IT Security Analyst Sr

Job Category: TEC Infrastructure & Operations

At the Monterey Bay Aquarium, we are passionate about creating an inclusive workplace that celebrates and values diversity. We firmly believe that having a team of diverse backgrounds and voices, working together, increases our capacity to serve our visitors and fulfill our mission. We welcome people from all walks of life into our team and strongly encourage people of color, LGBTQ+ individuals, veterans, and people with disabilities to apply.

Priority Final date to receive applications is January 9, 2026. We're sharing this role ahead of the holidays to give candidates time to apply while our Talent Acquisition team will be out for the holidays from December 24 to January
9. Applications will be reviewed once the team has returned to work and interviews are expected to begin shortly after.

Job Summary:

With limited oversight, assess and maintain all aspects of IT security for the Aquarium. Define security standards and exceptions, lead DR (Disaster Recovery) and IR (Incident Response), and serve as the primary owner of our managed SOC/SIEM and annual internal/external penetration tests, including use-case tuning and remediation tracking. Establish the security roadmap, processes, and KPIs, brief leadership, and ensure compliance with CPRA/CCPA, PCI DSS, and applicable breach-notification and privacy obligations.

Protect data and systems across corporate IT, M365/Azure cloud/AWS, and OT/ICS environments (including life-support and facilities). Partner with Legal, HR, Finance, Facilities, and IT to embed “secure-by-design” across projects and vendors. Perform other duties as assigned.

This is a hybrid role, so the candidate must live within commuting distance of the aquarium to fulfill the on-site requirements of the job.

Core Activities:

• Detection engineering & SOC management – Identify detection rules (e.g., SIEM rule tuning, playbooks, etc.) in collaboration with the managed SOC, reduce false positives, and drive mean-time-to-detect/respond improvements.
• Identity & access management – Review and confirm SSO/MFA, Conditional Access, least-privilege, and PAM, conduct quarterly access audits on significant platforms such as AD, HR, and Finance systems.
• OT/ICS security – Review and confirm network segmentation security, staff/vendor remote access, ensure monitoring capabilities are not hindered by any security rules, tools, implementations, and create incident runbooks with Facilities/Animal Care/Life Support.
• Cloud & M365 security posture – Create standards and processes for the administration of Defender (EDR/XDR), Purview/DLP, Entra , Secure Score, CIS baselines, and Conditional Access. Establish standards and processes for administering AWS.
• Data protection & privacy – Establish Data Classification standards, encryption (at rest/in transit), DLP requirements, retention/disposal implementation and enforcement; partner with Legal on PIAs.
• Vulnerability management – Set scanning cadence, patch SLAs, exceptions, risk acceptance, and verify pen-test remediations.
• Vendor & third-party risk – Review DPAs/Contracts/cybersecurity questionnaires and suggest language changes to reflect internal security requirements.
• Application Security/Software Development Life Cycle reviews – Threat model new apps/integrations, review data flows, authorization, and logging.
• Email security & awareness – Configure and maintain DMARC/SPF/DKIM, phishing simulations, targeted training based on failure cohorts.
• Write technical and functional documents and reports; maintain documentation on security tools and controls. This can include how-tos, infographics, whitepapers, processes and procedures, workflows, Visio diagrams, etc.
• Incident response leadership & tabletops – Lead incidents, coordinate response, forensics triage, post-mortems, and improvements.
• Resilience & ransomware readiness – Coordinate backup/restore testing, RTO/RPO validation, and DR exercises with the T&I Operations team.
• Metrics & reporting – Create and deliver monthly KPIs (e.g., MTTD/MTTR, patch compliance, phishing fail rate, control coverage) for leadership.
• BS/BA in Computer Science, or equivalent combination of…