Lead Analyst, Cyber Defense

About the Department

The University of Southern California (USC) is committed to strengthening its cybersecurity posture through resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape.

This role sits within USC's cybersecurity organization, which is advancing threat-informed defense and operational excellence. You'll join a team committed to scalable, proactive defense strategies, incident preparedness, and high-impact partnership across the university, working alongside experts who are deeply committed to service, innovation, and impact.

If you're driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your expertise to the table.

Position Summary

As the Lead Analyst, Cyber Defense, you will be an integral member of the cybersecurity department while also collaborating with stakeholders across the university ecosystem and reporting to the Manager, Cyber Defense. This is a full-time exempt position, eligible for all of USC's fantastic Benefits Perks. This opportunity is remote.

The Lead Analyst, Cyber Defense serves as a technical authority responsible for elevating the university's cyber detection and response posture. Leads advanced incident investigations, threat hunting and detection development while partnering across the SOC, threat intelligence, MSSPs, and distributed university partners. Ensures high-fidelity threat detection by operationalizing threat intel, optimizing SIEM tools (e.g., Splunk and Chronicle) and shaping detection logic, playbooks and standards. Drives cyber defense maturity across diverse systems, aligning with MITRE ATT&CK and other frameworks. Contributes to the development of detection standards, SOC engineering priorities, and incident readiness and response.

Key Responsibilities

• Coordinates and manages the response to actual and potential security breaches, engaging in the identification, triage, categorization of security incidents and events.
• Assists in the development and implementation of incident response policies and procedures to ensure a structured approach to handling security incidents.
• Communicates with university management and other cybersecurity teams during high-security events, following incident response guidelines and escalating issues when necessary.
• Works with senior cyber defense analysts to analyze security logs, network traffic, and other data sources to identify indicators of compromise (IOC) and malicious activity.
• Documents security incidents and incident response activities; analyzes metrics and trends.
• Collaborates with senior cyber defense analyst and cyber threat team to stay informed about the latest threats, vulnerabilities, and attack vectors.
• Encourages a workplace culture where all employees are valued, value others and have the opportunity to contribute.

Minimum Qualifications

• 5 years in key Cyber Defense areas (e.g., incident response, security monitoring, cyber threat intelligence, attack surface and vulnerability management).
• Bachelor's degree or combined experience/education as substitute for minimum education.
• Familiarity with security tools and solutions such as SIEM, IDS/IPS, endpoint protection, network security zones, and firewall configurations.
• Significant experience in a SOC analyst or detection engineering role.
• Experience in a senior incident response role or threat hunting capacity.
• Knowledge of industrial control systems (ICS), digital forensics (DFIR), and OT/IoT systems.
• Demonstrated understanding of security threats, vulnerabilities, intrusion techniques, and malware analysis.
• Proficiency in packet capture, log analysis, and security assessment tools (e.g., NMAP, Nessus, Metasploit).
• Excellent written and oral communication skills, and an exemplary attention to detail.
• In-depth knowledge of industry standards and regulations (e.g., ISO 27001, NIST CSF).
• Ability to work evenings, weekends and holidays as the schedule dictates.

Preferred Qualifications

• 7 years of related experience.
• Bachelor's degree in information science, computer science, computer engineering, or related field.
• GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), or equivalent.
• Cisco Certified CyberOps Associate or similar.
• MITRE ATT&CK Defender certifications preferred.

Salary and Benefits

The annual base salary range for this position is $164,175.55 to $196,000. USC provides benefits-eligible employees with a broad range of perks to help protect their and their dependents' health, wealth, and future.

Equal Opportunity Employer

USC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law or policy.