Senior Security Operations Analyst

Monroe University, founded in 1933, is a national leader in higher education access, affordability, and attainment. We believe in the power of education to facilitate social mobility and transform communities, and embrace our responsibility to advocate national policies that serve students’ best interests. We are proud of our outcomes and unique caring environment, especially for first-generation college students, newly arriving immigrants, and international students. Our innovative curriculum, taught by experienced industry professionals, integrates local, national, and global perspectives. Our academic programs align with industries that drive the New York and international economies that we serve. Our graduates are prepared for continued scholarship, professional growth, and career advancement.

Overview of the Position:

The Senior Security Operations Analyst is a senior individual contributor within Cybersecurity at Monroe University. This role owns Monroe’s operational security posture day-to-day — including the relationship with the outsourced Security Operations Center, incident response coordination, SIEM tuning and content development, and endpoint detection and response operations. The Senior Security Operations Analyst serves as the institution’s internal operational leader for detection and response, translating external SOC output into actionable institutional response and driving continuous improvement of Monroe’s detection capability. This role partners closely with the IT team, the outsourced SOC vendor, and external specialized firms engaged for forensics or incident response.

Core Responsibilities:

•   Own the day-to-day relationship with Monroe’s outsourced Security Operations Center — reviewing alert quality, validating findings, driving SLA performance, and escalating vendor issues.

•   Serve as the institution’s primary incident responder — coordinating response activities, engaging IT and business stakeholders, managing vendor escalations, and producing incident documentation and after-action reports.

•   Develop, maintain, and exercise Monroe’s incident response playbooks and runbooks, aligned with NIST 800-61 and institutional regulatory obligations (GLBA Safeguards Rule, FERPA, state notification laws).

•   Conduct regular tabletop exercises with IT, legal, communications, and leadership to validate response capability and identify improvement areas.

•   Own SIEM tuning, content development, and log source onboarding — ensuring that Monroe’s detection platform has the visibility required to support the outsourced SOC and internal threat hunting.

•   Administer and optimize endpoint detection and response (EDR/XDR) across the institution’s endpoints and servers, ensuring consistent policy, current agent coverage, and response-ready tooling.

•   Collaborate with the Senior Vulnerability and Threat Analyst on threat-informed detection engineering — translating threat intelligence and red team findings into new detections.

•   Partner with the Senior IAM Engineer on identity-centric detections, including credential compromise indicators, anomalous authentication patterns, and privileged account misuse.

•   Serve as Monroe’s operational liaison to external specialized firms during compromise assessments, forensic investigations, or incident response engagements.

•   Produce operational metrics and reporting for the CISO and CIO, including mean-time-to-detect, mean-time-to-contain, alert volume trends, and SOC vendor performance.

•   Support GLBA Safeguards Rule compliance by maintaining documented evidence of monitoring, incident response, and detection capability.

•   Lead Monroe’s incident response on-call rotation and serve as the primary escalation point for after-hours security events.

Skills and Attributes:

•   Deep hands-on experience with enterprise SIEM platforms (Microsoft Sentinel, Splunk, IBM QRadar, or equivalent), including detection engineering, log source management, and query language fluency.

•   Strong working knowledge of endpoint detection and response platforms (CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, or equivalent), including policy design, response actions, and threat hunting.

•   Demonstrated incident response experience across multiple incident types — ransomware, credential compromise, phishing, insider risk, data exfiltration.

•   Fluency in the MITRE ATT&CK framework and ability to operationalize it within detection engineering and IR playbooks.

•   Experience managing outsourced SOC relationships — contract terms, SLAs, escalation paths, performance management, and vendor transition.

•   Strong scripting skills in Python, PowerShell, or KQL (Kusto Query Language) for detection development and automation.

•   Understanding of higher-education operational context — academic calendar impact on IT operations, student/faculty/staff authentication patterns, campus-level incident communication — or demonstrated ability to learn rapidly.

•   Excellent written and verbal communication skills; ability to produce clear incident documentation and communicate effectively during high-pressure situations.

•   Calm, deliberate judgment during incidents; ability to maintain clarity and structure when systems are compromised and stakeholders are anxious.

•   Collaborative orientation and comfort working with external vendors, internal IT teams, General Counsel, and senior leadership.

Qualifications:

•   Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field; equivalent professional experience considered.

•   Minimum 6–8 years of progressive experience in security operations, incident response, or detection engineering, with at least 3 years in a senior analyst role.

•   Professional certifications such as CISSP, GIAC GCIH, GIAC GCFA, GIAC GCIA, or equivalent strongly preferred.

•   Experience in higher education, healthcare, financial services, or another regulated environment is preferred.

•   Demonstrated incident response leadership experience, ideally including engagements involving external forensics or IR firms.

•   Ability to work on-site at Monroe’s Bronx and New Rochelle campuses at least four days per week, with after-hours on-call availability.

Compensation Range: $80,000 - $130,000 annually