Position Details
View All Details Back To Current Job Opportunities Position Closed
IT Security Analyst
| Job Number | Full/Part Time | Schedule | Salary |
|---|---|---|---|
| 29458734 | Full Time | 8AM - 5PM | $81,500 - $150,100 |
Position Information
The IT Security Analyst protects and defends UCR School of Medicine and UCR Health's information technology systems, networks, and data through cyber defense analysis, incident response, and vulnerability assessment and management. This involves analyzing security events and incidents, implementing security controls, configuring and managing security systems, conducting vulnerability scans and assessments, and performing various IT security-related tasks. Identifies anomalous network activity and potential threats to network resources, tracks and documents security incidents from initial detection through final resolution, writes and publishes cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Works with stakeholders to resolve computer security incidents and vulnerability compliance, performs risk and vulnerability assessments of relevant technology focus areas, and makes cybersecurity recommendations to leadership based on relevant threats and vulnerabilities. Must be proactive in identifying potential security threats and vulnerabilities to maintain the security and integrity of institutional information and infrastructure.
The nature of this allows for a hybrid work schedule where the incumbent can work two days onsite in the office and remotely for the other three days of the work week, subject to periodic review and change.
Please note: The interview process will require the candidate to prepare and present a work sample. The interview timeslot will allow for approximately 15 minutes for the candidate to present on a topic or project worked on the past that would be related to this position.
**As a condition of employment, you will be required to comply with the University of California SARS-CoV-2 (COVID-19) Vaccination Program Policy. All Covered Individuals under the policy must provide proof of Full Vaccination or submit a request for Exception (based on Medical Exemption, Disability, and/or Religious Objection) or Deferral (based on pregnancy) no later than the applicable deadline. For new University of California employees, the applicable deadline is ten weeks after their first date of employment. **
The nature of this allows for a hybrid work schedule where the incumbent can work two days onsite in the office and remotely for the other three days of the work week, subject to periodic review and change.
Please note: The interview process will require the candidate to prepare and present a work sample. The interview timeslot will allow for approximately 15 minutes for the candidate to present on a topic or project worked on the past that would be related to this position.
**As a condition of employment, you will be required to comply with the University of California SARS-CoV-2 (COVID-19) Vaccination Program Policy. All Covered Individuals under the policy must provide proof of Full Vaccination or submit a request for Exception (based on Medical Exemption, Disability, and/or Religious Objection) or Deferral (based on pregnancy) no later than the applicable deadline. For new University of California employees, the applicable deadline is ten weeks after their first date of employment. **
Education
Education Requirements
| Degree | Requirement |
|---|---|
| Bachelor's degree in related area and/or equivalent experience/training. | Required |
Licenses
| License | Requirement |
|---|---|
| Must possess or obtain a Valid CA Drivers License in acccordance with the California Department of Motor Vehicles, if driving a university/personal vehicle for university related business | Preferred |
Certifications
| Certification | Requirement |
|---|---|
| Information Security certification such as CEH, CASP+, CISSP, etc. | Preferred |
Conditions
| Condition | Requirement |
|---|---|
| If not already held, will obtain Security+ or above certification within 3 months of appointment date | Required |
Experience
| Experience | Requirement |
|---|---|
| 4 - 7 years of related experience. | Required |
| Experience completing vulnerability scanning and risk assessments | Preferred |
| Experiencing performing log review and analysis | Required |
| Experience conducting security event triage, incident response, and/or digital forensics | Required |
| Experience conducting security risk assessment | Preferred |
| Experience managing security tools | Preferred |
| Related experience in healthcare industry | Preferred |
Special Conditions
| Special Condition | Requirement |
|---|---|
| Must pass a background check. | Required |
| Occasional travel for university related business meetings, conferences and/or professional development. | Required |
| Ability to work periodically outside of Normal Business Hours as assigned. | Required |
| Must be able to participate as part of the on-call rotation schedule for after hours support. | Required |
| Travel Outside of Normal Business Hours | Required |
Minimum Requirements
Ability to follow department processes and procedures.
Experience in incident response and digital forensics including data collection, examination and analysis.
Demonstrated skills applying security controls to computer software and hardware.
Knowledge of computer hardware, software and network security issues and approaches.
Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches.
