Senior Cybersecurity Analyst (SY25-26)

REPORTS TO: Chief Technology Officer

POSITION OVERVIEW:

Senior Cybersecurity Analyst resides in the Office of Information and Instructional Technology (OIIT) within the Division of Data Information and Systems Improvement of the Boston Public Schools reporting to the Chief Technology Officer. The Senior Cybersecurity Analyst plays a critical role in safeguarding the districts digital infrastructure ensuring a secure reliable and effective technology environment for students staff and administrators across the K-12 school district. This position is responsible for managing security at both the network perimeter and the end-user device level overseeing content filtering remote access and device management systems. The Senior Cybersecurity Analyst will serve in a senior role within OIIT. The Senior Cybersecurity Analyst will also be responsible for having an advanced-level knowledge of Cybersecurity Frameworks Tools Attack Vectors and Prevention and Remediation Methods.

RESPONSIBILITIES:

Network and Endpoint Security Management

• Design implement and maintain security policies standards and procedures for the districts network and end-user devices.
• Monitor security systems for threats vulnerabilities and incidents. Respond to and resolve all detected security events promptly and effectively.
• Manage and configure firewalls intrusion detection/prevention systems (IDS/IPS) and other network security appliances.
• Oversee antivirus/anti-malware solutions and endpoint detection and response (EDR) tools on all managed devices.

Remote Access and Zero Trust Framework

• Manage configure and maintain the secure remote access infrastructure adhering strictly to the Zero Trust Architecture (ZTA) / Zero Trust Framework principles.
• Implement and enforce Never Trust Always Verify policies requiring continuous risk-based verification for every user and device accessing district resources.
• Replace or augment traditional VPN functionality with solutions that provide granular least-privilege access (Zero Trust Network Access - ZTNA) ensuring users and devices connect only to the specific applications or resources necessary for their role.
• Mandate and manage Multi-Factor Authentication (MFA) for our users especially for all remote access and key administrative systems
• Develop document and automate clear procedures for the provisioning continuous monitoring and secure revocation of remote access based on user role and device posture.
• Monitor and validate the security posture and compliance of all connecting endpoints (e.g. up-to-date patches EDR/AV status) before granting access.

Content Filtering and Compliance

• Administer configure and fine-tune the districts enterprise-level content filtering platform (DNS-based proxy or cloud-based).
• Ensure the content filtering solution is continuously maintained and compliant with the Childrens Internet Protection Act (CIPA) and all other federal state and district-specific acceptable use policies for students and staff.
• Develop and manage granular filtering rules (category keyword and URL-based) that balance security with necessary educational access and instructional needs.
• Manage the process for reviewing and responding to user requests for website unblocking or categorization adjustments ensuring a quick turnaround for instructional continuity.
• Monitor analyze and generate detailed compliance and usage reports on internet activity identifying trends potential policy violations and high-risk usage patterns.
• Work collaboratively with educational technology staff to test and validate filtering policies on various district devices and grade levels.

Device Management (MDM/UEM)

• Administer the Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platform for all district-owned devices (e.g. Chromebooks laptops tablets and desktops).
• Perform secure device provisioning configuration deployment and lifecycle management.
• Ensure all endpoints are properly patched configured with mandated security controls and inventoried.
• Collaboration and partnership with the City of Bostons Cybersecurity and I.T. teams
• Other duties as assigned

Qualifications - Required:

• Bachelors degree in Cybersecurity Information Technology Computer Science Information Systems or a closely related field.
• Five (5) or more years of progressively responsible experience in cybersecurity information security or IT security operations including experience in a senior or lead technical role.
• Demonstrated hands-on experience securing both network infrastructure and end-user devices including:
• Firewalls and network security appliances.
• Endpoint protection and endpoint detection and response (EDR) tools
• Antivirus and anti-malware solutions
• Experience monitoring investigating and responding to cybersecurity incidents threats and vulnerabilities using security monitoring tools and established response procedures.
• Strong working knowledge of Zero Trust Architecture (ZTA) concepts including identity-based access least-privilege access and continuous verification.
• Experience managing secure remote access technologies including multi-factor authentication (MFA) endpoint posture validation and role-based access controls.
• Experience administering and maintaining enterprise-level content filtering solutions including configuration policy enforcement reporting and compliance monitoring.
• Knowledge of Childrens Internet Protection Act (CIPA) requirements and experience supporting compliance through technical controls and reporting.
• Experience administering Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platforms for large device fleets (e.g. Chromebooks laptops tablets desktops).
• Ability to develop document and enforce cybersecurity policies standards procedures and technical controls.
• Strong analytical troubleshooting documentation and communication skills with the ability to translate technical security issues into clear guidance for non-technical stakeholders.

Qualifications - Preferred:

• Masters degree in Cybersecurity Information Assurance Risk Management Public Administration or a related field.
• Experience working in a K12 school district higher education or public-sector environment particularly in large distributed organizations.
• Advanced experience implementing or operating Zero Trust Network Access (ZTNA) solutions or modern VPN alternatives.
• Familiarity with cybersecurity frameworks and standards including:
• NIST Cybersecurity Framework (CSF)
• CIS Critical Security Controls
• Zero Trust maturity models
• Experience generating and analyzing security compliance and usage reports to identify trends risks and policy violations.
• Experience collaborating with instructional technology educational technology or academic stakeholders to balance security requirements with instructional access.
• Professional cybersecurity certifications such as CISSP GIAC CEH CySA Security or equivalent or the ability to obtain certification within a specified period.
• Experience mentoring staff serving as a senior technical escalation point or providing cybersecurity guidance across teams.

Terms: Managerial C52 ($116738)

The Boston Public Schools in accordance with its nondiscrimination policies does not discriminate on the basis of race color age criminal record physical or mental disability pregnancy or pregnancy-related conditions homelessness sex/gender gender identity religion national origin ancestry sexual orientation genetics natural or protective hairstyle military status immigration status English language proficiency or any other factor prohibited by law in its programs and activities. BPS does not tolerate any form of retaliation or bias-based intimidation threat or harassment that demeans individuals dignity or interferes with their ability to work or learn. If you require an accommodation pursuant to the ADA for the application process please contact the Accommodations Unit at

Required Experience:

Senior IC