The Security Analyst is a focal point for all IT security related matters. The SA is responsible for reviewing and analyzing the University’s technology security posture, both technically and procedurally, then make recommendations on security solutions to ensure the University remains secure and remediates any weaknesses. Additionally, the SA will assist in the creation and modification of security or compliance related policies and procedures. The SA is also responsible for reporting on the status of SHU’s security posture and risk assessment and assisting in making the SHU community more security aware. Additional duties include assisting in the supervision, mentoring and training of Student Security Analysts.
Duties and Responsibilities:
Technology Security Threat Assessment and Monitoring - The Security Analyst will use various tools to assess the security status of the University’s end points, data center, network, firewalls and other security components to ensure they are secure and meet the University management’s service and operational level objectives. The SA will also establish baselines for security performance and monitor all security systems against those baselines. Based on these tools, the SA will make strategic, tactical and operation recommendations to reduce the risk to SHU assets.
Security Architecture – The Security Analyst will work closely with the IT Architecture and Systems teams to assist in and advise on infrastructure design, to ensure that the integrity of the security posture is continuously improving and that threats are being mitigated as they emerge. The SA will also identify security design gaps in existing and proposed local and cloud architectures and recommend changes or enhancements. The Security Analyst will oversee the research, deployment, and ongoing maintenance of various security tools. The SA will manage the delivery of security systems, ensuring that project timelines and statements of work are fulfilled as expected. The SA will train users in the implementation or conversion of systems through in-person or online training and the development of a security application knowledgebase.
Technology Security, Risk and Compliance Policy and Procedure Documentation - The Security Analyst will create new policies or modify and amend existing policies as directed by SHU IT management or as required by regulatory compliance such as PCI. The SA will also create or modify procedures for security operations, compliance enforcement and continual security improvement within the IT Service Management (ITSM) governance framework. The SA will monitor SHU's compliance with policies and procedures to reduce and mitigate risk to SHU assets and reputation.
Technology Security and Risk Awareness - Security Analyst will assist in developing, maintaining and conducting an ongoing security awareness program. This may include print, electronic and video messages to the Seton Hall community regarding cyber security, institutional technical security and personal identity security. The awareness campaigns will be a regular ongoing program as well for specific calendar events such as Cyber Security Month and when there is a specific incident or threat to the SHU environment.The SA will help facilitate, develop and support the IT security/risk training curriculum while continually learning and promoting the awareness of applicable regulatory standards, upstream risks and industry best practices, all in an effort to protect SHU assets.
Technology Incident Response - The Security Analyst is focul point of the incident response team that will be respond to a security incident. The team will follow the documented procedures from IT Security Incident Response Plan, the PCI DSS Incident Response plan or other appropriate procedures, such Spam or Virus. The SA will be the key point of contact during an incident and will be responsible for communication with IT and SHU management, Public Safety, third party vendors, insurance agencies and regulatory agencies. Upon resolution of any incident, the SA will document the incident, remediation and lessons learned and the update appropriate policies and procedures. The SA is also responsible for performing a forensics analysis following a security incident.
BS - Computer Science or similar
3 - 5 years experience in cyber security
(SEIM); Intrusion Prevention and/or Detection (IPS/IDS); Vulnerability scanning; Data Loss Prevention (DLP); Threat Hunting; Splunk; Qaulys; Palo Alto.
Licenses and Certificates:
Security + certification
Administrative - AD190
General Office Environment
Seton Hall University is an Equal Opportunity/Affirmative Action employer. All applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation or sex.
Internal Number: 493716
About Seton Hall University
Seton Hall University is a major Catholic university. In a diverse and collaborative environment it focuses on academic and ethical development. Seton Hall students are prepared to be leaders in their professional and community lives in a global society and are challenged by outstanding faculty, an evolving technologically advanced setting and values-centered curricula.