Senior Cybersecurity Analyst (Permanent – Hybrid – La Mirada, CA)

Join the team that connects California to the world! Our client is dedicated to advancing education and research statewide by providing a world-class computing network essential for innovation, collaboration, and economic growth. Their organization operates the California Research and Education Network (CalREN), a high-capacity computer network spanning over 8,000 miles of optical fiber. CalREN serves over 20 million users across California, including the vast majority of K-20 students, educators, researchers, and individuals at other vital public-serving institutions. If you’re passionate about leveraging world-class computing networks for innovation, collaboration, and economic growth, this is your opportunity to make a significant impact.

Our client is seeking a highly experienced and proactive Senior Cybersecurity Analyst. This full-time, permanent position, based hybrid in La Mirada, California, offers a competitive salary range of $115.5K/yr – $144.3K/yr. Reporting to the Manager, Information Security Office, you’ll actively serve as a crucial cybersecurity resource on multiple complex projects. You’ll initiate and drive security activities to ensure our client’s networks, systems, and data are protected and readily available to support the organization’s mission to serve the California educational community. Working as part of the core security team, you’ll collaborate with members of our client’s Security Advisory Committee, peer staff throughout the organization, and external solution partners to establish and enhance security tools, resources, and processes. Your responsibilities will cover data protection, incident response, vulnerability management, email gateway security, identity and access management security architecture, network security monitoring, malware defense, and security awareness training. This position also functions as a vital point of cybersecurity expertise for internal staff and may involve representing our client in technical forums, panel discussions, and conference presentations.

What You Will Do: Driving Comprehensive Cybersecurity for a Critical Network

As a Senior Cybersecurity Analyst, you’ll be at the forefront of protecting California’s vital Research and Education Network. Your role demands broad cybersecurity expertise, from threat analysis and incident response to vulnerability management and strategic security enhancements.

• Lead Security Activities and Solutions: You’ll actively work under limited supervision with members of the Information Security Office (ISO) and extended teams on security solutions and implementations. This involves initiating and driving security activities to ensure our client’s networks, systems, and data are robustly protected and continuously available to support the organization’s mission to serve the California educational community.
• Serve as a Core ISO Team Member: You’ll function as a core member of our client’s Information Security Office (ISO), performing diverse security duties. This includes maintaining threat awareness, conducting proactive network traffic analysis to detect anomalies, leading incident response efforts, performing detailed forensic analysis to understand security breaches, and driving the resolution of security incidents. Your vigilance ensures network integrity.
• Collaborate on Security Operations Center (SOC) Development: You will collaborate extensively with our client’s Security Advisory Committee, segment leaders, and other security experts around the state to develop strategic plans for establishing and enhancing a Security Operations Center (SOC), ensuring a centralized and proactive approach to network defense.
• Integrate Security into Network Environment: You’ll integrate deep knowledge of network protocols, services, threats, vulnerabilities, mitigation strategies, and hardware capabilities. This comprehensive understanding will allow you to build a security environment that effectively reduces and mitigates risk while simultaneously allowing our client’s open science mission to succeed without unnecessary hindrance.
• Evaluate Data for Incident Detection: You’ll meticulously evaluate a wide range of security data from various sources, including Zeek (Bro) logs, email security logs, netflow data, centralized syslog, authentication logs, and others, to effectively detect security incidents. Upon detection of suspicious activity, you’ll take timely action, which may include blocking problem traffic, sending immediate alerts, and/or initiating in-depth investigations.
• Maintain ISO Documentation and Lead New Projects: You will meticulously maintain ISO documentation and perform updates as needed, ensuring all security processes, configurations, and incident responses are accurately recorded. You’ll also work with internal and external stakeholders to lead and complete new ISO projects and initiatives, driving continuous improvement in our client’s security posture.
• Identify and Integrate Threat Intelligence Feeds: You’ll be responsible for identifying and integrating available threat intelligence feeds with our client’s network security monitoring and SIEM services. This proactive measure ensures that our client’s defenses are continuously updated with the latest information on emerging threats, attack indicators, and vulnerabilities, enabling more effective detection and response.
• Design and Implement Secure Email Gateway Services: You’ll work closely with ISO staff and peer teams to design and implement secure email gateway services. This involves configuring email security solutions to filter malware, phishing attempts, spam, and other email-borne threats, protecting users and systems from a primary attack vector.
• Design and Implement Secure Identity and Access Management Services: You’ll collaborate with ISO staff and peer teams to design and implement secure identity and access management (IAM) services. This ensures robust user authentication, authorization, and privileged access management, controlling who can access what resources and safeguarding sensitive data.
• Perform Threat Hunting for Anomalous Activity: You will regularly perform threat hunting to proactively search for anomalous activity within our client’s network and systems. This involves leveraging security data to identify suspicious patterns, hidden threats, or signs of compromise that might bypass automated defenses, enhancing the overall detection capabilities.
• Monitor and Respond to Security Alerts: You’ll be responsible for monitoring and responding to security alerts generated by various tools. This involves triaging alerts, assessing their severity, and initiating appropriate response actions to mitigate potential threats quickly.
• Maintain Vulnerability Management Asset Inventory: You’ll meticulously maintain the vulnerability management asset inventory to ensure accurate reporting. This involves keeping track of all network devices, servers, applications, and other IT assets, as well as their associated vulnerabilities, which is crucial for effective risk management and compliance.
• Create Weekly Public Vulnerability Scan Report: You’ll be responsible for creating the weekly public vulnerability scan report, summarizing key findings from regular vulnerability scans for internal and external stakeholders.
• Create Monthly Enterprise Vulnerability Risk Status Report: You’ll prepare a comprehensive monthly enterprise vulnerability risk status report, providing a broader overview of the organization’s vulnerability posture, trends, and mitigation efforts to executive leadership.
• Identify and Attend Approved Online Training: You’ll proactively identify and attend approved online training on a periodic basis, ensuring your cybersecurity skills remain current with the latest industry trends and threat landscapes.
• Lead Incident Response Efforts: You’ll take a leading role in incident response efforts, coordinating with internal and external security personnel and system administrators to contain, eradicate, and recover from security incidents.
• Respond to Complaints and Notifications: You’ll respond appropriately to internal and/or external complaints and notifications related to security issues (e.g., scanning, hacking, spamming), ensuring proper investigation and resolution.
• Promote a Strong Security Culture: You will actively promote a strong security culture throughout our client’s internal network, consulting with our client’s management and staff to foster security awareness and best practices.
• On-Call Availability: You must have the ability to be ‘on call’ outside of regular business hours on a regular and recurring basis, ensuring 24/7/365 readiness for critical incident response.

