Information Security Analyst

Benefits of Belonging

There is a reason UCSB has been named the Best Place to Work by our local media for several years running. Whether our employees are on our stunning campus, or working remotely or hybrid they tell us they value the flexibility, stability and rich benefits we offer. Come join us as we support the mission of one of the finest public institutions in the nation. UC Santa Barbara is consistently recognized for excellence across broad fields of study. Set alongside the glorious California coast, our dynamic environment inspires scholarly ambition and creativity. Information Technology Services (ITS), the Campus' central IT unit, contributes to UC Santa Barbara's mission of research, teaching, and community service by partnering with the Campus community to efficiently deliver IT infrastructure and enterprise application services to faculty, students, staff, and affiliates. Join us in supporting the technology making world class research possible!

Working at UC means being part of this vibrant institution that shines a light on what is possible. People make UC great, and UC recognizes your contributions by making this a great place to work. Excellent retirement and health are just one of the rewards. Learn more about the benefits of working at UC

Summary of Job Duties

This position works as a campus Security Operations team member in Information Technology Services' Information Assurance and Cybersecurity unit. Primary responsibility involves monitoring, detecting, protecting, and maintaining the security of data, systems, and networks. Plans, configures, designs, develops, implements, and maintains tools, systems, and procedures to ensure the integrity, reliability, and security of data, systems, and networks.

Support of campus security operations:

Identify/Protect:

• Support of campus vulnerability management program - maintain network and application scans, software scans, attack surface management tools, and asset management tools. Routinely monitor security industry communications and new vulnerability reports. Send out relevant campus-wide notifications for commonly used software and systems.
• Management, deployment, and support of software supporting campus security initiatives (vulnerability management, asset management/visibility, endpoint detection and response, SSL certificate management, VPN services).
• Act as backup for Network Firewall Engineer in implementing security policies and troubleshooting connectivity issues for systems behind firewalls.
• Develop metrics and reporting to provide insight into the security program's effectiveness.

Detect/Respond:

• Triage/response of general security reports and inquiries (phishing/spam reports, credential compromise, system compromise) and other third-party reports.
• Alert triage/response from network and endpoint detection tools, firewall logs, authentication logs, and cloud logs.
• Management and support of threat intelligence platform and collaboration with hybrid SOC and security services provider to support systemwide threat detection and identification program.

Respond:

• Participation in the campus Incident Response team as needed.
• Lead ad-hoc Incident Response teams. Identify and enlist necessary security response team members.
• Ensure consistent and efficient communication and documentation of incident response.
• Report security incidents to campus CISO.

Recover:

• Provide assistance and support to departmental recovery efforts after system or network compromise.

We are hiring two positions with overlapping primary responsibilities; however, each position will have a different specialty/focus:

1) Unified Asset and Vulnerability Management lead: Primary responsibility for managing, supporting, and maintaining processes around providing centralized visibility and tooling for asset management and vulnerability management to distributed IT providers/partners on campus.

or

2) Security Event/Log Management lead: Primary responsibility for developing, maintaining, and supporting the visibility of Security Information and Event Monitoring (SIEM) systems and access to centralized logs across campus for usage by the Security Operations team to detect and respond to threats and incidents. Maintenance of log sources, rulesets and automations to support critical use cases. Development of threat hunting activities.

Required Qualifications

• Bachelor's Degree in a related area and/or equivalent experience/training.
• 1-3 years of experience in cybersecurity or IT/infrastructure operations.
• Ability to quickly learn new or unfamiliar technologies and products, independently using documentation and online resources.
• Ability to work collaboratively with multiple distributed departments and IT support providers across campus.
• Strong oral communication, written communication, and presentation skills.
• Understanding of the OSI networking model.

Preferred Qualifications

• Familiarity with vulnerability management systems, and/or intrusion detection/prevention systems, and/or endpoint detection and response systems .

and/or

• Familiarity with centralized log solutions and security information and event monitoring systems (SIEM).

Two or more of the following:

• Understanding of network traffic analysis, endpoint log analysis, remote access methods and systems, stateful inspection firewalls, encryption, authentication and authorization technology.
• Knowledge of information security principles and technology.
• Knowledge of cybersecurity models- NIST Cyber Security Framework, NIST 800-171, the Cyber Kill Chain, and MITRE ATT&CK Framework.
• Knowledge of cloud computing (AWS, GCP, and/or Azure) security concepts.

