Senior Cybersecurity Analyst

Job Posting Title:

----

Hiring Department:

----

Position Open To:

----

Weekly Scheduled Hours:

----

FLSA Status:

----

Earliest Start Date:

----

Position Duration:

----

Location:

----

Job Details:

Purpose

The Senior Cybersecurity Analyst serves as an advanced-level professional who leads the design, development, implementation and ongoing enhancement of complex cybersecurity programs and processes to protect organizational systems, networks, and data. Reporting to the Manager of Enterprise IT Security and Operations, this role provides leadership for strategic initiatives and program development within one or more assigned cybersecurity domains (e.g., incident response, vulnerability management, threat intelligence, risk management). The Senior Cybersecurity Analyst develops policies, procedures, playbooks/runbooks, and automation to strengthen the organization’s security posture. This role ensures alignment with regulatory frameworks such as HIPAA, FERPA, PCI DSS, GDPR, ISO 27001, and NIST and collaborates with IT and business leaders to integrate security into the SDLC and operational processes. Additionally, the Senior Cybersecurity Analyst mentors analysts and supports a risk-aware environment through outreach and education.

Responsibilities

Designs and Leads Cybersecurity Programs

• Leads the design, development, implementation, and ongoing enhancement of enterprise-level complex cybersecurity programs for assigned domains (e.g., incident response, vulnerability management, threat intelligence, risk management).

• Creates policies, procedures, playbooks/runbooks, and automation to support program execution.

• Oversees program governance, maturity roadmaps, and continuous improvement initiatives.

• Partners with the campus Information Security Office on security architecture, tooling, and enterprise-wide initiatives.

• Leads real-time response and resolution for critical security events across assigned domains.

• Leads response to complex security incidents (detection, analysis, containment, eradication, recovery) using advanced threat hunting techniques and collaborating with the campus Information Security Office, who owns and manages the SIEM/SOAR/other security tools.

Directs Governance, Risk, and Compliance

• Establishes and enforces security policies, standards, and procedures aligned with regulatory mandates.

• Monitors adherence to HIPAA, FERPA, PCI DSS, GDPR, ISO 27001, and NIST frameworks.

• Manages risk registers, evaluates control effectiveness, and leads remediation planning for high-risk findings.

• Oversees internal and external audits; prepares compliance reports, attestations, and evidence.

• Conducts third‑party and vendor security assessments to ensure compliance with organizational standards and regulatory requirements.

Operationalizes Threat Intelligence and Risk Management

• Collects and applies threat intelligence to enhance detection, prevention, and response capabilities.

• Identifies control gaps and recommends improvements to security architecture and processes.

• Automates workflows for threat enrichment, triage, and reporting to improve efficiency.

• Integrates threat intelligence into SIEM/SOAR platforms and detection use cases.

• Conducts proactive analysis and advanced techniques to identify and mitigate emerging risks across domains.

Develops Metrics and Reporting

• Establishes cybersecurity KPIs and dashboards (e.g., MTTR, vulnerability SLAs).

• Aggregates data for executive and board-level reporting.

• Provides actionable recommendations based on trend analysis and performance metrics.

• Communicates findings effectively to technical and non-technical stakeholders.

Mentors and Trains Analysts

• Guides analysts on advanced techniques, tools, and best practices.

• Reviews casework and provides constructive feedback to improve quality.

• Develops training materials and assists on tabletop exercises; promotes knowledge sharing within the team.

Promotes Security Awareness

• Supports enterprise-wide security awareness initiatives and outreach.

• Contributes content for campaigns, briefings, and learning sessions.

• Helps cultivate a risk-aware environment through education and engagement.

Leads Cybersecurity Projects and Initiatives

• Leads discrete security projects, risk assessments, and implementation of new solutions.

• Collaborates with IT and cross-functional teams to integrate security into SDLC and strategic initiatives.

• Manages projects and ensures alignment with organizational objectives.

Marginal or Periodic Functions:

• Helps with updates to disaster recovery and incident response plans.

• Represents the organization during cybersecurity audits and external assessments.

• Participates in professional development, advanced training, and conferences.

• Adheres to internal controls and reporting structure.

• Performs related duties as required.

KNOWLEDGE/SKILLS/ABILITIES

Problem Solving

• Uses rigorous logic and data to solve difficult problems; probes for root causes; blends analysis, experience, and judgment to craft practical solutions.

• Diagnoses root causes of security issues across programs using correlated telemetry and evidence.

• Frames hypotheses, tests alternatives, and selects mitigations that reduce risk while sustaining operations.

• Documents decision paths and lessons learned; folds improvements into playbooks and standard work.

Decision Quality

• Makes sound, timely decisions based on analysis and judgment; considers risk, impact, and trade-offs; acts decisively when required.

• Applies risk criteria to prioritize actions during incidents and remediation.