Basic skill at reading and interpreting security logs.
Knowledge of other areas of IT, department processes and procedures.
Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
Ability to maintain confidentiality.
Experience in incident response and digital forensics including data collection, examination and analysis.
Demonstrated skills applying security controls to computer software and hardware.
Knowledge of computer hardware, software and network security issues and approaches.
Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches.
Basic skill at reading and interpreting security logs.
Knowledge of other areas of IT, department processes and procedures.
Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
Ability to maintain confidentiality.
Preferred Qualifications
Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.
Knowledge and experience in implementation of IT Security frameworks, such as CIS Critical Security Controls, NIST 800-66 rev 2, and/or NIST Cybersecurity Framework.
Demonstrated experience selecting and applying appropriate data encryption technologies.
Skill in reviewing logs to identify evidence of past intrusions.
Skill in using security event correlation tools.
Knowledge of adversarial tactics, techniques, and procedures, different classes of attacks and cyber attack stages, such as protecting a network against malware.
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy and various data privacy and security standards, including of Personal Health Information (PHI)
Knowledge of authentication, authorization, and access control methods including host/network access control mechanisms, network access, identity, and access management, and policy-based and risk adaptive access controls.
Ability to share meaningful insights about the context of an organization?s threat environment that improve its risk management posture.
Knowledge of computer networking concepts and protocols, and network security methodologies and ability to interpret the information collected by network tools and detect host and network-based intrusions using intrusion detection technologies
Knowledge and experience in implementation of IT Security frameworks, such as CIS Critical Security Controls, NIST 800-66 rev 2, and/or NIST Cybersecurity Framework.
Demonstrated experience selecting and applying appropriate data encryption technologies.
Skill in reviewing logs to identify evidence of past intrusions.
Skill in using security event correlation tools.
Knowledge of adversarial tactics, techniques, and procedures, different classes of attacks and cyber attack stages, such as protecting a network against malware.
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy and various data privacy and security standards, including of Personal Health Information (PHI)
Knowledge of authentication, authorization, and access control methods including host/network access control mechanisms, network access, identity, and access management, and policy-based and risk adaptive access controls.
Ability to share meaningful insights about the context of an organization?s threat environment that improve its risk management posture.
Knowledge of computer networking concepts and protocols, and network security methodologies and ability to interpret the information collected by network tools and detect host and network-based intrusions using intrusion detection technologies
Additional Information
In the Heart of Inland Southern California, UC Riverside is located on nearly 1,200 acres near Box Springs Mountain in Southern California; the park-like campus provides convenient access to the vibrant and growing Inland region. The campus is a living laboratory for the exploration of issues critical to growing communities' air, water, energy, transportation, politics, the arts, history, and culture. UCR gives every student, faculty and staff member the resources to explore, engage, imagine and excel.
UC Riverside is recognized as one of the most ethnically diverse research universities in the country boasting several key rankings of which we are extremely proud.
The University of California is an Equal Opportunity/Affirmative Action Employer with a strong institutional commitment to the achievement of excellence and diversity among its faculty and staff. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by law.
For information about our generous employee benefits package, visit: Employee Benefits Overview
UC Riverside is recognized as one of the most ethnically diverse research universities in the country boasting several key rankings of which we are extremely proud.
- UC Riverside is proud to be ranked No. 12 among all U.S. universities, according to Money Magazine's 2020 rankings, and among the top 1 percent of universities worldwide, according to the 2019-20 Center for World University rankings.
- UC Riverside is the top university in the United States for social mobility. - U.S. News 2020
- UCR is a member of the University Innovation Alliance, the leading national coalition of public research universities committed to improving student success for low-income, first-generation, and students of color.
- Among top-tier universities, UC Riverside ranks No. 2 in financial aid. - Business Insider 2019
- Ranked No. 2 in the world for research, UCR's Department of Entomology maintains one of the largest collections of insect specimens the nation. - Center for World University Rankings
- UCR's distinguished faculty boasts 2 Nobel Laureates, and 13 members of the National Academies of Science and Medicine.
The University of California is an Equal Opportunity/Affirmative Action Employer with a strong institutional commitment to the achievement of excellence and diversity among its faculty and staff. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by law.
For information about our generous employee benefits package, visit: Employee Benefits Overview