Key Success Factors: Cultivating Operational Excellence and Innovation

Your success in this role will be defined by a powerful combination of technical expertise, strategic thinking, and strong interpersonal skills, all contributing to a robust security posture for our client and its mission.

• Prioritization and Timely Completion: You possess the ability to prioritize and complete tasks assigned in a timely manner, even in a fast-paced environment with rapidly changing priorities.
• Strong Interpersonal and Teamwork Skills: You bring strong interpersonal skills and the ability to work well in a team-oriented environment, fostering collaboration and positive working relationships. You are also capable of leading teams to reach consensus on complex security issues.
• Working Knowledge of IP-Based Networking: You have a working knowledge of IP-based networking, understanding fundamental concepts, protocols, and architectures essential for network security.
• Scripting and Data Manipulation Proficiency: You have a working knowledge of scripting using regular expressions and proficiency with data and text manipulation tools such as awk and sed, enabling efficient parsing and analysis of logs and other textual data for security insights.
• Background in Statistics and Analytics: You have a background in basic statistics and analytics, and experience with modern analytic and visualization packages (e.g., Tableau, Power BI), enabling data-driven security insights and reporting.
• Adept at Understanding and Learning Technical Information: You are adept at understanding complex technical information and quickly learning new concepts, essential for staying current in the rapidly evolving cybersecurity field.
• Self-Motivated and Independent Worker: You are self-motivated with a demonstrated ability to work highly independently, requiring little direct supervision. This indicates a proactive approach and strong ownership of responsibilities.
• Keen Attention to Detail: You demonstrate keen attention to detail, consistently avoiding shortcuts that may adversely impact the quality of work, ensuring precision in security implementations and analyses.
• Strong Analytical and Problem-Solving Skills: You possess strong analytical and problem-solving skills, enabling you to dissect complex security challenges, identify root causes, and devise effective, robust solutions.
• Prioritize Security and Privacy Principles: You consistently demonstrate the ability to consider, understand, and prioritize security (and privacy, where applicable) principles, practices, and procedures in all aspects of your role with our client.
• Experience Streamlining Operations: You have experience streamlining operational capabilities through standardization and automation, enhancing security operations and reducing manual effort.
• Consultant for Security Design Vision: You possess the ability to serve as a strategic consultant on the long-range vision for security design for our client’s security services, influencing future architectural decisions and technology roadmaps.
• Proactive Security Enhancements: You are able to identify and implement security enhancements that will maximize our client’s security profile while remaining sensitive to its mission.
• Effective Communication and Proposal Development: You have the ability to formulate, organize, and present ideas in an effective manner. You can develop compelling proposals and clearly articulate cost/benefit trade-offs to various audiences, securing buy-in for security initiatives.
• Knowledge of Encryption Techniques: You have knowledge of public-key and private-key encryption techniques, including DES, RSA, and PGP/GPG.
• Strong Understanding of Complex TCP/IP Networks: You possess a strong understanding of complex TCP/IP networks.
• Knowledge of Layer 2, Wireless, Switching, and Routing Protocols: You have knowledge of Layer 2 protocols, Wireless networking, Switching, and Routing Protocols.
• Familiarity with Virtualized Environments: You have familiarity with securing virtualized environments.
• Familiarity with Research and Education Networks: You have familiarity and experience working on research and education networks, and within Research and Education networking communities in the US or abroad.

