Senior IT Security Analyst San Francisco, CA

About the California Academy of Sciences

The California Academy of Sciences is a globally renowned scientific and cultural institution located in the heart of San Francisco’s Golden Gate Park. Home to a world‑class planetarium, aquarium, research center, and natural history museum—all under one living roof—our mission is to regenerate the natural world through science, learning, and collaboration.

Our extensive collections span plants, animals, fossils, and cultural artifacts from across the globe and throughout history. We are a diverse team of leading biodiversity scientists, educators, storytellers, designers, and communicators who work collaboratively to advance knowledge and inspire action through science and storytelling.

When you join the California Academy of Sciences, you become part of a mission‑driven community that values curiosity, collaboration, and innovation. Whether you're working behind the scenes in research or engaging the public on the museum floor, your work will help connect people to the natural world and empower them to protect it.

About the Opportunity

Reporting to the Director of Information Technology, the Senior Security Analyst is responsible for configuring, maintaining, and monitoring internal security controls to prevent, detect, and respond to cyber threats. The analyst will focus on the needs of information security services, bringing security expertise to integrate security tools into daily operations, contribute to the improvement of security architecture, and assess and improve security in departments across the Academy.

Additionally, this position plays a critical role in maturing our IT and security programs at the Academy.

We hope you are inspired by what we do and are excited to contribute to our mission. The Academy is seeking candidates who consistently deliver exceptional work, and they may come from a variety of backgrounds and experiences. We encourage you to apply even if you do not believe you meet every qualification for the position.

This position is based in San Francisco, California. The specific onsite/hybrid schedule for this position is listed below. This position is part of a bargaining unit represented by Cal Academy Workers United and will be subject to the terms and conditions of that contract.

Key Responsibilities

• Manage, coordinate, and implement the latest security best practices on network devices, firewalls, servers, and workstations to ensure continuous alignment with security standards and requirements.

• Partner with the IT Infrastructure Manager to establish and maintain a system for ensuring that security policies are met and all staff are trained and informed fully on their role in security.

• Evaluate the effectiveness of awareness and security training programs and make recommendations for improvement.

• Analyze, research, and resolve security breaches and vulnerability issues for all implemented software and hardware platforms.

• Evaluate, prioritize, and coordinate patching.

• Provide security expertise and consulting to the IT Team and CAS internal technology partners.

• Partner with external security advisors to evaluate security posture and review/remediate issues.

• Participate in team exercises to identify potential security risks and tabletop scenarios.

• Maintain awareness/knowledge of industry‑standard security trends/benchmarks/frameworks (e.g., NIST, CISA, ISO.

Qualifications

Experience and

Education:

• 5+ years of experience in the Information Technology field.

• 3+ years of enterprise IT security experience.

• Experience with the administration/use of security software (e.g., Trellix/Fire Eye, Tenable, Nessus, Sophos, Splunk).

• Experience assessing IT infrastructure and software to identify vulnerabilities.

• BS/BA or equivalent training and experience.

• Information Security Certifications – CISSP, CISM, GIAC – strongly preferred.

• Hands‑on experience with firewalls, network security, and VPNs – preferred.

• SIEM experience – preferred.

• Automation experience – preferred.

Skills and Abilities:

• Strong problem‑solving and troubleshooting skills.

• Ability to interact with users of varying levels of technical knowledge.

• Ability…