Law School Admission Council (LSAC) logo
Law School Admission Council (LSAC)

LSAC is a not-for-profit organization committed to quality, access, and equity in law and education.

Senior Cybersecurity Analyst

Security AnalystSecurity AnalystFull TimeRemoteSeniorTeam 201-500Since 1947H1B No SponsorCompany SiteLinkedIn

Location

Pennsylvania

Posted

1 day ago

Salary

$120K - $132K / year

Seniority

Senior

Bachelor Degree10 yrs expEnglishAzureCyber SecurityFirewalls

Job Description

Senior Cybersecurity Analyst

Law School Admission Council (LSAC)

• Improve, manage, and provide direction re: LSAC Security Policies, Procedures, and Best Practices and maintain and enhance the formal Security Systems Program. • Assist in the Development of effective Cybersecurity policies to address existing and future threats such as AI computer policies, data governance and compliance. • Perform IT Security inspections, tests, system level audits and reviews of existing IT software and hardware to support and conduct the annual reviews to ensure compliance with SOC2, IT and Financial Audits, PCI/DSS, etc. • Evaluate and recommend new Security products and services (hardware and software). • Consult, monitor, and report on Security systems, e.g. such as intrusion prevention and detection systems, VPNs, and firewalls. • Perform network and system vulnerability scans and penetration testing on workstations, servers, network devices, and other computer systems and work with appropriate groups to close Security gaps. • Develop and support the development of automated tools that analyze the Security violations found in access control logs to discover patterns and evidence of problems. • Provide consultation and assistance to Infrastructure, Executive Staff, and other staff from other departments relating to information and systems Security. • Maintain a high level of confidentiality in identifying and aiding in resolving Security issues. • Monitor the networks and websites for the proper Security procedures, software configuration, and signs of compromise or attempted compromise. • Actively promote and enhance Security Awareness programs to LSAC staff and partnering with the Human Resources Department. • Participate in all Information Security projects and attend meetings to provide input and recommendations on issues that have an impact on LSAC’s Security infrastructure. • Evaluate and recommend solutions to current or potential Security threats as they relate to the data and computing environment. • Participate as a member of the Security Incident Response Team and Test Security Task Force. • Respond to Security incidents providing critical documentation and consultation by preserving all records indicating changes made to access control lists to facilitate investigations, as well as involvement to the response, root cause analysis, and implementation of a solution. • Keep abreast of the trends and issues in the industry related to Computer Security.

Job Requirements

  • Bachelor’s degree in Information Systems and/or Security curriculum is required.
  • A Minimum of 10 years of IT experience and greater than 5 years of experience in IT Security or an equivalent combination of education, training, and experience is required.
  • Professional certifications such as CISSP, GIAS, Microsoft MCSE and/or other Security certifications are a plus.
  • Broad working knowledge of Security Program issues and best practices, including system threat vulnerability assessments, system Security requirements/architectures, and Security risk mitigation plans that will enable the IT systems and data information mission to be protected and successful.
  • Solid experience with establishing and promoting a Security Systems Program and the ability to provide the guidance to raise Security Awareness throughout LSAC.
  • Knowledge and experience with various network protocols, firewalls, penetration tools, remote access, network operating systems, PC operating systems and vulnerabilities and network management tools.
  • Experience with Security tools and best practices, Windows based systems, Tenable Nessus, Microsoft Azure, Windows Defender and other technical platforms and administration.

Benefits

  • Flexible work arrangements

Related Job Pages

More Security Analyst Jobs

Lakeside Software logo

IT Security Analyst

Lakeside Software

Lakeside Software helps IT teams monitor and optimize environments by focusing on the quantified end-user experience.

