IT Security Analyst

Summary

Join Instructure as an IT Security Analyst and safeguard our digital assets by preventing, detecting, and responding to cybersecurity threats. You will develop, implement, and maintain robust security protocols and systems. Conduct risk assessments, security audits, and vulnerability scans. Collaborate with IT teams to remediate vulnerabilities and contribute to the design and implementation of secure IT systems. Develop and deliver security awareness training programs. Stay current with cybersecurity threats and evaluate new security technologies. This role requires a Bachelor's degree or relevant experience, at least one year of experience in a similar role, and proven experience with security frameworks and tools.

Requirements

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field
• At least 1 year of experience in an IT Security Analyst, Information Security Specialist, or similar role
• Proven experience with security frameworks (e.g., NIST, ISO 27001)
• Hands-on experience with security tools such as SIEM, IDS/IPS, vulnerability scanners, firewalls, and endpoint protection solutions
• Strong understanding of network protocols, operating systems (Apple, Windows, Linux), and cloud environments (e.g., AWS, Azure, GCP if applicable)
• Proficiency in identifying and mitigating common web application vulnerabilities (e.g., OWASP Top 10)
• Knowledge of incident response methodologies
• Excellent analytical and problem-solving skills with a keen attention to detail
• Strong communication skills (written and verbal) to articulate complex security concepts to technical and non-technical audiences
• Ability to work independently and collaboratively in a team environment
• Proactive and self-motivated with a strong sense of ownership and urgency
• Ability to manage multiple priorities in a fast-paced environment

Responsibilities

• Conduct comprehensive risk assessments and security audits of IT infrastructure, applications, and processes to identify vulnerabilities and potential threats
• Perform regular vulnerability scanning and coordinate penetration testing efforts
• Analyze assessment results, prioritize identified risks, and recommend appropriate mitigation strategies and security enhancements
• Collaborate with IT teams to ensure timely remediation of security vulnerabilities
• Contribute to the design and implementation of secure IT systems, networks, and applications, ensuring security best practices are integrated from the initial stages of development
• Configure, maintain, and optimize security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM) systems, antivirus/anti-malware solutions, data encryption tools, and identity and access management (IAM) systems
• Develop, implement, and enforce information security policies, standards, guidelines, and procedures in alignment with industry best practices and regulatory requirements (e.g., [mention relevant regulations like ISO 27001, NIST, GDPR, HIPAA if applicable])
• Conduct security compliance audits to ensure adherence to internal policies and external regulations
• Maintain detailed documentation of security configurations, incidents, and remediation efforts
• Continuously monitor security logs, network traffic, and security alerts from SIEM systems and other security tools to detect anomalous or malicious activity
• Act as a primary responder for cybersecurity incidents, including investigation, containment, eradication, recovery, and post-incident analysis
• Develop and refine incident response plans and playbooks
• Participate in on-call rotation for critical security incidents as required
• Develop and deliver security awareness training programs to educate employees on cybersecurity risks, phishing prevention, data protection, and secure computing practices
• Promote a strong security-conscious culture across the organization
• Stay current with the latest cybersecurity threats, trends, vulnerabilities, and technological advancements
• Evaluate new security technologies and solutions to enhance the organization's security posture
• Recommend improvements to existing security systems and processes

Preferred Qualifications

• CompTIA Security+
• (ISC)² SSCP, CISSP
• EC-Council CEH (Certified Ethical Hacker)
• GIAC certifications (e.g., GSEC, GCIA, GCIH)
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis is a plus

Benefits

• Competitive compensation and participation in Instructure’s equity program
• Flexible schedules and a remote-friendly culture, with hybrid or onsite work available in some regions for specific jobs
• Generous paid time off, including global holidays and our annual “Dim the Lights” company-wide shutdown from December 26 to December 31
• Comprehensive wellness programs and mental health support
• Annual learning and development stipends to support your growth
• The technology and tools you need to do your best work—typically a Mac, with PC options available in some locations
• Motivosity employee recognition program
• A culture rooted in inclusivity, support, and meaningful connection