Senior IT Security Analyst

About the California Academy of Sciences

The California Academy of Sciences is a globally renowned scientific and cultural institution located in the heart of San Francisco’s Golden Gate Park. Home to a world-class planetarium, aquarium, research center, and natural history museum—all under one living roof—our mission is to regenerate the natural world through science, learning, and collaboration.

Our extensive collections span plants, animals, fossils, and cultural artifacts from across the globe and throughout history. We are a diverse team of leading biodiversity scientists, educators, storytellers, designers, and communicators who work collaboratively to advance knowledge and inspire action through science and storytelling.

When you join the California Academy of Sciences, you become part of a mission-driven community that values curiosity, collaboration, and innovation. Whether you're working behind the scenes in research or engaging the public on the museum floor, your work will help connect people to the natural world and empower them to protect it.

About the Opportunity

Reporting to the Director of Information Technology,  the Senior Security Analyst is responsible for configuring, maintaining, and monitoring internal security controls to prevent, detect, and respond to cyber threats. The Analyst will focus on the needs of information security services, bringing information security expertise to integrate security tools into daily operations, contribute to the improvement of security architecture, and assess/improve security in departments across the Academy. Additionally, this position plays a critical role in maturing our IT and security programs at the Academy.

Organizational Culture
Join a team dedicated to the Academy’s mission, vision, and values! Currently, the Academy has a new strategic plan including three initiatives – Hope for Reefs, Thriving California, and Islands 2030 – that leverage biodiversity science, environmental learning, and collaborative engagement to regenerate fragile ecosystems around the world. Learn more at https://www.calacademy.org/about-us/major-initiatives.

We hope you are inspired by what we do and are excited to contribute to our mission. The mission of the California Academy of Sciences is to regenerate the natural world through science, learning, and collaboration. The Academy is seeking candidates who consistently deliver exceptional work, and they may come from a variety of backgrounds and experiences. We encourage you to apply even if you do not believe you meet every qualification for the position.

This position is based in San Francisco, California. The specific onsite/hybrid schedule for this position is listed below. [FOR CAWU ROLES] This position is part of a bargaining unit represented by Cal Academy Workers United, and will be subject to the terms and conditions of that contract.

Key Responsibilities

• Manage, coordinate, and implement the latest security best practices on network devices, firewalls, servers, and workstations to ensure continuous alignment with security standards and requirements.
• Partner with the IT Infrastructure Manager to establish and maintain a system for ensuring that security policies are met and all staff are trained and informed fully on their role in security
• Evaluate the effectiveness of awareness and security training programs and make recommendations for improvement.
• Analyze, research, and resolve security breaches and vulnerability issues for all implemented software and hardware platforms. 
• Evaluate, Prioritize, and coordinate patching.
• Provide security expertise and consulting to the IT Team and CAS internal technology partners
• Partner with external security advisors to evaluate security posture and review/remediate issues
• Participate in team exercises to identify potential security risks and tabletop scenarios
• Maintain awareness/knowledge of industry-standard security trends/benchmarks/frameworks (e.g., NIST/CISA/ISO 27001)
• Perform off-hour/weekend work as required

Qualifications: A successful candidate will have the following:

EXPERIENCE and/or EDUCATION:

• 5+ years of experience in the Information Technology field
• 3+ years of enterprise IT security experience
• Experience with the administration/use of security software (e.g., Trellix/FireEye, Tenable, Nessus, Sophos, Splunk)
• Experience assessing IT infrastructure and software to identify vulnerabilities
• BS/BA or equivalent training and experience
• Information Security Certifications - CISSP, CISM, GIAC - strongly preferred
• Hands-on experience with firewalls, network security, and VPNs - preferred
• SIEM Experience - preferred
• Automation Experience - Preferred

SKILLS AND ABILITIES:                

• Strong problem-solving and troubleshooting skills
• Ability to interact with users of varying levels of technical knowledge
• Ability to work as part of a team or collaborate well with team members and external collaborators to accomplish mutual goals.
• Ability to work efficiently and communicate with staff, cross-functional teams, and external customers from different identities and experiences.
• Advanced knowledge of the processes, tools, and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve, and prevent violations of IT security, to protect organizational data

Physical Environment:
To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions. (Cut and paste from the Job Description, adding other requirements relevant to the position's responsibilities.)

Compensation and Benefits:
The salary range for this position is $121,762. Actual compensation will be commensurate with the final candidate's qualifications and experience, including skills, knowledge, relevant education, certifications and aligned with the internal peer group. We believe in fair and equitable compensation practices and are committed to providing competitive salaries within the industry and market standards. The Academy offers a total compensation package that emphasizes both base salary and comprehensive benefits based on the hours per week worked. Further details regarding compensation and benefits will be discussed during the interview process.

Schedule: Full-time, 40 hours per week

How to Apply:

Interested candidates should submit a resume and application through our Careers Page portal.

The California Academy of Sciences will give full consideration for employment to all qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance (SF Police Code, Article 49).