Special Conditions of Employment

• UCSB is a Tobacco-Free environment
• Satisfactory completion of a conviction history background check

Job Functions/Percentage of Time/Duties

Campus Security Operations Support 70% - Triage/response of general security reports and inquiries (phishing/spam reports, credential compromise, system compromise) and other third-party reports. Alert triage/response from network and endpoint detection tools, firewall logs, authentication logs, and cloud logs. Management and support of threat intelligence platform and collaboration with hybrid SOC and security services provider to support systemwide threat detection and identification program. Support of campus vulnerability management program - maintain network and application scans, software scans, attack surface management tools, and asset management tools. Routinely monitor security industry communications and new vulnerability reports. Send out relevant campus notifications for commonly used software and systems. Management, deployment, and support of software supporting campus security initiatives (vulnerability management, intrusion detection, endpoint detection and response, SSL certificate management, VPN services) Act as backup for Network Firewall Engineer in implementing security policies and troubleshooting connectivity issues for systems behind firewalls. Develop metrics and reporting to provide insight into the security program's effectiveness. Participate in the campus Incident Response team as needed. Lead ad-hoc Incident Response teams. Identify and enlist necessary security response team members. Ensure consistent and efficient communication and documentation of incident response. Report security incidents to campus CISO. Provide technical assistance and support to departmental recovery efforts after system or network compromise.

Communication and Leadership 15% - Support the development of security education materials for end users. Be an active and contributing member of the campus IT community. Be an enthusiastic advocate of information security. Participate in project teams, committees, and policy development. Lead committees appropriate to area of expertise.

Continuing Education 15% - Keep up-to-date on information security operations and technologies. Achieve and maintain Security certification. Take courses for professional development and additional certifications as appropriate.

Vaccinations Programs - Including SARS-COV-2 (COVID-19)

As a condition of employment, you will be required to comply with the University of California Policy on Vaccinations Programs - With Interim Amendments. As a condition of Physical Presence at a Location or in a University Program, all Covered Individuals must participate in any applicable Vaccination Program by providing proof that they are Up-to-Date with any required Vaccines or submitting a request for Exception in a Mandate Program or properly declining vaccination in an Opt-Out Program no later than the Compliance Date (Capitalized terms in this paragraph are defined in the policy.). Federal, state, or local public health directives may impose additional requirements.

For more information, please visit:

* UC Santa Barbara COVID-19 Information

* University of California Policy on Vaccinations - With Interim Amendments

* August 5, 2021 California Department of Public Health (CDPH) Order (Heath Care Worker Vaccine Requirement)

*Covered Individuals: A Covered Individual includes anyone designated as Personnel, Students, or Trainees under this Policy who physically access a University Facility or Program in connection with their employment, appointment, or education/training. A person accessing a Healthcare Location as a patient, or an art, athletics, entertainment, or other publicly accessible venue at a Location as a member of the public, is not a Covered Individual.

Equal Opportunity/Affirmative Action Statement

The University of California is an Equal Opportunity/Affirmative Action Employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Reasonable Accommodations

The University of California endeavors to make the UCSB Job site (https://jobs.ucsb.edu) accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Katherine Abad in Human Resources at 805-893-4664 or email katherine.abad@hr.ucsb.edu. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Privacy Notification Statement

Privacy Notification Statement and Notice of Availability of the UCSB Annual Security Report Disclosures

Payroll Title: IT Security Analyst 3

Job Code: 7338

Job Open Date: 12/01/23

Application Review Begins: 12/18/23; open until filled

Department Code (Name): ISEC (Information Technology Services)

Percentage of Time: 100%

Union Code (Name): 99 Non-Represented

Employee Class (Appointment Type): Staff (Career)

FLSA Status: Exempt

Classified Indicator (Personnel Program): PSS

Salary Grade: Grade 23

Work Location: SAASB, 4th Floor

Working Days and Hours: M-F; 8am - 5pm

Benefits Eligibility: Full Benefits

Type of Remote or Hybrid Work Arrangement, if applicable: Remote, Hybrid

Budgeted/Hiring Salary Range: $92,710 - $117,000/yr.

Full Salary Range: Salary offers are determined based on final candidate qualifications and experience; the budget for the position; and the application of fair, equitable, and consistent pay practices at the University. The full salary range for the position is $82,300 to $151,700/yr. The budgeted salary range that the University reasonably expects to pay for this position is $92,710 to $117,000/yr.

Special Instructions

For full consideration, please include a resume and a cover letter as part of your application.