Presidio Trust · 4 hours ago
Cybersecurity Analyst
San Francisco, CA
Full-time
Onsite
Mid, Senior Level
$99K/yr - $113K/yr
5+ years expThe Presidio Trust is an innovative federal agency that stewards and shares the history, beauty, and wonder of the Presidio for everyone to enjoy forever. The Cybersecurity Analyst provides operational cybersecurity support to protect the Trust’s information systems, networks, and data, performing day-to-day security monitoring, incident response support, and compliance-related activities.
Amusement Park and ArcadeGovernmentInternetMuseums and Historical SitesNatural ResourcesNon ProfitTraining
Responsibilities
Monitor, analyze, and correlate security alerts, logs, dashboards and events using cybersecurity tools (e.g. IAM, SIEM, endpoint protection, email security, network and cloud logs) to identify potential threats, anomalies, and suspicious activity
Triage and investigate cybersecurity incidents; validate alerts through correlating logs and indicators of compromise (IOCs) analysis to assess impact, reduce false positives, and support incident containment and recovery
Collect, preserve, and analyze initial incident evidence; document findings, develop timelines, and escalate significant or complex incidents to the Principal Cybersecurity Architect. Investigate and support end-to-end incident response activities, including containment, eradication, recovery, and evidence collection
Execute, maintain and improve incident response playbooks and standard operating procedures (such as phishing, malware, account compromise, suspicious privileged access, data exposure), to ensure consistent and efficient response actions
Support vulnerability scanning, risk-based prioritization, and remediation tracking across endpoints, servers, network devices, and cloud environments ; collaborate with IT teams to reduce exposure and track remediation progress
Contribute to endpoint protection and detection engineering efforts, including EDR policy tuning, alert rule optimization, and escalation of detection gaps or recurring trends
Support engineering efforts to deploy new security tools and technical controls
Support administration, tuning and operations of cybersecurity tools (including identity and access management (IAM), endpoint and mobile device protection (EDR, MDM), security incident and event management (SIEM), firewalls, vulnerability management, email security, data loss prevention (DLP), web filtering, and cybersecurity training tools), coordinating changes and validating outcomes
Participate in technical evaluations of systems, security assessments, audits, and penetration testing activities by gathering evidence, validating control effectiveness, and supporting remediation planning
Maintain accurate and timely cybersecurity documentation, including incident reports, root cause analysis, security procedures/runbooks, tool configuration records, and operational metrics
Support cybersecurity awareness and training initiatives by contributing content, analyzing phishing simulation results, tracking compliance, and promoting security best practices
Assist in ensuring compliance with established security policies and regulatory standards (e.g., NIST, CIS Controls, FedRAMP/FISMA) through support for control monitoring and audit readiness
Stay informed of emerging cybersecurity threats, vulnerabilities, and best practices; proactively recommend operational improvements within assigned responsibilities
Perform other duties as assigned
Qualification
Required
Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a closely related technical field; or an equivalent combination of education and relevant professional experience
5 years of progressively responsible experience in cybersecurity operations, incident response, vulnerability management, or closely related IT security roles
Working knowledge of cybersecurity fundamentals, including common threats, attack vectors, kill chain/attack lifecycle concepts, and defensive techniques
Familiarity with cybersecurity frameworks and compliance standards (e.g., NIST, CIS Controls, SOC 2, FedRAMP / FISMA), including experience supporting audits, assessments or control evidence collection
Hands-on experience with log analysis, endpoint and network telemetry, authentication and authorization concepts, and basic forensic analysis
Experience using common cybersecurity tools and platforms, such as endpoint detection and response (EDR), security incident and event management (SIEM), vulnerability scanning, email security controls, identity and authentication systems, and firewalls
Working familiarity with a broad set of core IT domains, such as operating systems (e.g., Windows and Linux), identity and access management (e.g., directory services, RBAC, MFA, SSO), networking protocols (e.g., TCP/IP, DNS, HTTP/S, TLS), storage, cloud environments, and endpoint and device management
Strong analytical and problem-solving skills with the ability to manage multiple priorities, investigate ambiguous issues, and drive tasks to closure
Strong written and verbal communication skills, including the ability to clearly document technical findings and collaborate effectively with IT staff and business stakeholders
Preferred
Professional certifications such as CompTIA Security+, CySA+, GIAC (GSEC/GCIH), or similar are preferred
Basic scripting or automation skills (e.g. Python, PowerShell) to support investigations, reporting, data analysis or operational tasks
Familiarity with IT Service Management concepts such as change management, incident management, asset management and configuration baselines
Benefits
This is a full-time position with benefits.
The Presidio Trust is an equal opportunity employer, offering a competitive benefits package.
Company
Presidio Trust
The Presidio of San Francisco is a park and former military base on the northern tip of the San Francisco Peninsula in San Francisco
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Jean Fraser
Chief Executive Officer
Diana Simmons
Chief Operating Officer
Recent News
San Francisco Chronicle
2025-10-03
Seattle TechFlash
2025-07-18
Morningstar.com
2025-07-16
Company data provided by crunchbase