security experience, preferably in a higher education setting, Three (3) of which are spent at a Security Operations Center (SOC), including but not limited to demonstrable threat detection, incident response/remediation, threat hunting, and post-incident forensics experience is required and non-waivable.
• A minimum of three (3) years of automation experience is a must (Microsoft A5 preferred).
• A strong foundation of networks and troubleshooting knowledge is required.
• CompTIA Security+, CASP+, GIAC (GSP, GSE), or equivalent is required, with preference given to those holding a CISSP or CISM Certification. A certificate number and proof of certification must be submitted with your application.
• Advanced logic apps and automation skills, especially in Kusto Query Language (KQL) or similar coding languages, to explore data, discover patterns, identify anomalies and outliers, and create statistical modeling and reports are strongly preferred.
• Must have solid experience with Sentinel, SOAR, Purview, Microsoft A5, and Microsoft Defender products and services.
• At least 5 years of experience in a multi-cloud environment (Microsoft A5 preferred)
• Must have a solid knowledge and experience in Detection Engineering.
• Must have an excellent understanding and experience in multiple security domains, such as intrusion detection, incident response, malware analysis, application security, and forensics. Knowledge of specific digital forensic tools, such as FTK Imager and Autopsy, is strongly preferred.
• Must have experience detecting abuse and large-scale attacks in diverse environments.
• Experience working with multiple stakeholders in a matrixed environment of Systems, Network Operations, Information Security, internal business units, attorneys, vendors, Cyber insurance consultants, and external incident response teams.
• Strong familiarity with the following cybersecurity-related tools and disciplines with deep experience in one or more of the following:

• Microsoft Suite of Defender Applications (XDR, Endpoint, Identity, O365, Cloud Apps, Vulnerability, Microsoft’s unified security operations platform)
• Microsoft Windows, Macintosh Operating System, Linux platforms, and common applications and utilities.
• Strong knowledge of Multi-Factor Authentication (MFA) tools and principles
• Microsoft A5 Email threat protection and Microsoft 365 security center tools
• Analysis of log data using SIEM tools such as Azure Sentinel
• Modern Cloud Access Security Broker (CASB)
• Analysis of network traffic from intrusion detection systems and flow monitoring systems
• Infoblox DNS, DHCP, IPAM (DDI)

• Knowledge of security risks, copyright violations, and other inappropriate or unlawful computing practices.
• Ability to maintain an understanding and awareness of the overall cyber threat landscape (advanced persistent threat groups, malware campaigns, botnets, hacktivism, DDoS attacks, geopolitical activities, etc.).
• Must have strong interpersonal skills that facilitate positive working relationships with co-workers and end-users.
• Strong oral and written communication skills for personal interaction with end-users, written reports, documentation, and call ticket tracking.
• Desire and willingness to work with end-users and provide high-quality customer service at all levels in a university setting.
• Experience supervising student employees is a plus.
• Strong commitment to customer service.

Application Instructions: 

Please apply online with your resume, cover letter and list of three professional references.

Review of candidates will begin following the application closing date. 

Only Internal candidates in the Professional Staff Bargaining Unit will be considered during the first 10 business days of the posting.  All other candidates will be considered after that period. 

Salary Ranges for the appropriate Pay Grade can be found at the following link: 

Grade: 34              

Salary Ranges

This is an exempt union position. 

All official salary offers must be approved by Human Resources.

UMass Boston is committed to the full inclusion of all qualified individuals. As part of this commitment, we will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact HRDirect@umb.edu or 617-287-5150.