We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
UMass Amherst jobs

Senior Information Security Analyst

UMass Amherst
United States, Massachusetts, Amherst
Feb 28, 2026

Title: Senior Information Security Analyst

Executive Area: Information Technologies

College/School/MBU: Information Technology

Department: IT Information Security

Work Location: Amherst

Schedule: Full time

Work Arrangement: Hybrid

Job Summary

The Senior Information Security Analyst delivers advanced technical and strategic leadership for the University's hybrid information security program. The role oversees enterprise security operations-including vulnerability management, threat detection, incident response, and digital forensics-across on premises and cloud environments. The analyst leads secure architecture design for major technology projects, conducts complex security audits and risk assessments, and implements technical safeguards to protect institutional systems. They research emerging security technologies, advise leadership on solution strategy, and collaborate with stakeholders to manage risk, ensure compliance, and support the ongoing maturity of security policies, training, and metrics.

Essential Functions

Provides advanced technical leadership for enterprise security operations across hybrid on premises and cloud environments. Directs end to end vulnerability lifecycle management, coordinates complex incident response and digital forensics, and oversees continuous threat detection, containment, and remediation using both traditional security platforms and cloud native security services (e.g., AWS Security Hub).

Drives the architecture, automation, and optimization of security operations to ensure resilient, scalable, and intelligence driven protection aligned with institutional risk and compliance requirements.

Conducts advanced security audits and enterprise risk assessments across hybrid on premises and cloud environments. Designs and implements technical safeguards to protect university systems, leveraging both traditional security technologies and cloud native security controls. Provides expert level support for security tools and frameworks, performs deep dive analysis of intrusion artifacts and malware, and reconstructs attack timelines to identify indicators of compromise and strengthen detection and response capabilities.

Leads secure architecture design for major security and technology projects by evaluating, selecting, and engineering security solutions across hybrid on premises and cloud environments. Ensures project designs incorporate appropriate security controls, architecture principles, and governance requirements, and provides expert direction on how security technologies should be implemented and integrated throughout the project lifecycle.

Conducts deep technical research and analysis of emerging security capabilities-both traditional and cloudnative-to inform technology strategy and solution design. Advises senior leadership and project teams on optimal approaches for implementing, integrating, and operationalizing security solutions to strengthen the institution's overall security posture.

Manages complex system and information security incidents across on premises and cloud environments, including coordinating digital forensics investigations, analyzing cloud native logs and telemetry, and leading containment, eradication, and notification activities. Leverages both traditional security tools and cloud native capabilities to investigate threats and ensure rapid, effective response.

Work with internal and external stakeholders on strategic security initiatives. Collaborates with campus business units to manage information security risks and meet relevant compliance requirements, including conducting risk assessments, analyzing security threats, and advising on risk mitigation strategies aligned with institutional goals.

Develops and recommend updates to policies, standards, procedures, solutions and governance frameworks to address information security, compliance and privacy risks.

Contributes to documentation, training, and metrics gathering in support of the information security program.

Other Functions

Performs other duties as assigned.

Minimum Qualifications

Bachelor's Degree with 7 years' relevant experience
-or- associate's degree with 9 years' relevant experience
-or- high school diploma with 11 years' relevant experience.

Expert understanding of multiple IT domains and their interdependence.

Expert understanding of and experience with information security frameworks, privacy laws, and regulatory requirements (e.g., NIST, FERPA, HIPAA, PCI-DSS, ISO 27001).

Demonstrated technical understanding of system and network security, incident response, and compliance requirements.

Expertise in forensic analysis, and security architecture.

Experience with security tools such as SIEM, EDR/XDR, forensics tools, firewalls, IDS/IPS, vulnerability management platforms, etc.

Deep understanding of security governance, risk management frameworks, and regulatory compliance.

Demonstrated ability to lead security initiatives and projects at an enterprise level.

Strong analytical and critical thinking skills to assess security risks and develop mitigation strategies.

Experience designing, assessing and implementing security controls in one or more cloud environments, such as Microsoft Azure, Amazon AWS, Google GCP, etc.

Demonstrated technical understanding of system, network and cloud security, incident management, intrusion detection, vulnerability and patch management, and other related concepts and technologies.

Experience with computer incident response, including data collection, investigations, containment, and remediation.

Excellent written and verbal communication skills with ability to work with a diverse constituency in a service-based organization with both technical and non-technical team members.

Ability to pass CJIS background check.

Ability to manage multiple competing priorities and deadlines in a fast-paced working environment.

Preferred Qualifications

Computer Information Systems Security Professional (CISSP) or a related information security or computer forensics certification.

Higher Education experience.

Additional Details

Required some nights and weekends.
Team on-call participation required.

Working Conditions

Work is performed in a standard office or indoor university environment and involves minimal physical exertion.

Work Schedule and Work Arrangement

Monday to Friday 8:30am to 5:00pm.

This position has the opportunity for a hybrid work schedule, which is defined by the University as an arrangement where an employee's work is regularly performed at a location other than the campus workspace for a portion of the week. As this position falls within the Professional Staff Union, it is subject to the terms and conditions of the Professional Staff Union collective bargaining agreement.

Salary Information

Pay Grade: PSSAP Grade 30

Click here to view the Professional Staff Hiring Ranges

Special Instructions for Applicants

Along with application, please submit a resume. References will be checked at the finalist stage please be prepared to provide contact information for three (3) professional references.

This position will remain open for the time period required by any applicable collective bargaining agreement and will continue until a suitable candidate pool is identified. Interested applicants are strongly encouraged to apply early.

Applied = 0
MORE JOBS LIKE THIS

(web-6bcf49d48d-kx4md)