Job Description Summary The Cybersecurity Operations Team is part of the larger Systems, Networks and Client Services teams that report to the DCIO. The Senior Cybersecurity Operations Analyst will lead the efforts of a dedicated Cybersecurity Engineer and a wider network of subject matter experts embedded in other IT departments. The team works most closely with IT staff as well as HR, Legal, Finance, Student Affairs to identify and manage risk through a cycle of identification, protection, detection, response and recovery. Technical tools/solutions are critical to success. The team contributes on reports to the Cabinet, the Audit Committee, and/or the Cybersecurity subcommittee.
The Senior Cybersecurity Operations Analyst will plan, coordinate, and implement security measures to protect Bentley data, systems, and assets in support of Bentley's Cybersecurity Framework and Program. The three pillars of the framework are Governance, Risk and Compliance (GRC), Operations, and Collaboration. The Senior Cybersecurity Operations Analyst will focus on implementing vulnerability management, aspects of data classification, access management, and incident response.
Plan and lead cybersecurity activities in conjunction with Systems, Networks and Client Services teams.
Lead regular technical meetings with IT colleagues to review network, systems and endpoints security posture, identify best practices and remediation steps for any gaps.
Manage project timelines, action items, deliverables in a professional and responsive manner. Navigate Bentley's organization and IT environment to best realize the strategic and tactical objectives of the Cybersecurity Program.
Keep current with Bentley's changing business and IT environment and the external technologies and threat landscape in order to best manage risk and to be proactive in providing solutions to mitigate risks to acceptable levels.
Work with IT colleagues to provide design input as well as to review software configuration of SaaS systems to ensure the deployment of secure systems.Identify needs and contribute to data protection, governance, and compliance initiatives by implementing processes, procedures, standards and guidelines.
Advise on security best practices, make recommendations and take action to protect data and systems.
Access and manage numerous reporting and security tools to protect our environment and investigate incidents. Suggest and execute as appropriate measures to contain or thwart attacks.
Work with Managed Security Service provider to address risk, mitigate threats and report on overall health of the environment.
Review vendor security controls (existing and potential vendors) and document concerns relative to Bentley's business needs.
Respond to vulnerability reports from other parties, occasionally responding after normal work hours based on a rotating schedule or to manage an incident. Score and triage vulnerability. Recommend appropriate prioritization to remediate issue.
Plan and manage outside vendor penetration tests including test scope, contract terms, test timing and all aspects of the penetration test.
Assist with other aspects of Bentley's Cybersecurity program - standard operating procedures, etc.
Work with the Cybersecurity Engineer in managing vulnerability scans (internal & external network, wireless and application) and vulnerability remediation.
Provide mentorship to others on security best practices.
5+ years of related experience. Demonstrated proficiency and knowledge in information security.
Strong written and verbal communication skills with ability to convey risk priority and impact.
Working knowledge of IT infrastructure (networks, systems and endpoints) and applications security.
Understanding of security designs to support compute infrastructure, cloud services, networking technology and architecture.
Ability to multi-task keeping the highest risk and/or priority items as forefront.
Timely and professional responsiveness.
Ability to quickly adapt to new processes and able to recommend process changes to improve organizational response.
Strong understanding of vulnerabilities and vulnerability prioritization.
Ability to manage multiple concurrent objectives, projects, groups, or activities, making effective judgments as to prioritizing and time allocation.
Knowledge of processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
Project and process management experience
Bachelor's degree in computer science, information systems, or engineering.
2+ years experience utilizing vulnerability testing tools such as Rapid7 Nexpose, Tenable Nessus, Qualys, Metasploit, Nmap, Wifi Pineapple or other similar tools.
Understanding of Common Vulnerability Scoring System (CVE).
Experience with firewalls, ACLs and VPN technologies.
Knowledge of Splunk, and Tenable I/O or equivalent.
Experience with Microsoft's Azure Advanced Threat protection, Windows defender ATP or O365 Cloud Application Security tools a plus.
Work experience in higher education with knowledge of FERPA.
Inquisitive nature and interest in unraveling and sorting through a variety of information from numerous
Sitting or standing in front of a computer for most of the day.
Ability to travel to locations and meetings across campus.
Bentley University requires references checks and may conduct other pre-employment screening.
Bentley University strives to create a campus community that welcomes the exchange of ideas, and fosters a culture that values differences and views them as a strength in our community.
Bentley University is an Equal Opportunity Employer, building strength through diversity. The University is committed to building a community of talented students, faculty and staff who reflect the diversity of global business. We strongly encourage applications from persons from underrepresented groups, individuals with disabilities, covered veterans and those with diverse experiences and backgrounds.
Internal Number: 115806216
About Bentley University
Bentley University is one of the nation's leading business schools, dedicated to preparing a new kind of business leader and one with the deep technical skills, the broad global perspective and the high ethical standards required to make a difference in an ever-changing world. To achieve our goal, we infuse our advanced business curriculum with the richness of a liberal arts education. The results are graduates who are making an impact in their chosen fields and turning their passions into success stories. Located on a classic New England campus just minutes from Boston, Bentley is a dynamic community of leaders, scholars and creative thinkers.