Senior Analyst, Cyber Defense

ABOUT THE DEPARTMENT The University of Southern California (USC) is advancing its cybersecurity posture with a renewed focus on resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within a newly restructured cybersecurity organization that’s leading this transformation. You’ll join a team focused on scalable, proactive defense strategies, incident preparedness, and operational excellence—working alongside experts who are deeply committed to service, innovation, and impact. If you’re driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your leadership to the table. POSITION SUMMARY As theSenior Analyst, Cyber Defenseyou will be an integral member of the cybersecurity department while also collaborating with stakeholders across the university ecosystem, and reporting to the Manager, Cyber Defense. This is a full-time exempt position, eligible for all of USC’s fantastic Benefits + Perks. This opportunity is remote. The Senior Analyst, Cyber Defense oversees, coordinates, and manages the response to security breaches, engaging in the identification, triage, categorization of security incidents and events. Executes incident response, forensic investigations, and detection validation within a complex, decentralized R1 university environment. Applies CTI, forensics and structured analysis to security alerts and escalations, especially related to phishing, SaaS-based attacks, and credential misuse. Leads in-depth technical investigations, executes SOAR playbooks, collaborates with Tier 1 analysts, MSSP partners and threat intelligence, and recommends improvements back to Tier 3 analysts and engineering teams. Develops and implements security incident response plans (SIRPs), as well as detection, containment, eradication and recovery strategies. Analyzes findings and develops fact-based reports, resolving incidents by identifying root causes and solutions. TheSenior Analyst, Cyber Defensewill: • Oversees, coordinates, and manages the response to actual and potential security breaches, engaging in the identification, triage, categorization of security incidents and events. Leads, coordinates, and manages in-depth investigations and forensic analysis on endpoints, servers, and network data, resolving incidents by identifying root causes and solutions; implements remediation actions as necessary. Works with cyber defense team members to assign criticality and priority levels to security incidents and events. Executes SOAR playbooks to drive consistent response actions; suggests automation improvements. Actively reports on security incidents and events as they are escalated or identified to cyber leadership and management. Maintains detailed documentation of incidents, including timelines, actions taken, and lessons learned. • Develops and implements security incident response plans (SIRPs), as well as detection, containment, eradication, and recovery strategies. Follows and executes defined incident processes and procedures as well SIRPs when investigating security incidents and events. Applies risk analysis techniques and critical thinking strategies when evaluating the impact of cyber threats and vulnerabilities, as well as recommended remediation steps. Designs and delivers incident response exercises to test client SIRPs. Supports digital forensic investigations on a variety of digital devices (e.g., computers, mobile devices, network systems). • Works with cyber defense team members and lead security operations center analyst to assign criticality and priority levels to security incidents and events. Conducts in-depth investigations of security incidents, utilizing forensic tools and techniques to identify root causes and gather evidence. Communicates with university management and other cybersecurity teams during high-security events, following incident response guidelines. Collaborates with MSSP analysts to investigate escalated alerts and validate detection logic. Works with information security officers (ISOs) and cyber governance to exchange information with IT directors and support departments, schools, or units (DSUs) in their recovery from incidents. Provides executive communication, finished incident reports and forensics data, as appropriate, advising management on decisions that may significantly affect operations, policies, or procedures. • Analyzes security logs, network traffic, and other data sources to identify indicators of compromise (IOC) and malicious activity. Forensically analyzes end user systems and servers found to have possible IOC, as well as artifacts collected during a security incidents. Interacts with server owners, system custodians, and IT contacts (e.g., ITS, departments, schools, or units ) to facilitate incident response activities, including system access, and containment or remediation actions. Reviews and addresses false positives, collaborating with other cyber teams (including pro and managed service teams) to refine and improve the accuracy of security tool configuration rules and policies. Monitors and triages OT security alerts (e.g., enrichment, log analysis, false positive suppression) and carries out incident identification and prioritization. • Oversees, leads, and conducts post-incident reviews and lessons learned sessions to identify areas for improvement. Analyzes findings and produces fact-based reports identifying root causes and solutions. Maintains detailed documentation of incidents, including timelines, actions taken, and lessons learned. Reviews analysis and conclusions of other analysts and/or consultants, when applicable. Evaluates the resilience of the cybersecurity controls and mitigation actions taken after a cybersecurity or data breach incident. Participates in tabletop exercises and threat hunts; provides insights into detection effectiveness. • Ensures processes and procedures follow established standards, guidelines, and protocols (including OT environments). Maintains currency with legal, regulatory, and technological changes and/or advancements that may impact incident response operations; communicates changes and/or recommended updates to cyber defense leadership and staff. Maintains currency with emerging OT security trends, technologies, and compliance requirements. • Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute through their ideas, words and actions, in accordance with the USC Code of Ethics. MINIMUM QUALIFICATIONS Great candidates for the position ofSenior Analyst, Cyber Defensewill meet the following qualifications: • 5 years of experience in key Cyber Defense areas, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management). • A bachelor’s degree or combined experience and education as substitute for minimum education. • Basic knowledge of digital forensics and incident response (DFIR) and experience conducting digital forensic investigations. • Experience in handling various