Principal IT Security Analyst (Threat Detection)

If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Job Description

*This opportunity will be on-site in our future Raleigh, NC location*

We're seeking a highly skilled Principal Cybersecurity Analystto be a senior technical leader within our Global Cybersecurity Operations Center (CSOC). In this hands-on role, you'll blend deep technical expertise in detection, response, and threat hunting with strategic leadership to mature our security operations.

You'll lead complex investigations, shape detection engineering initiatives, automate workflows, and act as a mentor to our SOC analysts. This is an opportunity to make a meaningful impact-protecting a global enterprise while advancing CSOC capabilities to defend against evolving cyber threats, including nation-state actors, ransomware, insider threats, and more.

Key Responsibilities

• Incident Response & Threat Hunting

  • Lead high-impact investigations across endpoints, cloud, identity, and SaaS platforms.

  • Hunt for advanced threats using behavioral analytics and threat intelligence.

  • Perform forensic analysis and root cause investigations for complex incidents.

• Detection Engineering & Automation

  • Build and optimize custom detection logic in SIEM, EDR, and network tools.

  • Develop and maintain automated playbooks using SOAR technologies.

  • Partner with engineering and IT to enhance security architecture and telemetry.

• Strategic Leadership

  • Influence CSOC roadmap and detection strategy aligned to business risk.

  • Act as SME on APTs, cybercrime operations, and threat actor tradecraft.

  • Correlate threat intelligence and telemetry to anticipate and disrupt adversary campaigns.

• Team Enablement & Mentorship

  • Coach L1-L3 SOC analysts through training, scenario-based exercises, and case reviews.

  • Set the technical bar for investigations, detections, and documentation standards.

  • Support cross-functional response efforts during critical incidents and executive escalations.

Other Key responsibilities

• Perform threat modelingto anticipate potential attack vectors and inform proactive detection and response strategies.

• Collaborate with security architects and application teams to integrate threat modeling into detection coverage and incident response planning

• Translate threat models into actionable detection rules, hunt hypotheses, and security content development

Qualifications

Minimum Requirements

• 10+ years of experience in cybersecurity with deep expertise in SOC operations, IR, and threat detection.

• Proven ability to lead investigations into APTs, ransomware, and insider threats.

• Proficiency in SIEM (e.g., Splunk, QRadar, Devo), EDR (e.g., CrowdStrike, SentinelOne), IDS/IPS, and threat intel platforms.

• Strong knowledge of Kill Chain, and threat modeling frameworks.

• Familiarity with security automation (Python, PowerShell, or Bash preferred).

• Excellent written and verbal communication skills, including incident documentation and executive briefings.

• Strong time management and prioritization skills in high-pressure environments.

• Master's Degree in IT Security, Computer Science, Engineering or related field

• Equivalent relevant experience performing the essential functions of this job may substitute for education degree requirements. Generally, equivalent relevant experience is defined as 1 year of experience for 1 year of education and is the discretion of the hiring manager.

Preferred Certifications

• One or more: CISSP, GCIH, GCFA, GCFE, OSCP, GNFA, CTIA, CISM, GCIA, GREM.

• Familiarity with SQL for querying and data analysis.

• Knowledge of MITRE ATT&CK

• Experience performing static/dynamic malware analysis and digital forensics.

Job Description Disclaimer: This position description provides the major duties/responsibilities, requirements and working conditions for the position. It is intended to be an accurate reflection of the current position, however management reserves the right to revise or change as necessary to meet organizational needs. Other responsibilities may be assigned when circumstances require.

#LI-aw2

Position & Application Details

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.