Senior Analyst, Cyber Defense

About the Department

The University of Southern California (USC) is enhancing its cybersecurity posture, focusing on resilience, cyber risk management, and threat-informed defense. As a premier research institution, USC is dedicated to fostering a security culture that supports its academic and research objectives amidst a constantly evolving threat landscape.

This position is integral to a newly restructured cybersecurity organization driving this transformation. You will join a team committed to scalable, proactive defense strategies, incident preparedness, and operational excellence, collaborating with experts who prioritize service, innovation, and impact.

If you are purpose-driven, thrive in complex environments, and aspire to shape the future of cybersecurity at a leading university, USC invites you to contribute your leadership.

Position Summary

As the Senior Analyst, Cyber Defense, you will be a key member of the cybersecurity department, collaborating closely with internal stakeholders across the university ecosystem and reporting to the Manager, Cyber Defense. This is a full-time exempt position, offering all of USC’s Benefits + Perks. This opportunity is remote.

The Senior Analyst, Cyber Defense performs a hands-on role in responding to and investigating security incidents within USC’s large, decentralized university environment. This role focuses on identifying, triaging, and analyzing security incidents and events; executing incident response and forensic investigations; and validating detections related to phishing, SaaS-based attacks, credential misuse, and other threats. You will work closely with Tier 1 analysts, MSSP partners, and threat intelligence teams, execute SOAR playbooks, and contribute to continuous improvements in detection, response, and incident handling. The Senior Analyst is also responsible for documenting findings, performing root cause analysis, and supporting the development and refinement of incident response and recovery strategies.

Key Responsibilities of the Senior Analyst, Cyber Defense

• Oversees, coordinates, and manages the response to actual and potential security breaches, engaging in the identification, triage, and categorization of security incidents and events.
• Leads and manages in-depth investigations and forensic analysis on endpoints, servers, and network data, resolving incidents by identifying root causes and solutions, and implementing remediation actions.
• Works with cyber defense team members to assign criticality and priority levels to security incidents and events and executes SOAR playbooks to drive consistent response actions, suggesting automation improvements.
• Actively reports on security incidents and events as they are escalated or identified to cyber leadership and management, maintaining detailed documentation including timelines, actions taken, and lessons learned.
• Develops and implements security incident response plans (SIRPs), as well as detection, containment, eradication, and recovery strategies, following defined incident processes and procedures.
• Applies risk analysis techniques and critical thinking when evaluating cyber threats and vulnerabilities, and designs and delivers incident response exercises to test client SIRPs.
• Supports digital forensic investigations on various digital devices and conducts in-depth investigations utilizing forensic tools and techniques.
• Communicates with university management and other cybersecurity teams during high-security events, following incident response guidelines, and collaborates with MSSP analysts to investigate escalated alerts.
• Works with information security officers (ISOs) and cyber governance to exchange information with IT directors and support departments, schools, or units (DSUs) in their recovery from incidents.
• Provides executive communication, finished incident reports, and forensics data, advising management on decisions affecting operations, policies, or procedures.
• Analyzes security logs, network traffic, and other data sources to identify indicators of compromise (IOC) and malicious activity, forensically analyzing end-user systems and servers for IOCs.
• Interacts with server owners, system custodians, and IT contacts to facilitate incident response activities, including system access and containment or remediation actions.
• Reviews and addresses false positives, collaborating with other cyber teams to refine and improve the accuracy of security tool configuration rules and policies.
• Monitors and triages OT security alerts (e.g., enrichment, log analysis, false positive suppression) and carries out incident identification and prioritization.
• Oversees, leads, and conducts post-incident reviews and lessons learned sessions to identify areas for improvement, analyzes findings, and produces fact-based reports.
• Maintains detailed documentation of incidents, reviews analysis and conclusions of other analysts, and evaluates the resilience of cybersecurity controls.
• Participates in tabletop exercises and threat hunts, providing insights into detection effectiveness.
• Ensures processes and procedures follow established standards and maintains currency with legal, regulatory, and technological changes impacting incident response.
• Maintains currency with emerging OT security trends, technologies, and compliance requirements, and encourages a workplace culture aligned with the USC Code of Ethics.

Minimum Qualifications

Great candidates for the position of Senior Analyst, Cyber Defense will meet the following qualifications:

• 5 years of experience in key Cyber Defense areas, such as incident response, security monitoring, cyber threat intelligence, and vulnerability management.
• A bachelor’s degree or combined experience and education as a substitute for minimum education.
• GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), or equivalent certification.
• Significant experience in SOC analysis or incident response capacity.
• Experience in handling various types of security incidents, including malware infections, data breaches, and denial-of-service attacks.
• In-depth knowledge of incident response methodologies and frameworks (e.g., NIST, SANS).
• Experience with Splunk and Chronicle SIEM platforms for alert triage and investigation.
• Proficiency with SOAR tools and incident playbook execution.
• Ability to analyze complex security incidents, identify patterns, and draw conclusions from data.
• Excellent written and oral communication skills, with exemplary attention to detail.
• Basic knowledge of digital forensics and incident response (DFIR) and experience conducting digital forensic investigations.
• Demonstrated understanding of information security principles, network protocols, and operating systems.
• Ability to work closely with other cybersecurity teams to identify risks and threats and assess their impact.
• Familiarity with security tools and technologies (e.g., SIEM, IDPS) and forensic analysis tools.
• Ability to develop and maintain incident response OT cybersecurity policies, standards, and related documentation.
• Knowledge of OT/IoT cybersecurity threats and vulnerabilities and basic knowledge of industrial control systems (ICS).
• Expertise in electronic investigations, forensic tools, and techniques, encompassing log correlation and analysis, electronic data management, malware detection, and knowledge of computer security investigation procedures.
• Skill in applying threat intelligence to detection triage and threat hunting.
• Experience in SaaS incident investigation (e.g., GSuite, O365, Workday).
• Working knowledge of endpoint protection platforms (e.g., EDR).
• Demonstrated organizational, critical thinking, and analytical skills; ability to develop effective response strategies.
• Knowledge of industry-standard security incident response processes, procedures, and lifecycles.
• Thorough understanding of technology, tools, policies, and standards related to security systems and incident response.
• Ability to work evenings, weekends, and holidays as required.

Preferred Qualifications

Exceptional candidates for the position of Senior Analyst, Cyber Defense will also bring the following qualifications or more:

• 7 years of related experience.
• A bachelor’s degree in Information Science, Computer Science, Computer Engineering, or a related field; or combined experience/education as a substitute.
• CISSP, CISM, or Microsoft Certified SOC Analyst certification.

In addition, the successful candidate must demonstrate a strong commitment to USC’s Unifying Values of integrity, excellence, community, well-being, open communication, and accountability.

Salary and Benefits

The annual base salary range for this position is $125,403.06 to $157,662.28. When extending an offer of employment, the University of Southern California considers factors such as the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer alignment, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

To support the well-being of our faculty and staff, USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents’ health, wealth, and future. These benefits are available as part of the overall compensation and total rewards package. You can learn more about USC’s comprehensive benefits here.

Join the USC cybersecurity team within an environment of innovation and excellence.

Key skills/competency

• Incident Response
• Forensic Analysis
• SIEM (Splunk, Chronicle)
• SOAR Automation
• Cyber Threat Intelligence
• NIST/SANS Frameworks
• Digital Forensics (DFIR)
• OT/IoT Security
• Malware Analysis
• Endpoint Protection (EDR)