Information Security Analyst

Overview

Located in Middletown, Connecticut, Wesleyan University is one of the nation’s premier liberal arts colleges with 3,000 undergraduates and 200 graduates. Established in 1831, Wesleyan is known for its rich, open, and interdisciplinary curriculum. Wesleyan University takes the security and privacy of information and resources seriously. Wesleyan University's Information Security program safeguards the confidentiality, integrity, and availability of the institution’s information resources.

Reporting to the Chief Information Security Officer, the Information Security Analyst helps protect Wesleyan University’s data, systems, and community from evolving cyber threats. This role pairs monitoring and incident response with risk reduction across a distributed, cloud-forward environment (Workday, AWS, Salesforce, Slate, Stellic, and other SaaS platforms). The analyst works closely with Networking & Infrastructure, Enterprise Systems, Academic Technology, Unix Systems, and IT Service Delivery while improving our security posture in ways that support teaching, research, and business operations.

• Monitor, operate and tune Microsoft Defender console and related security tooling.
• Develop and maintain detections, dashboards, alerts, and escalation procedures.
• Serve as first or second level responder for security incidents in Service Now.
• Coordinate containment, eradication, recovery, and post-incident reviews.
• Maintain incident response playbooks.
• Participate in an on-call rotation.

• Operate the Nessus Professional vulnerability management system and prioritize findings by exploitability and asset risk.
• Partner with system owners to remediate vulnerabilities and validate secure configuration baselines for servers, endpoints, and cloud services.

• Support identity and access management controls including MFA (Duo), SSO/SAML/OAuth, privileged access.
• Assist with access reviews, role hygiene and identity governance activities.
• Implement data protection controls such as encryption, secure file-sharing aligned with data classification standards.

• Conduct security risk assessments for new systems and vendors.
• Review security terms and attestations, including SOC2 and HECVAT.
• Support compliance obligations including FERPA, GLBA Safeguards Rule, PCI DSS, HIPAA, DMCA.
• Assist with audit preparation and evidence collection.

• Deliver targeted training; publish advisories and guidance in ITS knowledge base.
• Forward Data Privacy Officer requests to relevant business offices.
• Administer security platforms including Duo, Last Pass, and Mimecast.
• Maintain Nmap SSL certificate scanning process and communicate findings to system owners.
• Perform periodic user access reviews in systems such as Workday.

• Track higher-ed–relevant threat actor tactics and translate intelligence into detections, controls, and tabletop exercises.
• Partner with service owners to show and remediate cloud and SaaS misconfigurations.
• Support security reviews of new SaaS platforms and research tools; recommending compensating controls when vendors security capabilities fall short.

• Produce metrics and reports that inform security prioritization and resource allocation.
• Maintain right, auditable documentation, including asset inventories, data flows, and exception registers.
• Propose practical high impact improvements such as policy, control, or automation that reduce risk quickly while minimizing disruptions to academic and business operations.

This position is a hybrid position with on-campus and remote work schedule options.

Remote work is only considered for residents of MA, VT, NH, ME, CT, RI, or NY. (Relocation assistance to CT is available for those who qualify).

• Bachelor’s degree in information security, computer science, information systems, or related field and a minimum of two years of hands-on experience in at least two of the following: incident response, SOC operations, vulnerability…