Senior Cybersecurity Analyst; SY

POSITION OVERVIEW: Senior Cybersecurity Analyst resides in the Office of Information and Instructional Technology (OIIT) within the Division of Data, Information, and Systems Improvement of the Boston Public Schools, reporting to the Chief Technology Officer. The Senior Cybersecurity Analyst plays a critical role in safeguarding the district's digital infrastructure, ensuring a secure, reliable, and effective technology environment for students, staff, and administrators across the K-12 school district.

This position is responsible for managing security at both the network perimeter and the end-user device level, overseeing content filtering, remote access, and device management systems. The Senior Cybersecurity Analyst will serve in a senior role within OIIT and will be responsible for advanced knowledge of Cybersecurity Frameworks, Tools, Attack Vectors, and Prevention and Remediation Methods.

• Network and Endpoint Security Management:
  Design, implement, and maintain security policies, standards, and procedures for the district's network and end-user devices.
• Monitor security systems for threats, vulnerabilities, and incidents. Respond to and resolve detected security events promptly and effectively.
• Manage and configure firewalls, intrusion detection/prevention systems (IDS/IPS), and other network security appliances.
• Oversee antivirus/anti-malware solutions and endpoint detection and response (EDR) tools on all managed devices.

• Remote Access and Zero Trust Framework:
  Manage, configure, and maintain the secure remote access infrastructure, adhering to Zero Trust Architecture (ZTA) principles.
• Implement and enforce "Never Trust, Always Verify" policies with continuous, risk-based verification for every user and device accessing district resources.
• Replace or augment traditional VPN functionality with granular, least-privilege access (Zero Trust Network Access - ZTNA).
• Mandate and manage Multi-Factor Authentication (MFA) for users, especially for remote access and key administrative systems.
• Develop, document, and automate procedures for provisioning, continuous monitoring, and secure revocation of remote access based on role and device posture.
• Monitor and validate the security posture and compliance of all connecting endpoints (e.g., up-to-date patches, EDR/AV status) before granting access.

• Content Filtering and Compliance:
  Administer, configure, and fine-tune the district’s enterprise-level content filtering platform (DNS-based, proxy, or cloud-based).
• Ensure content filtering is maintained and compliant with CIPA and all applicable policies for students and staff.
• Develop and manage granular filtering rules that balance security with instructional needs.
• Manage the process for reviewing and responding to requests for website unblocking or categorization adjustments with quick instructional turnaround.
• Monitor, analyze, and generate detailed compliance and usage reports on internet activity to identify trends and policy violations.
• Collaborate with educational technology staff to test and validate filtering policies on district devices and grade levels.

• Device Management (MDM/UEM):
  Administer the Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platform for all district-owned devices (e.g., Chromebooks, laptops, tablets, desktops).
• Perform secure device provisioning, configuration, deployment, and lifecycle management.
• Ensure all endpoints are properly patched and configured with mandated security controls and inventoried.
• Collaborate with the City of Boston’s Cybersecurity and IT teams.
• Other duties as assigned.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a closely related field.
• Five (5) or more years of progressively responsible experience in cybersecurity, information security, or IT security operations, including a senior or lead technical role.
• Hands-on experience securing both network infrastructure and end-user devices, including:
  • Firewalls and network security appliances.
  • Endpoint protection and endpoint detection and response (EDR) tools.
  • Antivirus and anti-malware solutions.
• Experience…