Senior Analyst, Cyber Defense jobs in United States
cer-icon
Apply on Employer Site
company-logo

USC · 18 hours ago

Senior Analyst, Cyber Defense

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$125K/yr - $158K/yr
date5+ years exp

The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a Senior Analyst in Cyber Defense, you will play a hands-on role in responding to and investigating security incidents across a large, decentralized university environment, focusing on identifying, triaging, and analyzing security incidents and events.

E-CommerceFashionInternetRetail

Responsibilities

Oversees, coordinates, and manages the response to actual and potential security breaches, engaging in the identification, triage, categorization of security incidents and events. Leads, coordinates, and manages in-depth investigations and forensic analysis on endpoints, servers, and network data, resolving incidents by identifying root causes and solutions; implements remediation actions as necessary. Works with cyber defense team members to assign criticality and priority levels to security incidents and events. Executes SOAR playbooks to drive consistent response actions; suggests automation improvements. Actively reports on security incidents and events as they are escalated or identified to cyber leadership and management. Maintains detailed documentation of incidents, including timelines, actions taken, and lessons learned
Develops and implements security incident response plans (SIRPs), as well as detection, containment, eradication, and recovery strategies. Follows and executes defined incident processes and procedures as well SIRPs when investigating security incidents and events. Applies risk analysis techniques and critical thinking strategies when evaluating the impact of cyber threats and vulnerabilities, as well as recommended remediation steps. Designs and delivers incident response exercises to test client SIRPs. Supports digital forensic investigations on a variety of digital devices (e.g., computers, mobile devices, network systems)
Works with cyber defense team members and lead security operations center analyst to assign criticality and priority levels to security incidents and events. Conducts in-depth investigations of security incidents, utilizing forensic tools and techniques to identify root causes and gather evidence. Communicates with university management and other cybersecurity teams during high-security events, following incident response guidelines. Collaborates with MSSP analysts to investigate escalated alerts and validate detection logic. Works with information security officers (ISOs) and cyber governance to exchange information with IT directors and support departments, schools, or units (DSUs) in their recovery from incidents. Provides executive communication, finished incident reports and forensics data, as appropriate, advising management on decisions that may significantly affect operations, policies, or procedures
Analyzes security logs, network traffic, and other data sources to identify indicators of compromise (IOC) and malicious activity. Forensically analyzes end user systems and servers found to have possible IOC, as well as artifacts collected during a security incidents. Interacts with server owners, system custodians, and IT contacts (e.g., ITS, departments, schools, or units ) to facilitate incident response activities, including system access, and containment or remediation actions. Reviews and addresses false positives, collaborating with other cyber teams (including pro and managed service teams) to refine and improve the accuracy of security tool configuration rules and policies. Monitors and triages OT security alerts (e.g., enrichment, log analysis, false positive suppression) and carries out incident identification and prioritization
Oversees, leads, and conducts post-incident reviews and lessons learned sessions to identify areas for improvement. Analyzes findings and produces fact-based reports identifying root causes and solutions. Maintains detailed documentation of incidents, including timelines, actions taken, and lessons learned. Reviews analysis and conclusions of other analysts and/or consultants, when applicable. Evaluates the resilience of the cybersecurity controls and mitigation actions taken after a cybersecurity or data breach incident. Participates in tabletop exercises and threat hunts; provides insights into detection effectiveness
Ensures processes and procedures follow established standards, guidelines, and protocols (including OT environments). Maintains currency with legal, regulatory, and technological changes and/or advancements that may impact incident response operations; communicates changes and/or recommended updates to cyber defense leadership and staff. Maintains currency with emerging OT security trends, technologies, and compliance requirements
Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute through their ideas, words and actions, in accordance with the USC Code of Ethics

Qualification

Incident responseCyber threat intelligenceSOAR toolsSplunkDigital forensicsSecurity monitoringNIST frameworksSANS frameworksEndpoint protectionCommunication skillsCritical thinkingAttention to detailOrganizational skills

Required

5 years of experience in key Cyber Defense areas, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management)
A bachelor's degree or combined experience and education as substitute for minimum education
GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), or equivalent
Significant experience in SOC analysis or incident response capacity
Experience in handling various types of security incidents, including malware infections, data breaches, and denial-of-service attacks
In-depth knowledge of incident response methodologies and frameworks (e.g., NIST, SANS)
Experience with Splunk and Chronicle SIEM platforms for alert triage and investigation
Proficiency with SOAR tools and incident playbook execution
Ability to analyze complex security incidents, identify patterns and draw conclusions from data
Excellent written and oral communication skills, and an exemplary attention to detail
Basic knowledge of digital forensics and incident response (DFIR) and experience conducting digital forensic investigations
Demonstrated understanding of information security principles, network protocols, and operating systems
Ability to work closely with other cybersecurity teams (e.g., cyber threat intelligence, cybersecurity monitoring) and other cybersecurity risk management functions to identify risks and threats and assess their impact
Familiarity with security tools and technologies (e.g., security Information and event management, intrusion detection/prevention systems) and forensic analysis tools
Ability to develop and maintain incident response OT cybersecurity policies, standards, and related documentation
Knowledge of OT/IoT cybersecurity threats and vulnerabilities posed by new technologies and malicious actors
Basic knowledge industrial control systems (ICS)
Basic knowledge of OT/IoT/ICS systems, protocols, and forensic analysis techniques
Expertise in electronic investigations, forensic tools, and techniques, encompassing log correlation and analysis, electronic data management, malware detection, and knowledge of computer security investigation procedures
Skill in applying threat intel to detection triage and threat hunting
Experience in SaaS incident investigation (e.g., GSuite, O365, Workday)
Working knowledge of endpoint protection platforms (e.g., EDR)
Demonstrated organizational, critical thinking and analytical skills; ability to develop effective response strategies
Knowledge of industry standard security incident response processes, procedures, and lifecycles
Thorough understanding of technology, tools, policies and standards related to security systems and incident response
Ability to work evenings, weekends and holidays as the schedule dictates

Preferred

7 years of related experience
A bachelor's degree in information science or computer science or computer engineering or in related field(s); or combined experience/education as substitute for minimum education
CISSP
CISM
Microsoft Certified SOC Analyst

Benefits

USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents’ health, wealth, and future.

Company

USC

twittertwittertwitter
company-logo
USC is the UK's leading multi-branded high-street fashion retailer.
dateFounded in 1986
location
Mansfield, Nottinghamshire, GBR
people-size201-500 employees
web-link
https://www.usc.co.uk/

Funding

Current Stage
Growth Stage
Total Funding
unknown
2013-02-28Acquired

Leadership Team

A
Angus Morrison
Co-Founder
leader-logo
David Douglas
Founder

Recent News

Morningstar.com
Experian Joins as Title Sponsor of the 2025 Hall of Fame Series Los Angeles Event
2025-10-09
Company data provided by crunchbase