General Information
Job Description | IT SECURITY ANL 2 | Working Title | Security Analyst |
---|---|---|---|
Job Code | 007337 | Grade | 21 |
Department Name | SOM Compliance - D02010 | Department Head | |
Supervisor | Effective Date |
Position(s) Directly Supervised
Job Code | Title | FTE |
---|
Generic Scope
Professional who applies acquired job skills, policies, and procedures to complete substantive assignments/projects/tasks of moderate scope and complexity; exercises judgment within defined guidelines and practices to determine appropriate action. |
Custom Scope
Applies moderately complex IT security concepts, campus, medical center or Office of the President policies and procedures to resolve a variety of IT security problems. Works on IT security problems and projects of moderate scope where analysis of situations or data requires a review of a variety of factors. |
Department Custom Scope
The IT Security Analyst is responsible for monitoring, detecting, protecting, and maintaining the security of data, systems, and networks for the UCR School of Medicine and UCR Health. The IT Security Analyst will apply complex security policies and configurations to hardware, software, and networks. In doing so, this position will help maintain the confidentiality, integrity, and availability of institutional data needed to perform research, teaching and clinical activities. As a member of the information security team this person will also be involved with security event investigations. The individual also works closely with the IT teams to troubleshoot and resolve problems due to a security controls. Plans, configures, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data, systems and networks. Utilize automated vulnerability and compliance scanning tools to report, identify, and track assets and vulnerabilities throughout the systems lifecycle. |
Education & Experience Requirements
Education Requirements
Degree | Requirement |
---|---|
Bachelor's degree in related area and/or equivalent experience/training. | Required |
Experience Requirements
Experience | Requirement |
---|
License Requirements
Certification Requirements
Certification | Requirement |
---|---|
Information Security certification such as CYSA+, GSEC, CEH, CCSFP, etc. | Preferred |
Educational Condition Requirements
Condition | Requirement |
---|
Key Responsibilities
Description | % Time |
---|---|
Implements moderately complex security controls to prevent unauthorized access or changes to campus, medical center or Office of the President information, hardware, software and/or network infrastructure. Researches and analyzes attempted efforts to compromise security protocols and reports findings to higher-level IT Security Analysts. Reviews logs and classifies events. | 20 |
Applies and may configure and maintain security systems, administers security configurations to control access to systems and applies appropriate encryption methods.
|
20 |
Assists with the collection, examination and analysis of information regarding the causes and effects of security incidents. Applies professional IT security concepts, departmental and campus, medical center or Office of the President policies and procedures to respond to and appropriately escalate IT security incidents. | 30 |
Performs vulnerability scans and assessments to proactively identify risk and drive remediation. Analyzes vulnerability data, remediation requirements, and risk levels. Interface with business units and IT stakeholders to identify and understand vulnerabilities and remediation requirements. Provides and acts as point of contact for managing and creating detailed and summarized vulnerability reports, and also remediation reports for IT stakeholders and management. | 20 |
Additional security related tasks as assigned. | 10 |
Knowledge, Skills & Abilities
Knowledge/Skill/Ability | Requirement |
---|---|
Basic skill at reading and interpreting security logs. | Required |
Ability to follow department processes and procedures. | Required |
Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. | Required |
Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches. | Required |
Knowledge of other areas of IT, department processes and procedures. | Required |
Demonstrated skills applying security controls to computer software and hardware. | Required |
Basic knowledge of incident response procedures. | Required |
Knowledge and implementation of IT Security fundamentals including the CIS Critical Security Controls (20CSC) and NIST Cybersecurity Framework. | Required |
Special Requirements & Conditions
Special Condition | Requirement |
---|---|
Must pass a background check. | Required |
Occasional travel to various SOM sites. | Required |
Other Special Requirements & Conditions
|
Level of Supervision Received
Supervision |
Environment
Working Environment
UC Intellicenter |
Other Requirements
Items Used
|
Physical Requirements
|
Mental Requirements
|
Environmental Requirements
|
Critical Position
Is Critical Position: No |