Information Security Analyst Tier 1

The Information Security Analyst Tier 1 serves as the essential first line of defense in our Security Operations Center (SOC). This role goes beyond simple monitoring; you will be responsible for the end-to-end triage, investigation, and detailed documentation of security incidents. Your daily workflow involves analyzing security alerts from various data sources-specifically leveraging SIEM, EDR platforms, and email security gateways-to identify and mitigate threats ranging from phishing to sophisticated compromised account investigations. A critical component of this role is proactive defense and operational excellence. You will actively contribute to the SOC's evolution by developing and refining detection logic based on observed activity, automating manual tasks to increase operational efficiency and maintaining comprehensive security playbooks and incident reports. You will also handle user access requests to security tools, ensuring secure and appropriate identity management. As well as ensuring all investigative steps are logged for compliance and hand-off purposes. This position offers a dynamic environment for those who want to transition from traditional monitoring into Detection Engineering and Security Orchestration (SOAR). This role operates during standard business hours with no on-call rotation.

Required Education: Bachelor's Degree or equivalent combination of education and experience

Preferred Education: Bachelor's Degree Bachelor's Degree or higher in Cybersecurity, Computer Science, or a related technical discipline

Required Experience: 2+ years Experience involving information technology and/or information security

Preferred Experience: 3+ years Experience in an enterprise Security Operations Center or IT environment. Experience investigating compromised accounts, including analyzing authentication logs, sessions, and MFA events. Experience building or tuning detections within a SIEM (Splunk preferred) or EDR tool. Basic to Intermediate experience with Automation: Using Python, PowerShell, or SOAR tools to streamline repetitive tasks. Experience with Email Security Gateways and performing deep-dive phishing analysis (header analysis, attachment detonation, etc.). Experience managing User Access Requests and Identity and Access Management (IAM) principles. Experience writing hand-off notes, incident reports, and SOPs. Experience working with Cloud technologies.

Required Skills, Knowledge and Abilities: Demonstrated understanding of the incident response lifecycle and common attack vectors. Ability to clearly communicate technical findings and security concepts to non-technical stakeholders. Proficiency with Windows, macOS, and Linux operating systems. Strong analytical mindset with a focus on 'why' an alert triggered, not just 'what' triggered. Ability to maintain a high level of discretion and professionalism.

Preferred Skills, Knowledge and Abilities: Knowledge of Detection Engineering principles (e.g., mapping to MITRE ATT&CK). Familiarity with API-based integrations for security automation. Understanding of network protocols (TCP/IP, DNS, HTTP) and cloud security fundamentals. Understanding of HTTP/HTTPS protocols and response codes (e.g. 2xx,3xx,4xx,5xx). Familiarity with security frameworks (NIST, CIS) and risk/compliance initiatives. Additional Information In compliance with NYC's Pay Transparency Act, the annual base salary range for this position is USD $70,000.00 to USD $84,700.00. New York University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as, market and organizational considerations when extending an offer. This pay range represents base pay only and excludes any additional items such as incentives, bonuses, clinical compensation, or other items.