"Information Security Analyst"

Wesleyan University, founded in 1831, is a diverse, energetic liberal arts community where critical thinking and practical idealism go hand in hand.

Located in Middletown, Connecticut, Wesleyan University is one of the nation’s premier liberal arts colleges with 3,000 undergraduates and 200 graduates. Established in 1831, Wesleyan is known for its rich, open, and interdisciplinary curriculum.

Wesleyan University takes the security and privacy of information and resources seriously. Wesleyan University's Information Security program safeguards the confidentiality, integrity, and availability of the institution’s information resources.

Reporting to the Chief Information Security Officer, the Information Security Analyst helps protect Wesleyan University’s data, systems, and community from evolving cyber threats. This role pairs monitoring and incident response with risk reduction across a distributed, cloud-forward environment (Workday, AWS, Salesforce, Slate, Stellic, and other SaaS platforms).

The analyst works closely with Networking & Infrastructure, Enterprise Systems, Academic Technology, Unix Systems, and IT Service Delivery while improving our security posture in ways that support teaching, research, and business operations.

Responsibilities include:

Security Monitoring & Incident Response

• Monitor, operate and tune Microsoft Defender console and related security tooling.
• Develop and maintain detections, dashboards, alerts, and escalation procedures.
• Serve as first or second level responder for security incidents in ServiceNow.
• Coordinate containment, eradication, recovery, and post-incident reviews.
• Maintain incident response playbooks.
• Participate in an on-call rotation.

Vulnerability & Configuration Management

• Operate the Nessus Professional vulnerability management system and prioritize findings by exploitability and asset risk.
• Partner with system owners to remediate vulnerabilities and validate secure configuration baselines for servers, endpoints, and cloud services.

Identity, Access, and Data Protection

• Support identity and access management controls including MFA (Duo), SSO/SAML/OAuth, privileged access.
• Assist with access reviews, role hygiene and identity governance activities.
• Implement data protection controls such as encryption, secure file-sharing aligned with data classification standards.

Governance, Risk & Compliance

• Conduct security risk assessments for new systems and vendors.
• Review security terms and attestations, including SOC2 and HECVAT.
• Support compliance obligations including FERPA, GLBA Safeguards Rule, PCI DSS, HIPAA, DMCA.
• Assist with audit preparation and evidence collection.

Security Awareness & Enablement

• Deliver targeted training; publish advisories and publish guidance in ITS knowledge base.
• Forward Data Privacy Officer requests to relevant business offices.
• Administer security platforms including Duo, LastPass, and Mimecast.
• Maintain Nmap SSL certificate scanning process and communicate findings to system owners.
• Perform periodic user access reviews in systems such as Workday.

Threat-Cloud and Third-Party Risk

• Track higher-ed–relevant threat actor tactics and translate intelligence into detections, controls, and tabletop exercises.
• Partner with service owners to show and remediate cloud and SaaS misconfigurations.
• Support security reviews of new SaaS platforms and research tools; recommending compensating controls when vendors security capabilities fall short.

Metrics & Continuous Improvement.

• Produce metrics and reports that inform security prioritization and resource allocation.
• Maintain right, auditable documentation, including asset inventories, data flows, and exception registers.
• Propose practical high impact improvements such as policy, control, or automation that reduce risk quickly while minimizing disruptions to academic and business operations.

This position is a hybrid position with on-campus and remote work schedule options.

Remote work is only considered for residents of MA, VT, NH, ME, CT, RI, or NY. (Relocation assistance to CT is available for those who qualify).

Minimum Qualifications

• Bachelor’s degree in information security, computer science, information systems, or related field and a minimum of two years of hands-on experience in at least two of the following: incident response, SOC operations, vulnerability management, endpoint security, cloud security, IAM or an or equivalent combination of education, training and relevant experience.
• Familiarity with SIEM, EDR, email security gateways, vulnerability scanners, and basic network security concepts (firewalls, subnets, DNS, etc.).
• Working knowledge of one or more of the following: Windows, macOS, Linux
• Working knowledge of common enterprise/cloud services (e.g., AWS, Azure AD/Entra, Google Workspace, O365, SAML/OAuth).
• Ability to read and interpret logs; comfort writing basic queries and simple scripts (PowerShell or Python) to automate routine tasks.
• Understanding of FERPA and GLBA Safeguards; awareness of PCI DSS fundamentals.
• Effective communicator with the ability to translate technical security requirements into language that helps non-technical users make informed decisions.
• Proven ability to move security findings from identification to effective remediation.
• Ability to work in a decentralized environment with diverse stakeholders.
• Willingness to support incident response outside normal business hours when required.

Preferred Qualifications

• One or more of the following certifications (or in progress): Security+, CySA+, GSEC, GCIH, GCIA, GCED, GMON, SSCP, CISSP, or equivalent.
• Experience with AWS security services and identity governance/access reviews.
• Experience in a university or research-heavy environment, including support for labs or HPC and data use agreements.
• Detection engineering (use-case development, sigma/KQL, threat hunting).
• Forensics fundamentals (endpoint triage, memory/disk basics) and evidence handling.
• Secure configuration management (CIS benchmarks), vulnerability prioritization (KEV/CVSS context), and patch orchestration.
• Vendor/security assessment of SaaS with practical compensating controls when “perfect” is not available.

Position is open until filled. For full consideration please apply by March 15, 2026 when first review of applications will begin.

Compensation: $92,700-$120,525

Work Location: Hybrid