IT Security Analyst

What you will do:

• Risk & Vulnerability Management:
• Conduct comprehensive risk assessments and security audits of IT infrastructure, applications, and processes to identify vulnerabilities and potential threats.
• Perform regular vulnerability scanning and coordinate penetration testing efforts.
• Analyze assessment results, prioritize identified risks, and recommend appropriate mitigation strategies and security enhancements.
• Collaborate with IT teams to ensure timely remediation of security vulnerabilities.


• Security Architecture & Engineering:
• Contribute to the design and implementation of secure IT systems, networks, and applications, ensuring security best practices are integrated from the initial stages of development.
• Configure, maintain, and optimize security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM) systems, antivirus/anti-malware solutions, data encryption tools, and identity and access management (IAM) systems.


• Policy & Compliance:
• Develop, implement, and enforce information security policies, standards, guidelines, and procedures in alignment with industry best practices and regulatory requirements (e.g., [mention relevant regulations like ISO 27001, NIST, GDPR, HIPAA if applicable]).
• Conduct security compliance audits to ensure adherence to internal policies and external regulations.
• Maintain detailed documentation of security configurations, incidents, and remediation efforts.


• Security Operations & Incident Response:
• Continuously monitor security logs, network traffic, and security alerts from SIEM systems and other security tools to detect anomalous or malicious activity.
• Act as a primary responder for cybersecurity incidents, including investigation, containment, eradication, recovery, and post-incident analysis.
• Develop and refine incident response plans and playbooks.
• Participate in on-call rotation for critical security incidents as required.


• Security Awareness & Training:
• Develop and deliver security awareness training programs to educate employees on cybersecurity risks, phishing prevention, data protection, and secure computing practices.
• Promote a strong security-conscious culture across the organization.


• Research & Continuous Improvement:
• Stay current with the latest cybersecurity threats, trends, vulnerabilities, and technological advancements.
• Evaluate new security technologies and solutions to enhance the organization's security posture.
• Recommend improvements to existing security systems and processes.

What you will need to know/have

• Education:
• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field. (Relevant work experience may be considered in lieu of a degree).


• Experience:
• At least 1 year of experience in an IT Security Analyst, Information Security Specialist, or similar role.
• Proven experience with security frameworks (e.g., NIST, ISO 27001).
• Hands-on experience with security tools such as SIEM, IDS/IPS, vulnerability scanners, firewalls, and endpoint protection solutions.


• Technical Skills:
• Strong understanding of network protocols, operating systems (Apple, Windows, Linux), and cloud environments (e.g., AWS, Azure, GCP if applicable).
• Proficiency in identifying and mitigating common web application vulnerabilities (e.g., OWASP Top 10).
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis is a plus.
• Knowledge of incident response methodologies.


• Soft Skills:
• Excellent analytical and problem-solving skills with a keen attention to detail.
• Strong communication skills (written and verbal) to articulate complex security concepts to technical and non-technical audiences.
• Ability to work independently and collaboratively in a team environment.
• Proactive and self-motivated with a strong sense of ownership and urgency.
• Ability to manage multiple priorities in a fast-paced environment.

It would be a bonus if you also had:

• CompTIA Security+
• (ISC)² SSCP, CISSP
• EC-Council CEH (Certified Ethical Hacker)
• GIAC certifications (e.g., GSEC, GCIA, GCIH)

Get in on all the awesome at Instructure!

• We offer competitive, meaningful benefits in every country where we operate. While they vary by location, here's a general idea of what you can expect:
• Competitive compensation and participation in Instructure’s equity program
• Flexible schedules and a remote-friendly culture, with hybrid or onsite work available in some regions for specific jobs. 
• Generous paid time off, including global holidays and our annual “Dim the Lights” company-wide shutdown from December 26 to December 31
• Comprehensive wellness programs and mental health support
• Annual learning and development stipends to support your growth
• The technology and tools you need to do your best work—typically a Mac, with PC options available in some locations
• Motivosity employee recognition program
• A culture rooted in inclusivity, support, and meaningful connection