Job Number: 27464154 Full/Part Time: Full Time Schedule: 8AM - 5PM Salary: $61,800 - $97,950
Position Information This position is designated as a Career Ladder recruitment, which means the hiring department can recruit and fill this role at different levels within the position classification series. Therefore, this position is currently posted as IT Security Anl 2 (recruitment #27464154) and IT Security Anl 3 (recruitment #27469967). Applicants are encouraged to review both positions to determine the best match to your skills. All applicants will be assessed based on the minimum requirements for the recruitment for which they applied.
Under supervision of the Information Security Officer, the IT Security Analyst is responsible for assisting with monitoring, detecting, protecting, and maintaining the security of data, systems, and networks for the UCR School of Medicine and UCR Health. Helps maintain the confidentiality, integrity, and availability of institutional information by applying routine/moderately complex security policies and configurations. Performs routine monitoring, audits of, and ongoing risk assessment of security databases including IA&M, Anti-Virus, Network, DLP, Group Policy, and other security logging systems. Assists with Investigating, analyzing, and responding to immediate and potential threats, using mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Utilizes automated vulnerability and compliance scanning tools to report, identify, and track assets and vulnerabilities throughout the systems lifecycle. Under supervision of the Information Security Officer, assists with planning, configuring, designing, developing, implementing and maintaining tools, systems, and procedures to ensure the integrity, reliability, and security of data, systems, and networks. Maintains service standards while working with constituents to resolve issues related to security controls.
**As a condition of employment, you will be required to comply with the University of California SARS-CoV-2 (COVID-19) Vaccination Program Policy. All Covered Individuals under the policy must provide proof of Full Vaccination or, if applicable, submit a request for Exception (based on Medical Exemption, Disability, and/or Religious Objection) or Deferral (based on pregnancy) no later than the applicable deadline. For new University of California employees, the applicable deadline is eight weeks after their first date of employment. **
Education Education Requirements Degree Requirement Bachelor's degree in related area and/or equivalent experience/training. Required
Licenses License Requirement Must possess or obtain a Valid CA Drivers License in accordance with the California Department of Motor Vehicles, if driving a university/personal vehicle for university related business. Preferred
Certifications Certification Requirement Information Security certification such as Security+, CYSA+, GSEC, CEH, etc. Preferred
Conditions Condition Requirement If not already held, will obtain Security+ or equivalent certification within 3 months of hire. Required
Experience Requirement 2 - 4 years of related experience. Required Experience performing network and application vulnerability scanning. Required Experience completing vulnerability scanning and risk assessments. Preferred Experience performing log review and analysis. Preferred Experience conducting security event triage and/or incident response Preferred Related experience in healthcare industry. Preferred
Requirement Must pass a background check. Required Appointment may require submission of work sample and/or skills assessment. Preferred Overtime Required Occasional travel for university related business meetings, conferences and/or professional development. Required
Preferred Qualifications Basic skill at reading and interpreting security logs. Knowledge of other areas of IT, department processes and procedures. Demonstrated skills applying security controls to computer software and hardware. Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches. Ability to follow department processes and procedures. Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Basic knowledge of incident response procedures.
Additional Information Knowledge and experience implementation of IT Security frameworks, such as CIS Critical Security Controls, NIST 800-66 rev 2, and/or NIST Cybersecurity Framework.