Lead Analyst, Cyber Defense

Benefits

Additional Information

ABOUT THE DEPARTMENT The University of Southern California (USC) is committed to strengthening its cybersecurity posture through resilience, cyber risk management, and threat-informed defense. As a world-class research institution, USC is building a culture of security that supports its academic and research mission in a rapidly evolving threat landscape. This role sits within USC's cybersecurity organization, which is advancing threat-informed defense and operational excellence. You'll join a team committed to scalable, proactive defense strategies, incident preparedness, and high-impact partnership across the university, working alongside experts who are deeply committed to service, innovation, and impact. If you're driven by purpose, thrive in complexity, and want to help shape the future of cybersecurity at a leading university, we invite you to bring your expertise to the table. POSITION SUMMARY As the Lead Analyst, Cyber Defense you will be an integral member of the cybersecurity department while also collaborating with stakeholders across the university ecosystem and reporting to the Manager, Cyber Defense. This is a full-time exempt position, eligible for all of USC's fantastic Benefits + Perks. This opportunity is remote. The Lead Analyst, Cyber Defense serves as a technical authority responsible for elevating the university's cyber detection and response posture. Leads advanced incident investigations, threat hunting and detection development while partnering across the SOC, threat intelligence, MSSPs, and distributed university partners. Ensures high-fidelity threat detection by operationalizing threat intel, optimizing SIEM tools (e.g., Splunk and Chronicle) and shaping detection logic, playbooks and standards. Drives cyber defense maturity across diverse systems, aligning with MITRE ATT&CK and other frameworks. Contributes to the development of detection standards, SOC engineering priorities, and incident readiness and response. The Lead Analyst, Cyber Defense : Coordinates and manages the response to actual and potential security breaches, engaging in the identification, triage, categorization of security incidents and events. Leads incident response efforts (e.g., investigation, remediation) during security breaches. Leads major incident investigations and complex forensic analysis of systems, logs, and artifacts inclusive of identifying, investigating, and responding to security incidents. Works with cyber defense team members to assign criticality and priority levels to security incidents and events. Actively reports on security incidents as they are escalated or identified to cyber leadership and management. Collaborates with SOC teams and MSSPs to support round-the-clock monitoring and triage. Assists in the development and implementation of incident response policies and procedures to ensure a structured approach to handling security incidents. Assists with development and implementation of SIRPs, as well as detection, containment, eradication, and recovery strategies. Develops and maintains incident response plans specific to OT and IoT environments. Applies risk analysis techniques and strategies when evaluating the impact of cyber threats and vulnerabilities, as well as recommended remediation steps. Assists with design and delivery of incident response exercises to test client SIRP. Supports purple team initiatives and adjusts detections based on red team findings. Communicates with university management and other cybersecurity teams during high-security events, following incident response guidelines and escalating issues when necessary. Works with information security officers (ISOs) and cyber governance to exchange information with IT directors and support departments, schools, or units (DSUs) in their recovery from incidents. Collaborates with the USC Office of Culture, Ethics and Compliance and Office of the General Counsel to build forensic case documentation, including chain-of-custody information, data categorization, and investigatory results. Provides executive communication, finished incident reports and forensics data, as appropriate, advising management on decisions that may significantly affect operations, policies, or procedures. Participates in and leads after-action reviews from tabletop exercises and major incidents. Works with senior cyber defense analysts to analyze security logs, network traffic, and other data sources to identify indicators of compromise (IOC) and malicious activity. Forensically analyzes end-user systems and servers found to have possible IOC, as well as artifacts collected during a security incidents. Reviews and addresses false positives, collaborating with other cyber teams (including pro and managed service teams) to refine and improve the accuracy of security tool configuration rules and policies. Documents security incidents and incident response activities; analyzes metrics and trends. Leads and conducts post-incident reviews