Senior Vulnerability and Threat Analyst

Overview of the Position The Senior Vulnerability and Threat Analyst is a senior individual contributor within the newly-formed Cybersecurity Nucleus at Monroe University. This role owns three tightly-integrated disciplines: continuous vulnerability management across Monroe’s environment, coordination of internal and external penetration testing activities, and consumption of threat intelligence relevant to the higher-education sector. As Monroe rebuilds its security posture following recent institutional events, the Senior Vulnerability and Threat Analyst serves as the primary analyst responsible for identifying, prioritizing, and driving remediation of technical exposures across the institution. This role partners closely with Monroe’s IT team, the outsourced Security Operations Center, and external specialized firms engaged for forensics or compromise assessment. The Senior Vulnerability and Threat Analyst also serves as the primary supervisor of the Student Cyber Corps program when it launches, providing faculty-aligned oversight of student-led security engagements. Core Responsibilities Establish and operate a continuous vulnerability management program covering endpoints, servers, network infrastructure, cloud workloads, and critical applications. Prioritize vulnerabilities based on exploitability, institutional exposure, and business impact — not raw CVSS scores — and drive remediation in partnership with IT operations. Coordinate internal and external penetration testing engagements, including scoping, vendor management, findings validation, and remediation tracking. Consume and operationalize higher-education-specific threat intelligence through REN-ISAC membership, commercial threat feeds, and government advisories (CISA, FBI IC3). Serve as the primary Monroe contact for REN-ISAC community engagement, including participation in sector-wide information sharing and peer collaboration. Conduct proactive threat hunting in the environment to identify indicators of compromise, persistence mechanisms, and suspicious activity not surfaced by automated detections. Partner with the outsourced Security Operations Center to tune detection rules, improve alert quality, and close visibility gaps. Own the scoping, vendor selection, and project management of external specialized engagements such as compromise assessments and data discovery projects, in coordination with the CISO. Supervise the Student Cyber Corps program when launched — designing engagement scope, reviewing student work product, validating findings, and ensuring no student access touches production PII or sensitive systems. Produce regular vulnerability and threat landscape reporting for the CISO, the CIO, and institutional leadership, translating technical exposure into institutional risk language. Support GLBA Safeguards Rule compliance by maintaining continuous, documented evidence of vulnerability management and penetration testing activities. Contribute to incident response investigations as a technical analyst, particularly where historical vulnerability data or threat intelligence is relevant. Participate in Monroe’s incident response on-call rotation once established. Skills and Attributes Deep hands-on expertise with enterprise vulnerability management platforms (Tenable, Rapid7, Qualys, or equivalent), including scan policy design, credentialed scanning, and integration with remediation workflows. Working knowledge of penetration testing methodologies (PTES, OSSTMM) and experience coordinating or conducting internal or external pen tests. Familiarity with automated and continuous testing platforms (Pentera, Horizon3, RidgeBot, or similar) is preferred. Fluency in threat intelligence frameworks — MITRE ATT&CK, Cyber Kill Chain, STIX/TAXII — and practical experience applying them to operational decisions. Strong scripting skills in Python, PowerShell, or Bash for automation, data analysis, and custom tooling. Experience with SIEM platforms (Microsoft Sentinel, Splunk, or equivalent) and the ability to write effective detection logic. Understanding of higher-education threat landscape — ransomware targeting education, phishing against student populations, research-data attacks — or demonstrated ability to learn rapidly. Strong written communication skills; ability to produce clear, audience-appropriate reporting for technical and non-technical audiences. Collaborative orientation and comfort working across IT, the outsourced SOC, external vendors, and academic partners. Interest in mentoring students through the Student Cyber Corps program; experience with applied academic-operational collaboration is a plus. Qualifications Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field; equivalent professional experience considered. Minimum 6–8 years of progressive experience in vulnerability management, penetration testing, threat intelligence, or security operations, with at least 3 years in a senior analyst role. Professional certifications such as CISSP, GIAC GCIH, GIAC GPEN, OSCP, or equivalent strongly preferred. Experience in higher education, healthcare, financial services, or another regulated environment is preferred. Demonstrated experience managing third-party penetration testing or compromise assessment engagements is strongly preferred. Ability to work on-site at Monroe’s Bronx and New Rochelle campuses at least four days per week. Compensation Range: $80,000 - $130,000 annually #J-18808-Ljbffr Monroe University