types of security incidents, including malware infections, data breaches, and denial-of-service attacks. • Significant experience in SOC analysis or incident response capacity. • Demonstrated understanding of information security principles, network protocols, and operating systems. • Ability to work closely with other cybersecurity teams (e.g., cyber threat intelligence, cybersecurity monitoring) and other cybersecurity risk management functions to identify risks and threats and assess their impact. • Familiarity with security tools and technologies (e.g., security Information and event management, intrusion detection/prevention systems) and forensic analysis tools. • Experience with Splunk and Chronicle SIEM platforms for alert triage and investigation. • Proficiency with SOAR tools and incident playbook execution. • In-depth knowledge of incident response methodologies and frameworks (e.g., NIST, SANS). • Ability to develop and maintain incident response OT cybersecurity policies, standards, and related documentation. • Knowledge of OT/IoT cybersecurity threats and vulnerabilities posed by new technologies and malicious actors. • Basic knowledge industrial control systems (ICS). • Basic knowledge of OT/IoT/ICS systems, protocols, and forensic analysis techniques. • Basic knowledge of digital forensics and incident response (DFIR) and conducting digital forensic investigations. • Experience in handling various types of security incidents, including malware infections, data breaches, and denial-of-service attacks. • Expertise in electronic investigations, forensic tools, and techniques, encompassing log correlation and analysis, electronic data management, malware detection, and knowledge of computer security investigation procedures. • Ability to analyze complex security incidents, identify patterns and draw conclusions from data. • Skill in applying threat intel to detection triage and threat hunting. • Experience in SaaS incident investigation (e.g., GSuite, O365, Workday). • Working knowledge of endpoint protection platforms (e.g., EDR) • Demonstrated organizational, critical thinking and analytical skills; ability to develop effective response strategies. • Knowledge of industry standard security incident response processes, procedures, and lifecycles. • Thorough understanding of technology, tools, policies and standards related to security systems and incident response. • Excellent written and oral communication skills, and an exemplary attention to detail. • GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), or equivalent. • Ability to work evenings, weekends and holidays as the schedule dictates. PREFERRED QUALIFICATIONS Exceptional candidates for the position ofSenior Analyst, Cyber Defensewill also bring the following qualifications or more: • 7 years of related experience. • A bachelor’s degree in information science or computer science or computer engineering or in related field(s); or combined experience/education as substitute for minimum education. • CISSP. • CISM. • Microsoft Certified SOC Analyst. In addition, the successful candidate must also demonstrate, through ideas, words and actions, a strong commitment to USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability. SALARY AND BENEFITS The annual base salary range for this position is $125,403.06 to $157,662.28. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations. To support the well-being of our faculty and staff, USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents’ health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC’s comprehensive benefits here. Join the USC cybersecurity team within an environment of innovation and excellence. Minimum Education: Bachelor's degree Minimum Certifications: GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), or equivalent. Addtional Education Requirements Combined experience/education as substitute for minimum education Minimum Experience: 5 years in key Cyber Defense areas, (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management). Minimum Skills: Basic knowledge of digital forensics and incident response (DFIR) and experience conducting digital forensic investigations. Experience in handling various types of security incidents, including malware infections, data breaches, and denial-of-service attacks. Significant experience in SOC analysis or incident response capacity. Demonstrated understanding of information security principles, network protocols, and operating systems. Ability to work closely with other cybersecurity teams (e.g., cyber threat intelligence, cybersecurity monitoring) and other cybersecurity risk management functions to identify risks and threats and assess their impact. Familiarity with security tools and technologies (e.g., security Information and event management, intrusion detection/prevention systems) and forensic analysis tools. Experience with Splunk and Chronicle SIEM platforms for alert triage and investigation. Proficiency with SOAR tools and incident playbook execution. In-depth knowledge of incident response methodologies and frameworks (e.g., NIST, SANS). Ability to develop and maintain incident response OT cybersecurity policies, standards, and related documentation. Knowledge of OT/IoT cybersecurity threats and vulnerabilities posed by new technologies and malicious actors. Basic knowledge industrial control systems (ICS). Basic knowledge of OT/IoT/ICS systems, protocols, and forensic analysis techniques. Basic knowledge of digital forensics and incident response (DFIR) and conducting digital forensic investigations. Experience in handling various types of security incidents, including malware infections, data breaches, and denial-of-service attacks. Expertise in electronic investigations, forensic tools, and techniques, encompassing log correlation and analysis, electronic data management, malware detection, and knowledge of computer security investigation procedures. Ability to analyze complex security incidents, identify patterns and draw conclusions from data. Skill in applying threat intel to detection triage and threat hunting. Experience in SaaS incident investigation (e.g., GSuite, O365, Workday). Working knowledge of endpoint protection platforms (e.g., EDR) Demonstrated organizational, critical thinking and analytical skills; ability to develop effective response strategies. Knowledge of industry standard security incident response processes, procedures, and lifecycles. Thorough understanding of technology, tools, policies and standards related to security systems and incident response. Excellent written and oral communication skills, and an exemplary attention to detail. Preferred Education: Bachelor's degree In Information Science Or Computer Science Or Computer Engineering Or in related field(s) Preferred Certifications: CISSP. CISM. Microsoft Certified SOC Analyst. Preferred Experience: 7 years