If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.
Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.
The IT Security Analyst will become knowledgeable on WGU’s enterprise security systems including security incident event management and network intrusion detection. They will be involved in monitoring systems for security breaches, providing investigative analysis and initiating incident response plans. They will also engage in the support of other security focused tools and services and other duties as assigned. In addition, they may be asked to provide risk assessments, conduct forensics analysis, assist with data collection provide user training and other security related tasks.
Job Description Summary:
The IT Security Analyst will become knowledgeable on WGU’s enterprise security systems including security incident event management and network intrusion detection. They will be involved in monitoring systems for security breaches, providing investigative analysis and initiating incident response plans. They will also engage in the support of other security focused tools and services and other duties as assigned. In addition, they may be asked to provide risk assessments, conduct forensics analysis, assist with data collection provide user training and other security related tasks.
The SOC Analyst is responsible for detecting, analyzing, and responding to security events in support of 24/7 Security Operations Center operations. This role focuses on rapid alert triage, high-quality investigations, proper escalation, and measurable reduction of organizational risk.
The analyst will operate within defined service level objectives (SLOs) and performance standards, ensuring timely response, accurate documentation, and disciplined execution of security processes.
Essential Functions and Responsibilities:
Works with Senior IT Security and IT Security Analysts, assists with penetration testing, incident handling/digital forensics, continuous monitoring, intrusion detection/prevention).
Functions equally well in abstract, conceptual, and architectural work as in granular technical implementation and configuration work.
Implements tools, processes, and communications that support information security initiatives.
Participates in tactical projects as they arise to clarify and respond to identified security risks across different technical domains.
Operates Information security tools and processes.
Executes established security practices with consistency and discipline.
Collaborates with engineers to implement standardized practices and follow routine processes to promote secure systems.
Validate security tool health and data ingestion to ensure visibility is maintained
Identify high-noise alerts and contribute to detection tuning efforts to improve signal-to-noise ratio.
Support automation and SOAR initiatives to improve SOC efficiency and reduce manual workload.
Operates, observes, and analyzes security practices.
Processes service request tickets efficiently and reliably.
Performs Correction of Errors (CoE) of all incidents, often with members of other teams.
Monitor SIEM, EDR, IDS/IPS, identity, email security, and other enterprise security platforms for suspicious or malicious activity
Perform alert triage, investigation, validation, and escalation according to defined severity levels and response playbooks.
Maintain awareness of evolving threat tactics, techniques, and procedures (TTPs), including MITRE ATT&CK mapping where applicable.
Monitors and tests fixes and patches to ensure problems have been adequately resolved.
Assists in the development of security policies and procedures.
Participate in tabletop exercises, threat hunting activities, and proactive detection efforts.
Contribute to ongoing improvement of SOC processes, runbooks, and playbooks.
Support compliance and audit evidence collection as required.
Continuously monitors tools for events that could lead to a breach.
Performs other related duties as assigned.
Knowledge, Skill and Abilities:
Works well with others especially those in complementary roles.
Good written and oral communication skills with the ability to communicate with purpose, clarity, and accuracy.
Maintain clear, structured, and defensible case documentation in the incident management system.
Provide concise investigation summaries suitable for technical and non-technical stakeholders.
Meet defined MTTR (Mean Time to Respond) targets by incident severity.
Hands-on technical implementation of information systems.
Ability to analyze logs across multiple platforms including endpoint, network, identity, and cloud environments.
Understanding of attacker methodologies including Cyber Kill Chain and MITRE ATT&CK.
Ability to operate effectively in a structured, metrics-driven environment with defined service level objectives.
Excellent analytical, problem solving, and decision-making skills required.
Solution-driven approach to problems.
Works on a variety of technical projects of moderate scope with some instruction.
Uses discretion to prioritize work and evaluate problem-solving approaches.
Limit errors to prevent impact to client operations, costs, or schedules.
This position requires general supervision on all work.
May help lead/coordinate small-medium scope projects.
Guidance is required around project scopes and methodology.
Work generally reviewed for accuracy.
Communicates with contacts both within the department and function on matters that may require some explanation or interpretation.
May work to influence parties within the department at an operational level regarding policies and best practices.
May provide guidance and assistance to more junior technical professionals.
Job Qualifications Minimum Qualifications:
Bachelor's Degree in IT Security, Computer Science, Engineering, or related field, high School Diploma or GED, and English is required.
3 years of relevant experience in IT Security, Engineering, or Networking, including some SOC experience incident response.
Experience with security industry standards and best practices.
Experience analyzing SIEM, network, event, security, and IDS alert logs
Working knowledge in MITRE Att&ck Framework and/or Cyber Kill Chain.
Knowledge of various security methodologies and processes, and technical security solutions (Endpoint Protection, IDS/IPS, Firewall Solutions, Offensive Security tools)
Knowledge of common Internet protocols and applications.
Experience operating within a 24/7 SOC environment preferred.
Demonstrated ability to meet defined response and documentation standards.
Preferred Qualifications:
Relevant security certifications (CISSP, GIAC, Security+, CEH).
Experience with SIEM platforms (e.g., Devo, Splunk, Sentinel)
Experience with EDR platforms (e.g., Carbon Black, CrowdStrike).
Experience with security automation (SOAR) or scripting.
Location: Guadalajara Office
As an equal opportunity employer, we recognize our strength lies in our people and commit to creating an inclusive environment where all can thrive, regardless of race, age, gender orientation, sexual orientation, religion, or disability.
Job Description Disclaimer: This position description provides the major duties/responsibilities, requirements, and working conditions for the position. It is intended to be an accurate reflection of the current position; however, management reserves the right to revise or change as necessary to meet organizational needs. Other responsibilities may be assigned when circumstances require.
This role includes participation in a rotating on-call schedule shared among team members to ensure support coverage outside regular hours. Rotation may be required depending on team needs. We value the “you build it, you own it” principle — on-call participation reflects our commitment to ownership, accountability, and reliability.
Learn more about our WGU Mexico Team by clicking here.
#LI-OM1
This role includes participation in a rotating on-call schedule shared among team members to ensure support coverage outside regular hours. Rotation may be required depending on team needs. We value the “you build it, you own it” principle — on-call participation reflects our commitment to ownership, accountability, and reliability.
Learn more about our WGU Mexico Team by clicking here.