Fast Facts

WGU is seeking a passionate Staff IT Security Analyst to provide technical expertise and leadership in security technology, monitoring and analyzing alerts, and collaborating on security initiatives.

Responsibilities: Key responsibilities include leading investigations of complex incidents, conducting threat hunting, developing security detections, and mentoring lower level analysts.

Skills: Required skills include knowledge of AWS services, expertise in CI/CD security integration, strong analytical abilities, and proficiency in scripting languages.

Qualifications: Preferred qualifications include 15 years of Information Security experience and strong experience with distance education.

Location: This position can be located in Salt Lake City, Utah, or Raleigh, NC, USA.

Compensation: $140200 - $217200 / Annually

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Grade: Technical 410Pay Range: $140,200.00 - $217,200.00

Job Description

*This opportunity can be located in Salt Lake City, Utah, or Raleigh, NC.

The Staff IT Security Analyst is a position of technical expertise and leadership in the security technology function. They will use their knowledge of current security methods and standards to gather operational information and access and analyze tools, systems, and processes in defense of applications, systems, and networks and collaborate with Infrastructure and business teams. They will act as a lead support role for the IT Security team and provide mentorship to lower level analysts. They will also engage in the support of security focused tools and services. In addition, they may be asked to assist with risk assessments, forensics analysis, data collection, user training and other security related tasks.

Job Duties

• Monitor and analyze alerts from multiple data sources (SIEM, SOAR, UEBA, EDR, email gateways, cloud logs).
• Lead investigations of complex incidents across hybrid (cloud/on-prem) environments.
• Perform threat hunting and correlation of Indicators of Compromise (IoCs) using the MITRE ATT&CK framework.
• Develop, tune, and maintain detections, alerting, and rules to improve signal-to-noise ratio and reduce alert fatigue.
• Ensure proper data points are captured for calculating risk and detecting abnormalities in large datasets.
• Research and deconstruct cyber-attacks into sequenced IOCs detectable through network device logs.
• Lead the development and automation of SOC toolsets for real-time, automated configuration and control of cloud-based and software-defined infrastructure.
• Maintain responsibility for automation and software delivery of security tools using CI/CD processes.
• Design and implement SOAR functions to automate compliance enforcement, configuration management, and malicious activity remediation.
• Collaborate with engineering teams to ensure complete log ingestion, data normalization, and data quality.
• Integrate SOC tooling with ServiceNow and other enterprise systems for case management and workflow automation.
• Lead the development of security content and use cases aligned to the MITRE ATT&CK Framework.
• Design and document enterprise-wide detection logic and architectural policies from definition to implementation.
• Conduct ROI and gap analyses for both new and existing tools and detections.
• Create new detection processes and identify emerging threats and mitigation strategies.
• Serve as escalation point for Tier 1–2 analysts; provide mentorship, QA, and technical guidance.
• Drive continuous improvement in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Support post-incident reviews, root cause analyses, and executive reporting.
• Document investigations, case notes, and lessons learned in alignment with SOC SOPs.
• Participate in on-call rotations and after-hours escalations.
• Engage with Security Architects to capture design requirements for cloud architectures and implementation strategies.
• Identify gaps in the University’s security model and propose improvements in tools and processes.
• Conduct requirements gathering, architecture design, and integration planning for SOC initiatives.
• Perform ROI and risk analyses to support executive decision-making.
• Ensure compliance and alignment with organizational cybersecurity frameworks and policies.
• Act as team lead or project manager when required, managing internal SOC and security projects end-to-end.
• Manage multiple simultaneous projects and tasks involving different teams.
• Build and maintain strong cross-departmental relationships to promote security initiatives and awareness.
• Mentor SOC analysts and engineers to enhance skills in investigation, detection engineering, and automation.
• Research and stay current on emerging tools, threats, and technologies.
• Identify and facilitate technical training opportunities for staff.

KSAs

• Knowledge and experience with Cloud and Data security
• Advanced understanding of core AWS services, including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM)
• Hands on experience integrating security into the various stages of a CI/CD pipeline
• Expertise in SAAS and PAAS
• Ability to lead a team in a fast-paced multidisciplinary environment
• Knowledge of various regulations and policies related to information security for the brokerage industry
• Results oriented, self-motivated, and self-directed
• Ability to work well with others, maintaining a positive work environment by communicating in a manner to promote positive relations with customers, co-workers, and management
• Effective oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy
• Excellent analytical, problem solving, and decision-making skills. Able to identify and resolves problems in a timely manner with a solution driven approach to problems
• Demonstrated pragmatic, adaptable, and result-driven approach to information security risk management
• Methodical, data-driven approach to security and risk analysis; ability to think imaginatively in order to implement security improvements
• Understands the implications of privacy laws and regulations (i.e. GDPR and CCPA)

Minimum Qualifications

• Bachelor's Degree in IT Security, Computer Science, Engineering, or related field
• 7 years of Information Security experience, including understanding of all security domains
• Hands-on experience implementing MITRE ATT&CK Framework
• Working experience creating, designing, and implementing SIEM content security rules to detect malicious, suspicious, and/or abnormal events
• Hands-on experience maintaining cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.)
• Expert scripting language experience (Bash, Python, etc.) with strong working knowledge of automation
• Experience with open-source security tools (i.e. Kali, Nessus, Fortify, AppScan, Nexpose, SAINT, Burp, NMap, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng, Eramba, etc)
• Hands-on experience with AWS APIs, Lambda. DynamoDB, EC2, VPC, CloudFront, CloudTrail, CloudWatch, IAM
• Relevant security certifications (CISSP, GIAC, ISACA, CEH, etc.)
• Equivalent relevant experience performing the essential functions of this job may substitute for education degree requirements. Generally, equivalent relevant experience is defined as 1 year of experience for 1 year of education and is the discretion of the hiring manager.

Preferred Qualifications

• 15 years of Information Security experience, including understanding of all security domains
• Strong experience with distance education and distance learning students

#LI-aw2

Position & Application Details

Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at [email protected].

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.