IT Security Analyst

About Sandy Hook Promise  

Sandy Hook Promise (SHP) envisions a future where all children are free from school shootings and other acts of violence. As a national nonprofit organization, SHP’s mission is to educate and empower youth and adults to prevent violence in schools, homes, and communities. Creators of the lifesaving, evidence-informed Know the Signs prevention programs, SHP teaches the warning signs of someone who may be in crisis, socially isolated, or at-risk of hurting themselves or others and how to get help. SHP also advances school safety, youth mental health, and responsible gun ownership at the state and federal levels through nonpartisan policy and partnerships.    
 
SHP is led by several family members whose loved ones were killed in the tragic mass shooting at Sandy Hook Elementary School on December 14, 2012.    

Commitment to Belonging, Community, Engagement, and Respect  

SHP strives to ensure its culture and work environment reflect the values of belonging, community, engagement and respect.  We actively seek to understand and respond to the diverse perspectives and lived experiences of individuals across socioeconomic backgrounds, rural and urban communities, and diversity of thought, in addition to traditional protected categories. We are committed to ensuring that every SHP employee feels heard, valued, and a true sense of belonging.  SHP encourages individuals who share our commitment to these core values and to our mission to apply.   

Location 
We are a U.S. based organization and most of our staff work remotely. 

About the Role 

We are seeking a proactive and detail-oriented IT Security Analyst with strong expertise in Microsoft security and compliance tools. This role will be instrumental in hardening our cloud-first environment, monitoring for threats, and advancing our prevention and detection capabilities. 

The Security Analyst is responsible for protecting organizational data and systems by implementing, monitoring, and enhancing cybersecurity controls across Microsoft 365, Salesforce, and other cloud platforms. The role focuses on threat detection, incident response, and regulatory compliance, aligned with Zero Trust principles and industry best practices. Working closely with IT and Operations teams, the analyst manages endpoint security, conducts risk assessments, and ensures secure configurations to support a fully remote workforce. 

The ideal candidate is collaborative, analytical, and motivated by the mission-driven challenges of securing a nonprofit organization operating in a dynamic and distributed environment. 

Job Responsibilities   

• Lead Cybersecurity Strategy & Governance: Develop and execute a comprehensive security roadmap aligned with Zero-Trust principles, organizational goals, and regulatory frameworks (CIS, NIST, ISO 27001, GDPR, HIPAA, PCI DSS). 
• Risk Management & Compliance: Maintain the enterprise risk register, conduct periodic risk assessments, and oversee remediation of identified vulnerabilities to strengthen resilience. 
• Cloud & SaaS Security Oversight: Harden and manage Microsoft 365 tenant security (MFA, conditional access, DLP, encryption, data residency) and perform ongoing security reviews of third-party SaaS vendors and integrations (e.g., Salesforce). 
• Endpoint & Remote Workforce Protection: Ensure secure device configurations, patch management, and endpoint compliance across a fully remote workforce. 
• Threat Detection & Incident Response: Monitor, investigate, and respond to security alerts using Microsoft Sentinel and Defender; conduct root-cause analyses and coordinate cross-functional incident response and recovery. 
• Vulnerability & Threat Management: Lead proactive testing (penetration, vulnerability, phishing simulations) and maintain continuous threat-intelligence monitoring. 
• Security Architecture & Continuity Planning: Support data-protection, backup, and recovery strategies; participate in business-continuity and disaster-recovery planning and exercises. 
• Policy, Documentation & Reporting: Maintain audit-ready security documentation; generate dashboards and KPIs that measure security posture, compliance, and incident trends. 
• Training & Awareness: Develop and deliver cybersecurity training programs to promote a security-first culture and reduce organizational risk through education. 
• Collaboration & Advisory Support: Partner with IT, Programs, and Operations to embed security in project design and technology adoption; advise on security implications of new initiatives. 
• Other duties as identified given organizational needs. 

Qualifications   

Required 

• A commitment to SHP’s mission and values. 
• 3+ years of experience in IT security, cybersecurity operations, or related roles. 
• Hands-on experience with Microsoft security tools (Defender, Sentinel, Intune, Entra ID/Azure AD, Purview). 
• Strong understanding of identity management, endpoint protection, threat detection, and incident response. 
• Familiarity with compliance frameworks (CIS Controls, ISO 27001, or similar). 
• Excellent analytical and problem-solving skills; ability to communicate technical issues to non-technical audiences. 

Preferred 

• Microsoft certifications such as SC-200 (Security Operations Analyst Associate), SC-300 (Identity & Access Administrator), AZ-500 (Security Engineer Associate), or MS-500 (Security Administrator). 
• Experience supporting cybersecurity in nonprofit or resource-constrained environments. 
• Knowledge of PowerShell scripting, KQL (Kusto Query Language), or automation in Microsoft Sentinel. 
• Experience with vendor security assessments and SaaS risk management.         

Benefits and Salary Range  

The salary range for this position is $80,000 - $90,000 

(SHP follows a strict internal rubric to help guide salary placement and ensure equitable pay amongst new hires and current staff. New hires should expect to be brought on at the start of the range [$80,000], except in extenuating circumstances.)  

• SHP offers a competitive benefits package, including: 
  • Unlimited PTO 
  • Flexible schedules 
  • Paid holidays and 10 days sick leave 
  • Paid parental leave 
  • Health, dental, and vision 
  • Employer paid life insurance and short- and long-term disability 
  • 401k match 
  • Professional development stipend 
  • Wellness & mental health support 
  • Employer Paid Employee Assistance Program. 

Our organization operates within a distributed workforce, allowing for location flexibility across the country for most positions. We provide remote office support for all staff, which includes a laptop, home office reimbursement, monthly Wi-Fi reimbursement up to $40, and monthly cell phone reimbursement up to $50.   

Additional Instructions  

• Internal applicants and SHP Volunteers have until October 21, 2025, to submit their application. Please email HR + TA once you have applied.   
• All other applicants have until November 7, 2025, to apply.  

Equal Opportunity Employment  

SHP is proud to be an equal opportunity employer. We strive to be an employer of choice: where a diverse mix of talented people want to come and do their best work. SHP does not make employment-related decisions based on race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status, or any other protected characteristic. We are focused on promoting multiculturalism and inclusion so that all SHP employees feel valued and respected. We believe deeply that a diverse workforce comprised of people of all beliefs, backgrounds, and life experiences who seek to prevent gun violence and stop the tragic loss of life will make SHP a stronger, more effective organization.