Required Education And/Or Experience: Your Foundation

• Educational Background: A BA/BS in computer science or a related field, or equivalent experience, is required.
• Information Security Experience (7+ years): You must have a minimum of 7 years of experience in information security, cybersecurity, or network security engineering design, deployment, and implementation of security solutions. This includes continuous monitoring and making improvements to those solutions, working with the information security and security operations teams.
• Mid-Level Cybersecurity Certification: Certifications and/or equivalent training in a technical security specialty (e.g., GIAC, CISSP) are required, validating your expertise.
• SIEM Experience (4+ years): A minimum of 4 years of experience running and supporting Security Information and Event Management (SIEM) services is required.
• Vulnerability Management Experience (4+ years): A minimum of 4 years of experience running and supporting vulnerability management services is required.

Preferred Education And/Or Experience: Enhancing Your Profile

• Advanced Security Education: A Bachelor’s degree in cybersecurity, information assurance, or a related field is preferred.
• SOAR Experience: Experience configuring and supporting security orchestration and automated response (SOAR) services is a plus.
• Programming Experience: Experience programming in C, C++, Python, Ruby, or other popular languages is preferred.
• Unix/Linux Administration: A minimum of 4 years of experience maintaining and administering production Unix/Linux operating systems, including RedHat/CentOS and FreeBSD variants, is preferred.

Why Work at Our Client? Making a Meaningful Impact

Working at our client offers a unique opportunity to contribute to a vital public service mission within a supportive and impactful environment.

• Company Culture: Benefit from a company culture characterized by small teams and a collaborative environment, providing the opportunity to make a large impact in a relatively small organization.
• Community Engagement: Your work has direct and profound meaning, as you’ll be actively engaging with research and education institutions in the largest state economy in the United States. The technology solutions you help deliver directly support millions of students, educators, and researchers.
• Generous Health Benefits: Our client provides generous medical, dental, vision, and life insurance benefits, ensuring your well-being is prioritized.
• Liberal Paid Time Off: Enjoy liberal vacation, holiday, and sick leave policies, promoting a healthy work-life balance and providing ample time for personal pursuits.
• Investment in Your Future: Our client demonstrates a strong investment in your future by contributing to your 403(b) retirement plan, even if you don’t contribute yourself. They also offer matching contributions on top of that, helping you build significant long-term financial security.

Work Environment & Hours:

This position operates in a professional office environment with standard office equipment. The Information Security Office (ISO) operates weekdays between 8 AM and 5 PM PST, but maintains 24 hours a day, 7 days a week, 365 days a year availability for incident response needs. An employee’s work shift is based on our client’s business needs.

Work Authorization: Documented Proof of identity and legal eligibility to work in the United States. Applicants must be authorized to work for any employer in the U.S. Our client is unable to sponsor or take over sponsorship of an employment Visa at this time.