• Commits to containment or eradication under uncertainty; adjusts as new intelligence emerges.

• Records rationale, residual risk, and next steps for transparent communication.

Process Management

• Designs and manages processes that are clear, efficient, and scalable; defines roles, handoffs, metrics, and continuous improvement mechanisms.

• Builds governance, procedures, and runbooks for cybersecurity programs.

• Automates repetitive tasks and tracks KPIs to improve efficiency and outcomes.

• Conducts program reviews and integrates improvements into tooling and processes.

Functional/Technical Skills

• Possesses and applies technical knowledge to perform effectively; keeps skills current and applies them to solve real problems.

• Applies expert knowledge of operating systems, network protocols, SIEM/SOAR platforms, and vulnerability tools.

• Uses threat intelligence to enhance detections and strengthen preventive controls.

• Aligns control designs with frameworks (NIST CSF, NIST 800‑53, HITRUST).

Priority Setting

• Focuses time and resources on the most critical tasks; quickly senses what will help or hinder goal achievement; removes roadblocks and creates focus.

• Triages alerts and cases to direct resources to high-impact events and initiatives.

• Balances strategic improvements with urgent operational demands.

• Communicates trade-offs and timelines to stakeholders.

Dealing with Ambiguity

• Acts effectively without complete information; shifts gears comfortably; is calm and effective amid change and uncertainty.

• Initiates containment and investigative steps based on partial indicators.

• Adapts hypotheses and approach with new artifacts and intelligence.

• Provides clear guidance to stakeholders during evolving situations.

Developing Others

• Provides feedback and coaching; helps others learn and grow; creates opportunities for skill development and ready-now capability.

• Coaches junior analysts on tooling, decision criteria, and investigative methods.

• Creates training materials and standard work to accelerate readiness.

• Encourages knowledge sharing through tabletop exercises and debriefs.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• 5 years of proven experience developing security incident response programs, and associated tooling.

• Demonstrated expertise in security incident detection, investigation, and response.

• Demonstrated knowledge of network protocols, operating systems, SIEM tools, and ITIL processes.

• Experience with compliance frameworks including NIST CSF, NIST 800-53, and HITRUST.

• Relevant education and experience may be substituted as appropriate.

Preferred Qualifications

• Master’s degree in Cybersecurity or a related field.

• 8 years of experience with network scanning, cloud security, Risk Management Frameworks (RMF), threat intelligence programs, vulnerability management programs, and security orchestration, automation, and response (SOAR) platforms.

• 4 years of experience in a healthcare environment with demonstrated knowledge of healthcare mission, HIPAA regulations, and medical device security considerations.

• Experience with ServiceNow Security Operations and Security Incident Response modules or similar ITSM platforms.

LICENSES, REGISTRATIONS OR CERTIFICATIONS

Preferred:

• Professional certifications such as GIAC Certified Incident Handler (GCIH), Certified Incident Handler (ECIH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or CompTIA Security+ Certification.

Salary Range

$100,000 + depending on qualifications

Working Conditions

• Standard office equipment

• Repetitive use of a keyboard

• May be exposed to such occupational hazards as communicable diseases, blood borne pathogens, ionizing and non-ionizing radiation, hazardous medications and disoriented or combative patients, or others.

​

Required Materials

• Resume/CV

• 3 work references with their contact information; at least one reference should be from a supervisor

• Letter of interest

Important for applicants who are NOT current university employees or contingent workers: You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications. Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded.  Once your job application has been submitted, you cannot make changes.

Important for Current university employees and contingent workers: As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs. If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume. In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above.

----

Employment Eligibility:

----

Retirement Plan Eligibility:

----

Background Checks:

A criminal history background check will be required for finalist(s) under consideration for this position.

----

Equal Opportunity Employer:

The University of Texas at Austin, as an equal opportunity/affirmative action employer, complies with all applicable federal and state laws regarding nondiscrimination and affirmative action. The University is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, or veteran status in employment, educational programs and activities, and admissions.

----

Pay Transparency:

The University of Texas at Austin will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

----

Employment Eligibility Verification:

If hired, you will be required to complete the federal Employment Eligibility Verification I-9 form.  You will be required to present acceptable and original documents to prove your identity and authorization to work in the United States.  Documents need to be presented no later than the third day of employment.  Failure to do so will result in loss of employment at the university.

----

E-Verify:

The University of Texas at Austin use E-Verify to check the work authorization of all new hires effective May 2015. The university’s company ID number for purposes of E-Verify is 854197. For more information about E-Verify, please see the following:

• E-Verify Poster (English and Spanish) [PDF]
• Right to Work Poster (English) [PDF]
• Right to Work Poster (Spanish) [PDF]

----

Compliance:

Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act). If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in HOP-3031.

The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may access the most recent report here or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701.