Monroe University, founded in 1933, is a national leader in higher education access, affordability, and attainment. We believe in the power of education to facilitate social mobility and transform communities, and embrace our responsibility to advocate national policies that serve students’ best interests. We are proud of our outcomes and unique caring environment, especially for first-generation college students, newly arriving immigrants, and international students. Our innovative curriculum, taught by experienced industry professionals, integrates local, national, and global perspectives. Our academic programs align with industries that drive the New York and international economies that we serve. Our graduates are prepared for continued scholarship, professional growth, and career advancement.

Overview of the Position

The Senior Vulnerability and Threat Analyst is a senior individual contributor within the newly-formed Cybersecurity Nucleus at Monroe University. This role owns three tightly-integrated disciplines: continuous vulnerability management across Monroe’s environment, coordination of internal and external penetration testing activities, and consumption of threat intelligence relevant to the higher-education sector. As Monroe rebuilds its security posture following recent institutional events, the Senior Vulnerability and Threat Analyst serves as the primary analyst responsible for identifying, prioritizing, and driving remediation of technical exposures across the institution. This role partners closely with Monroe’s IT team, the outsourced Security Operations Center, and external specialized firms engaged for forensics or compromise assessment. The Senior Vulnerability and Threat Analyst also serves as the primary supervisor of the Student Cyber Corps program when it launches, providing faculty-aligned oversight of student-led security engagements.

Core Responsibilities

Establish and operate a continuous vulnerability management program covering endpoints, servers, network infrastructure, cloud workloads, and critical applications.
Prioritize vulnerabilities based on exploitability, institutional exposure, and business impact — not raw CVSS scores — and drive remediation in partnership with IT operations.
Coordinate internal and external penetration testing engagements, including scoping, vendor management, findings validation, and remediation tracking.
Consume and operationalize higher-education-specific threat intelligence through REN-ISAC membership, commercial threat feeds, and government advisories (CISA, FBI IC3).
Serve as the primary Monroe contact for REN-ISAC community engagement, including participation in sector-wide information sharing and peer collaboration.
Conduct proactive threat hunting in the environment to identify indicators of compromise, persistence mechanisms, and suspicious activity not surfaced by automated detections.
Partner with the outsourced Security Operations Center to tune detection rules, improve alert quality, and close visibility gaps.
Own the scoping, vendor selection, and project management of external specialized engagements such as compromise assessments and data discovery projects, in coordination with the CISO.
Supervise the Student Cyber Corps program when launched — designing engagement scope, reviewing student work product, validating findings, and ensuring no student access touches production PII or sensitive systems.
Produce regular vulnerability and threat landscape reporting for the CISO, the CIO, and institutional leadership, translating technical exposure into institutional risk language.
Support GLBA Safeguards Rule compliance by maintaining continuous, documented evidence of vulnerability management and penetration testing activities.
Contribute to incident response investigations as a technical analyst, particularly where historical vulnerability data or threat intelligence is relevant.
Participate in Monroe’s incident response on-call rotation once established.

Skills and Attributes

Deep hands-on expertise with enterprise vulnerability management platforms (Tenable, Rapid7, Qualys, or equivalent), including scan policy design, credentialed scanning, and integration with remediation workflows.
Working knowledge of penetration testing methodologies (PTES, OSSTMM) and experience coordinating or conducting internal or external pen tests.
Familiarity with automated and continuous testing platforms (Pentera, Horizon3, RidgeBot, or similar) is preferred.
Fluency in threat intelligence frameworks — MITRE ATT&CK, Cyber Kill Chain, STIX/TAXII — and practical experience applying them to operational decisions.
Strong scripting skills in Python, PowerShell, or Bash for automation, data analysis, and custom tooling.
Experience with SIEM platforms (Microsoft Sentinel, Splunk, or equivalent) and the ability to write effective detection logic.
Understanding of higher-education threat landscape — ransomware targeting education, phishing against student populations, research-data attacks — or demonstrated ability to learn rapidly.
Strong written communication skills; ability to produce clear, audience-appropriate reporting for technical and non-technical audiences.
Collaborative orientation and comfort working across IT, the outsourced SOC, external vendors, and academic partners.
Interest in mentoring students through the Student Cyber Corps program; experience with applied academic-operational collaboration is a plus.

Qualifications

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field; equivalent professional experience considered.
Minimum 6–8 years of progressive experience in vulnerability management, penetration testing, threat intelligence, or security operations, with at least 3 years in a senior analyst role.
Professional certifications such as CISSP, GIAC GCIH, GIAC GPEN, OSCP, or equivalent strongly preferred.
Experience in higher education, healthcare, financial services, or another regulated environment is preferred.
Demonstrated experience managing third-party penetration testing or compromise assessment engagements is strongly preferred.
Ability to work on-site at Monroe’s Bronx and New Rochelle campuses at least four days per week.