Full TimeRemoteTeam 201-500H1B No Sponsor

Role Description Lakeside Software is looking for a skilled Cybersecurity Analyst to strengthen our defenses and safeguard the integrity, confidentiality, and availability of our Azure cloud services and information systems. This role calls for a proactive, detail-oriented professional with a solid understanding of current cybersecurity threats and the ability to communicate clearly with stakeholders at all levels. You'll join a collaborative, forward-thinking team committed to protecting what matters most. What You'll Do - Conduct comprehensive security assessments to identify potential vulnerabilities in our Azure systems, networks, and applications. - Use Endpoint Device Management (EDM) solutions to remediate identified vulnerabilities through automated patch deployment. - Collaborate with engineering teams to address vulnerabilities that fall outside the scope of automated patching. - Utilize industry standard tools and methodologies to perform assessments and identify security gaps. - Execute regular vulnerability scans to uncover security weaknesses and ensure compliance with security policies and regulations. - Analyze scan results, prioritize vulnerabilities based on risk, and recommend corrective actions. - Monitor and review Indicators of Compromise (IOC) to detect and respond to potential security incidents. - Analyze threat intelligence and perform investigations to prevent or mitigate security breaches. - Collaborate with internal teams and external partners to contain and resolve security threats promptly. - Perform routine review of alerts and security logs to identify anomalous activity, escalate confirmed incidents, and maintain documentation of findings. - Conduct and document periodic user access reviews across systems and applications to support least-privilege controls and satisfy audit requirements. - Assist in responding to customer and prospect security questionnaires, including DDQs and vendor risk assessments, by accurately documenting Lakeside’s controls, certifications, and security practices in alignment with our security program and approved disclosure posture. - Performing special projects as required. Qualifications - Bachelor's degree in computer science or a related field, or equivalent experience. - 3+ years of experience in information security. - Strong technical documentation skills. - Hands-on experience with vulnerability scanning tools such as Tenable Nessus, Snyk Burpsuite, or equivalent. - Solid knowledge of cybersecurity frameworks and standards, including SOC 2, ISO 27001, and CIS. - Familiarity with information security features across Microsoft Windows, Linux, and macOS. - Experience managing Entra ID, EDM - Intune and Jamf, and EDR solutions. - Working knowledge of ITIL and NIST best practices. - Experience with threat detection and incident response, including analyzing and responding to IOCs. - Experience configuring and operating security tools including SIEM, WAF, EDR, and SASE platforms. Requirements - Knowledge of Azure Cloud Services. - Cloud security. Benefits - 20 Days Annual Leave. - 45 Days Annual Leave Maximum. - 4 Festival Days Named. - 8 Festival Days Select. - 12 Days Sick Leave. - 100% Paid Medical Insurance & GPA. - Wellness Programme. - 3x CTC Group Life Insurance. - Pension. - Employee Referral Scheme.

India
Full TimeRemoteTeam 11-50Since 1963H1B No Sponsor

• Gestão e acompanhamento de vulnerabilidades; • Monitoramento e investigação de eventos de segurança; • Apoio na operação e evolução de soluções SIEM; • Gestão de identidades e acessos (IAM); • Apoio na implementação de controles de segurança em ambientes Cloud AWS; • Participação em análises e tratamento de incidentes de segurança; • Elaboração e manutenção de políticas, procedimentos e controles de segurança; • Apoio às iniciativas relacionadas à LGPD e boas práticas de governança; • Interação com times técnicos para evolução contínua da postura de segurança da organização.

Brazil
Full TimeRemoteTeam 51-200Since 2020H1B No Sponsor

• Monitor enterprise infrastructure, investigate security events, manage vulnerabilities, and support incident response activities. • Develop and fine-tune detection rules for XDR platforms, analyse security alerts, coordinate remediation efforts, and collaborate with engineering teams to integrate Threat Modeling into the Software Development Lifecycle (SDLC). • Contribute to security guidelines, automate operational processes through scripting, and build integrations between security platforms using Infrastructure as Code (IaC) principles and APIs.

Portugal
€2.3K - €2.9K / month
Sprocket Security logo

Offensive Security Analyst

Sprocket Security

The Expert-Driven Offensive Security Platform. Continuously validate your security posture all year long.

Full TimeRemoteTeam 11-50H1B No Sponsor

• Triage, validate, and QA findings surfaced by Sprocket's automation. Reproduce, confirm true positives, and eliminate false positives before anything reaches a client. • Author and refine findings to client-ready quality in the Sprocket voice, and publish them through the platform. • Calibrate severity to real business impact against Sprocket's standards, judging real-world impact over theoretical. • Handle roughly 90% of findings independently and make accurate handle-versus-escalate decisions using the platform workflow, escalating the hard 10% to an Adversarial Engineer with full context attached. • Feed pattern-level signal back to R&D and the Adversarial Engineering team to tune attack automations and cut false positives at the source. You'll be one of the tightest feedback loops we have into R&D. • Log validation notes, flag false-positive patterns, and contribute to the knowledge base. • Script away repetitive validation steps wherever they appear. • Partner with your fellow R&D team members and the Service Delivery team on the automation feedback loop and client-experience improvements. • Seek to programmatically enhance automation pipeline with new or updated capabilities when triage is complete and capacity allows, pairing with an Adversarial Engineer as needed. • Attend daily standups, weekly 1:1s, monthly company calls, and all-hands.

United States