Wesleyan University · 15 hours ago
Information Security Analyst
Middletown, CT
Full-time
Hybrid
Entry, Mid Level
$93K/yr - $121K/yr
2+ years expWesleyan University is one of the nation’s premier liberal arts colleges located in Middletown, Connecticut. The Information Security Analyst will help protect the university’s data and systems from cyber threats while working on monitoring, incident response, and risk reduction across a cloud-forward environment.
Higher Education
Responsibilities
Monitor, operate and tune Microsoft Defender console and related security tooling
Develop and maintain detections, dashboards, alerts, and escalation procedures
Serve as first or second level responder for security incidents in ServiceNow
Coordinate containment, eradication, recovery, and post-incident reviews
Maintain incident response playbooks
Participate in an on-call rotation
Operate the Nessus Professional vulnerability management system and prioritize findings by exploitability and asset risk
Partner with system owners to remediate vulnerabilities and validate secure configuration baselines for servers, endpoints, and cloud services
Support identity and access management controls including MFA (Duo), SSO/SAML/OAuth, privileged access
Assist with access reviews, role hygiene and identity governance activities
Implement data protection controls such as encryption, secure file-sharing aligned with data classification standards
Conduct security risk assessments for new systems and vendors
Review security terms and attestations, including SOC2 and HECVAT
Support compliance obligations including FERPA, GLBA Safeguards Rule, PCI DSS, HIPAA, DMCA
Assist with audit preparation and evidence collection
Deliver targeted training; publish advisories and publish guidance in ITS knowledge base
Forward Data Privacy Officer requests to relevant business offices
Administer security platforms including Duo, LastPass, and Mimecast
Maintain Nmap SSL certificate scanning process and communicate findings to system owners
Perform periodic user access reviews in systems such as Workday
Track higher-ed–relevant threat actor tactics and translate intelligence into detections, controls, and tabletop exercises
Partner with service owners to show and remediate cloud and SaaS misconfigurations
Support security reviews of new SaaS platforms and research tools; recommending compensating controls when vendors security capabilities fall short
Produce metrics and reports that inform security prioritization and resource allocation
Maintain right, auditable documentation, including asset inventories, data flows, and exception registers
Propose practical high impact improvements such as policy, control, or automation that reduce risk quickly while minimizing disruptions to academic and business operations
Qualification
Required
Bachelor's degree in information security, computer science, information systems, or related field and a minimum of two years of hands-on experience in at least two of the following: incident response, SOC operations, vulnerability management, endpoint security, cloud security, IAM or an or equivalent combination of education, training and relevant experience
Familiarity with SIEM, EDR, email security gateways, vulnerability scanners, and basic network security concepts (firewalls, subnets, DNS, etc.)
Working knowledge of one or more of the following: Windows, macOS, Linux
Working knowledge of common enterprise/cloud services (e.g., AWS, Azure AD/Entra, Google Workspace, O365, SAML/OAuth)
Ability to read and interpret logs; comfort writing basic queries and simple scripts (PowerShell or Python) to automate routine tasks
Understanding of FERPA and GLBA Safeguards; awareness of PCI DSS fundamentals
Effective communicator with the ability to translate technical security requirements into language that helps non-technical users make informed decisions
Proven ability to move security findings from identification to effective remediation
Ability to work in a decentralized environment with diverse stakeholders
Willingness to support incident response outside normal business hours when required
Preferred
One or more of the following certifications (or in progress): Security+, CySA+, GSEC, GCIH, GCIA, GCED, GMON, SSCP, CISSP, or equivalent
Experience with AWS security services and identity governance/access reviews
Experience in a university or research-heavy environment, including support for labs or HPC and data use agreements
Detection engineering (use-case development, sigma/KQL, threat hunting)
Forensics fundamentals (endpoint triage, memory/disk basics) and evidence handling
Secure configuration management (CIS benchmarks), vulnerability prioritization (KEV/CVSS context), and patch orchestration
Vendor/security assessment of SaaS with practical compensating controls when 'perfect' is not available
Benefits
Comprehensive group insurance plans
Wellness programs and incentives
Generous paid time off
Retirement plans
Flexible work schedules
Employee and dependent tuition programs for those who qualify
Company
Wesleyan University
Wesleyan University is a diverse, energetic liberal arts community where critical thinking and practical idealism go hand in hand.
501-1000 employees
H1B Sponsorship
Wesleyan University has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (14)
2024 (10)
2023 (9)
2022 (13)
2021 (6)
2020 (8)
Funding
Current Stage
Late StageLeadership Team
Debbra Goh
Co-Founder & Student Leader, WesThrift @ 284 High
Dave Baird
Vice President for Information Technology and Chief Information Officer
Recent News
2025-09-20
bloomberglaw.com
2025-08-27
Company data provided by crunchbase