Compensation Range: $80,000 - $130,000 annually

Overview of the Position

Core Responsibilities

Establish and operate a continuous vulnerability management program covering endpoints, servers, network infrastructure, cloud workloads, and critical applications.
Prioritize vulnerabilities based on exploitability, institutional exposure, and business impact — not raw CVSS scores — and drive remediation in partnership with IT operations.
Coordinate internal and external penetration testing engagements, including scoping, vendor management, findings validation, and remediation tracking.
Consume and operationalize higher-education-specific threat intelligence through REN-ISAC membership, commercial threat feeds, and government advisories (CISA, FBI IC3).
Serve as the primary Monroe contact for REN-ISAC community engagement, including participation in sector-wide information sharing and peer collaboration.
Conduct proactive threat hunting in the environment to identify indicators of compromise, persistence mechanisms, and suspicious activity not surfaced by automated detections.
Partner with the outsourced Security Operations Center to tune detection rules, improve alert quality, and close visibility gaps.
Own the scoping, vendor selection, and project management of external specialized engagements such as compromise assessments and data discovery projects, in coordination with the CISO.
Supervise the Student Cyber Corps program when launched — designing engagement scope, reviewing student work product, validating findings, and ensuring no student access touches production PII or sensitive systems.
Produce regular vulnerability and threat landscape reporting for the CISO, the CIO, and institutional leadership, translating technical exposure into institutional risk language.
Support GLBA Safeguards Rule compliance by maintaining continuous, documented evidence of vulnerability management and penetration testing activities.
Contribute to incident response investigations as a technical analyst, particularly where historical vulnerability data or threat intelligence is relevant.
Participate in Monroe’s incident response on-call rotation once established.

Skills and Attributes

Deep hands-on expertise with enterprise vulnerability management platforms (Tenable, Rapid7, Qualys, or equivalent), including scan policy design, credentialed scanning, and integration with remediation workflows.
Working knowledge of penetration testing methodologies (PTES, OSSTMM) and experience coordinating or conducting internal or external pen tests.
Familiarity with automated and continuous testing platforms (Pentera, Horizon3, RidgeBot, or similar) is preferred.
Fluency in threat intelligence frameworks — MITRE ATT&CK, Cyber Kill Chain, STIX/TAXII — and practical experience applying them to operational decisions.
Strong scripting skills in Python, PowerShell, or Bash for automation, data analysis, and custom tooling.
Experience with SIEM platforms (Microsoft Sentinel, Splunk, or equivalent) and the ability to write effective detection logic.
Understanding of higher-education threat landscape — ransomware targeting education, phishing against student populations, research-data attacks — or demonstrated ability to learn rapidly.
Strong written communication skills; ability to produce clear, audience-appropriate reporting for technical and non-technical audiences.
Collaborative orientation and comfort working across IT, the outsourced SOC, external vendors, and academic partners.
Interest in mentoring students through the Student Cyber Corps program; experience with applied academic-operational collaboration is a plus.

Qualifications

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field; equivalent professional experience considered.
Minimum 6–8 years of progressive experience in vulnerability management, penetration testing, threat intelligence, or security operations, with at least 3 years in a senior analyst role.
Professional certifications such as CISSP, GIAC GCIH, GIAC GPEN, OSCP, or equivalent strongly preferred.
Experience in higher education, healthcare, financial services, or another regulated environment is preferred.
Demonstrated experience managing third-party penetration testing or compromise assessment engagements is strongly preferred.
Ability to work on-site at Monroe’s Bronx and New Rochelle campuses at least four days per week.

Compensation Range: $80,000 - $130,000 annually

Senior Vulnerability and Threat Analyst

Job Description

Overview of the Position

Core Responsibilities

Skills and Attributes

Qualifications

Apply now

Stay at the forefront
of market

Senior Vulnerability and Threat Analyst

Job Description

Overview of the Position

Core Responsibilities

Skills and Attributes

Qualifications

Apply now

Senior Vulnerability and Threat Analyst

Job Description

Overview of the Position

Core Responsibilities

Skills and Attributes

Qualifications

Apply now

Stay at the forefront of market

Senior Vulnerability and Threat Analyst

Job Description

Overview of the Position

Core Responsibilities

Skills and Attributes

Qualifications

Apply now

Stay at the forefront
of market