Lead Information Security Analyst Security Operations

Department

ITS

Summary

In collaboration with the IT Security Manager, this position exists to focus on leading and maturing information security operations at MSU Denver. This is designed to help ensure the continuous execution of our organizational missions and to adequately protect our systems and data. A key responsibility is leading incident response and related initiatives with a focus on preparation and prevention. This individual is not only expected to be the primary lead for security operations but to work collaboratively to develop a roadmap to improve processes and technology through innovation, efficiency, and risk reduction. This position participates in the design, creation, testing, and implementation of security solutions, which requires close coordination with various stakeholders throughout the university.

Duties and Responsibilities:

• Monitor security alerts and incidents, ensuring timely detection and proper response
• Conduct thorough investigations of security breaches and incidents
• Maintain incident response plans and procedures
• Conduct foundational information security forensics
• Security tool optimization and tuning (e.g., SIEM, EDR, AV, etc.)
• Pivot off indicators of compromise
• Conduct basic threat hunting
• Analyze phishing emails
• Assess and make recommendations to harden our environment
• Stay updated on latest pertinent security trends, threats, best practices, and technologies
• Develop and support incident response training
• Focus on continuous improvement
• Student employee supervision and mentoring

While not a primary responsibility, you may be asked to support other areas as needed. This includes but is not limited to:

• Active Directory/O365
• eDiscovery
• Vulnerability scanning
• Software and hardware assessments
• Third-party risk management
• Risk assessments
• Policy development
• Network security

Required Qualifications

• At least 3 years supporting or leading security operation domains in a complex organization
• Associates degree in related field or an equivalent combination of education and experience

Important Note: Successful applicants will ensure their resumes clearly demonstrate that their work experience describes how they meet ALL required qualifications.

Preferred Qualifications

• Certifications (at least one within 1 year of hire): GCIH, CISSP, GCFA, or agreed upon certification equivalent
• Education: Bachelors or Masters degree

To be successful in this position, beyond demonstratable technical skills, you must have strong organizational and communication skills, the ability to work independently, and remain calm under pressure.

Skills

• Foundational cyber security knowledge
• Networking knowledge (e.g., protocols, ports, services, and technologies)
• Critical thinking, problem solving, and attention to detail under pressure
• Incident response
• Threat hunting
• Forensics
• Security information and event management (SIEM) tuning
• Endpoint detection and response/Antivirus management
• Microsoft on-prem and cloud services security best practices

Schedule Information

Full-time, 40 hours per week
Exempt
Work Hours: Monday " Friday 8:00 am - 5:00 pm
Evenings and Weekend Work: Occasionally as needed
Schedule: Hybrid schedule requiring in person work with the flexibility of some remote work opportunities (subject to supervisor approval)
Travel: Rarely