ABOUT THE JOB

The ACLU seeks applicants for the full-time position of Security Operations Analyst in the Information Security Department of the ACLU’s National office in New York, NY. This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month.

The ACLU’s Information Security Department works to protect the confidentiality, integrity, and availability of the ACLU’s digital systems, data, and communications. We collaborate across departments and affiliates to defend against cybersecurity threats, reduce risk, and foster a culture of security awareness. Our mission is to ensure that the ACLU can continue its critical work safeguarding rights and liberties, without compromise, in an increasingly complex and hostile digital landscape.

WHAT YOU’LL DO 

Reporting directly to the Chief Information Security Officer (CISO), this role is critical in strengthening our cybersecurity posture through resilient and adaptive security operations. The Security Operations Analyst will play a key role in detection visibility, incident response, insider threat management, and operational resilience. You will have hands-on responsibility for operating, enhancing, and monitoring a diverse tool stack. Additionally, this role will participate in selecting and managing Tier 1 managed SOC providers to ensure comprehensive monitoring and rapid response capabilities.

YOUR DAY TO DAY

• Operate and manage detection platforms, including SIEM and XDR, to ensure visibility across the environment
• Collaborate with other technology teams to optimize logging and monitoring configurations, supporting detection engineering initiatives
• Develop and maintain custom detection rules and playbooks to enhance detection capabilities and streamline incident response
• Lead initial triage, containment, and investigation of security incidents. Utilize forensics and attack reconstruction techniques to assess and mitigate threats
• Collaborate with cross-functional teams on crisis readiness exercises, containment strategies, and ongoing incident handling
• Implement and maintain tools and strategies to identify potential insider threats
• Work with other security team members to monitor, assess, and respond to suspicious behavior patterns
• Support operational resilience efforts, including backup and recovery validation, business continuity planning (BCP), and disaster recovery (DR) simulations
• Ensure secure failover capabilities and support regular testing of backup systems and DR processes
• Integrate threat intelligence feeds and participate in threat hunting activities to proactively identify and mitigate risks
• Collaborate with the cross-functional teams to ensure timely threat integration and con-textual threat analysis within SIEM and related platforms
• Manage and optimize prevention, detection, and response capabilities in the ACLU’s security stack
• Ensure continuous telemetry from tools into SIEM for unified visibility
• Participate in the evaluation, selection, and management of Tier 1 managed SOC providers, ensuring alignment with ACLU security goals and effective oversight of SOC activities
• Act as a liaison between the managed SOC and the ACLU’s internal security team to maintain high standards of threat monitoring and response

FUTURE ACLU’ERS WILL 

• Be committed to advancing the mission of the ACLU
• Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
• Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts

WHAT YOU’LL BRING

• Significant experience in a security operations role with hands-on experience in detection and response, incident handling, or SOC environments
• Experience selecting, managing, or coordinating with Tier 1 managed SOC providers is highly preferred
• Proficiency in Microsoft Sentinel and experience with security tool integrations
• Familiarity with common Palo Alto, Microsoft, and AWS security tool stacks
• Knowledge of Network Security Groups (NSGs), firewall rules, and segmentation best practices
• Strong understanding of threat intelligence integration, threat hunting, and advanced detection engineering practices
• Strong analytical skills with the ability to triage, contain, and respond to incidents effectively
• Excellent communication and collaboration skills, with experience working cross-functionally
• Ability to work independently and proactively within a high-stakes environment, managing multiple priorities

COMPENSATION

WHY THE ACLU

For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it’s ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.

We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being. 

At the ACLU, we offer a broad range of benefits, which include:

• Time away to focus on the things that matter with a generous paid time-off policy
• Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
• Plan for your retirement with 401k plan and employer match
• We support employee growth and development through annual professional development funds, internal professional development programs and workshops

OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION

Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change.  We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we’re in the courts or in the office, we believe ‘We the People’ means all of us.

With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.    

The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email [email protected]. If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.

The Department of Education has determined that employment in this position at the ACLU does not qualify for the Public Service Loan Forgiveness Program.