IT Security Analyst

IT Security Analyst
*must be based in the U.S.*About Sandy Hook Promise
Sandy Hook Promise (SHP) envisions a future where all children are free from school shootings and other acts of violence. As a national nonprofit organization, SHP’s mission is to educate and empower youth and adults to prevent violence in schools, homes, and communities. Creators of the lifesaving, evidence-informed Know the Signs prevention programs, SHP teaches the warning signs of someone who may be in crisis, socially isolated, or at-risk of hurting themselves or others and how to get help. SHP also advances school safety, youth mental health, and responsible gun ownership at the state and federal levels through nonpartisan policy and partnerships.

SHP is led by several family members whose loved ones were killed in the tragic mass shooting at Sandy Hook Elementary School on December 14, 2012. 

Commitment to Belonging, Community, Engagement, and Respect 
SHP strives to ensure its culture and work environment reflect the values of belonging, community, engagement and respect. We actively seek to understand and respond to the diverse perspectives and lived experiences of individuals across socioeconomic backgrounds, rural and urban communities, and diversity of thought, in addition to traditional protected categories. We are committed to ensuring that every SHP employee feels heard, valued, and a true sense of belonging. SHP encourages individuals who share our commitment to these core values and to our mission to apply.  

Location
We are a U.S.-based organization, and most staff work remotely nationwide.

About the Role
We are seeking a proactive and detail-oriented IT Security Analyst with strong expertise in Microsoft security and compliance tools. This role will be instrumental in hardening our cloud-first environment, monitoring for threats, and advancing our prevention and detection capabilities.

The Security Analyst is responsible for protecting organizational data and systems by implementing, monitoring, and enhancing cybersecurity controls across Microsoft 365, Salesforce, and other cloud platforms. The role focuses on threat detection, incident response, and regulatory compliance, aligned with Zero Trust principles and industry best practices. Working closely with IT and Operations teams, the analyst manages endpoint security, conducts risk assessments, and ensures secure configurations to support a fully remote workforce.

The ideal candidate is collaborative, analytical, and motivated by the mission-driven challenges of securing a nonprofit organization operating in a dynamic and distributed environment

Job Responsibilities Include (but are not limited to)

• Lead Cybersecurity Strategy & Governance: Develop and execute a comprehensive security roadmap aligned with Zero-Trust principles, organizational goals, and regulatory frameworks (CIS, NIST, ISO 27001, GDPR, HIPAA, PCI DSS).
• Risk Management & Compliance: Maintain the enterprise risk register, conduct periodic risk assessments, and oversee remediation of identified vulnerabilities to strengthen resilience.
• Cloud & SaaS Security Oversight: Harden and manage Microsoft 365 tenant security (MFA, conditional access, DLP, encryption, data residency) and perform ongoing security reviews of third-party SaaS vendors and integrations (e.g., Salesforce).
• Endpoint & Remote Workforce Protection: Ensure secure device configurations, patch management, and endpoint compliance across a fully remote workforce.
• Threat Detection & Incident Response: Monitor, investigate, and respond to security alerts using Microsoft Sentinel and Defender; conduct root-cause analyses and coordinate cross-functional incident response and recovery.
• Vulnerability & Threat Management: Lead proactive testing (penetration, vulnerability, phishing simulations) and maintain continuous threat-intelligence monitoring.
• Security Architecture & Continuity Planning: Support data-protection, backup, and recovery strategies; participate in business-continuity and disaster-recovery planning and exercises.
• Policy, Documentation & Reporting: Maintain audit-ready security documentation; generate dashboards and KPIs that measure security posture, compliance, and incident trends.
• Training & Awareness: Develop and deliver cybersecurity training programs to promote a security-first culture and reduce organizational risk through education.
• Collaboration & Advisory Support: Partner with IT, Programs, and Operations to embed security in project design and technology adoption; advise on security implications of new initiatives.
• A commitment to SHP's vision and values.
• Other duties identified as organizational needs.

Desired Skills and Experience

• 3+ years of experience in IT security, cybersecurity operations, or related roles.
• Hands-on experience with Microsoft security tools (Defender, Sentinel, Intune, Entra ID/Azure AD, Purview).
• Strong understanding of identity management, endpoint protection, threat detection, and incident response.
• Familiarity with compliance frameworks (CIS Controls, ISO 27001, or similar).
• Excellent analytical and problem-solving skills; ability to communicate technical issues to non-technical audiences.
  • Microsoft certifications:
    • SC-200 (Microsoft Certified: Security Operations Analyst Associate),
    • SC-300 (Microsoft Certified: Identity and Access Administrator Associate)
    • SC-401 (Microsoft Certified: Information Security Administrator Associate)
• Preferred
  • MS-102 (Microsoft 365 Certified: Administrator Expert)
  • Experience supporting cybersecurity in nonprofit or resource-constrained environments.
  • Knowledge of PowerShell scripting, KQL (Kusto Query Language), or automation in Microsoft Sentinel.
  • Experience with vendor security assessments and SaaS risk management.  

Benefits and Salary Range
The salary range for this position is $80,000-$90,000.
SHP uses a structured internal rubric to guide salary placement and ensure equitable pay. Typically, new hires are placed at the start of the salary range to ensure equity with current employees, and as a practice, we do not negotiate salaries.

• SHP offers a competitive benefits package, including:
  • Unlimited PTO
  • Flexible schedules
  • Paid holidays and10 days sick leave
  • Paid parental leave
  • Health, dental, and vision
  • Employer paid life insurance and short- and long-term disability
  • 401k match
  • Professional development stipend
  • Wellness & mental health support
  • Employer Paid Employee Assistance Program.

Our organization operates within a distributed workforce, allowing for location flexibility across the country for most positions. We provide remote office support for all staff, which includes a laptop, home office reimbursement, monthly Wi-Fi reimbursement up to $40, and monthly cell phone reimbursement up to $50.

Additional Instructions

• SHP Staff and Volunteers have until Tuesday, May 5, 2026, to submit an application. Please contact Talent Acquisition and HR once you have applied.
• All interested applicants are welcome to apply by Monday, June 1, 2026. Cover letter must be included.
  • The job listing may be taken down early if application volume becomes high.
  • Please note: applicants must be based in the U.S. Thank you!

Equal Opportunity Employment 
SHP is proud to be an equal opportunity employer. We strive to be an employer of choice: where a diverse mix of talented people want to come and do their best work. SHP does not make employment related decisions based on race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status, or any other protected characteristic. We are focused on promoting multiculturalism and inclusion so that all SHP employees feel valued and respected. We believe deeply that a diverse workforce comprised of people of all beliefs, backgrounds, and life experiences who seek to prevent gun violence and stop the tragic loss of life will make SHP a stronger, more effective organization.