Senior Information Security Analyst

Responsible for the implementation, configuration, operation, and ongoing maintenance of the various security solutions and the identification, investigation and resolution of security events detected by those systems. Ensures the university is in compliance with UT System policies as well as state and federal statutes and regulations.

Description of Duties

• Develops, implements, monitors and supports the access control, data confidentiality, system integrity, system reliability, system audit and recovery methods and procedures.

• Ensures the overall university security program is in compliance with UTS 165 and TAC 202.

• Collaborates with information technology network security to resolve complex specific incidents and mitigate vulnerabilities.

• Ensures that all consultation on information security controls related to university information systems are appropriate and operating as intended.

• Coordinates and documents response and recovery of abuse of systems and information resources, violation of policies, privacy issues, and related incidents with proper authorities.

• Oversees risk assessment assistance requests and makes recommendations to management.

• Acts as main point of contact regarding university audits.

• Reviews and analyzes intrusion detection reports provided by UT System for unusual patterns, security breaches, and exploitation of information resources.

• Develops, prepares and recommends improvements for documentation, including security policies and procedures, security notifications and alerts.

• Develops and implements processes to secure the confidentiality, integrity and availability of information resources and technology.

• Observes, monitors, evaluates, and reports security policy compliance.

• Keeps current with IT network security and recommends improvements for disaster recovery, business continuity, intrusion detection, incident remediation, monitoring of network and bandwidth resources, and other pertinent security software and utilities.

• Keeps current with advancements in information security related subjects, participates as an internal consulting resource on viruses, spyware, exploits, computer forensics, recovery and similar subject matter and recommends improvements to the university security program.

• Evaluates and recommends new information security policies, procedures, standards, guidelines, tools, technologies, organizational changes, etc.

• Actively participates in the higher education security community such as Educause, REN-ISAC, Unisog, etc.

• Participates in university committees and meetings with the UT System Security Council.

• Perform other related duties as assigned.

Supervision Received

General supervision from assigned supervisor.

Supervision Given

Direct supervision of assigned staff.

Required Education

Bachelor's degree in Information Security, Information Technology, Computer Sciences, or closely related field from an accredited university.

Preferred Education

Bachelor's Degree in Cybersecurity or Information Assurance from an accredited university.

Licenses/Certifications

Preferred: Certified Information Systems Security Professional (CISSP)

Required Experience

• Four (4) years of relevant IT security, IT operations and/or IT audit experience to include the following: deploying, configuring and monitoring security tools and platforms such as IDS/IPS, SIEM, A/V, Firewalls, vulnerability scanning and packet analysis tools, basic networking concepts, protocols (TCP/IP), common ports and knowledge of risk assessment, disaster recovery and business continuity methods and practices, host/network common vulnerabilities and exploits (CVEs) and experience with hacker methodologies, tactics, and the tools used or

• Bachelor's degree from an accredited university in unrelated field with five (5) years of the required experience.

• Required experience can be substituted for up to two (2) years of education on a 1-for-1 basis.

Preferred Experience

• Experience with major operating systems, including command-line proficiency.

• Knowledge and experience with programing and computer languages such as C#,

ASP.NET, SQL, PowerShell, Python, or similar.

• Experience in managing, configuring, deploying, and monitoring security infrastructure.

• Experience with standard concepts, practices, and procedures for security operation centers.

• Knowledge of ITIL processes and standards.

• Experience conducting risk assessments and identifying effective risk mitigation strategies.

• Experience installing, configuring and repairing computer hardware and system software.

Equipment

Proficiency in the use of a personal computer and applicable software necessary to perform work assignments e.g. word processing, spreadsheets (Microsoft Office preferred). Use of standard office equipment.

Working Conditions

Needs to be able to successfully perform all required duties. Exposure to standard office conditions. Indoor activity, exposure to fluorescent lighting, computer emissions, and confined space. Frequent use of personal computer, copiers, printers, and telephone. Frequent standing, sitting, listening, and talking. Frequent work under stress, as a team member, and in direct contact with others. Job involves moderate amount of walking daily, occasional bending and stooping and infrequent lifting and climbing. Some travel and weekend work is required, including travel to meetings and training outside the area. May work extended hours. UTRGV is a distributed institution, which requires presence at multiple locations throughout the Rio Grande Valley. Work is performed primarily in a general office environment.

This is identified as a remote (work from home) position and will require reliable high-speed internet and a dedicated workspace.

Other

Strong attention to detail and ability to problem solve. Ability to function independently and as a team player in a fast-paced environment. Demonstrated ability to develop and maintain collaborative working relationships with varying constituencies and teams. Knowledge of security best practice standards such as the Center for Internet Security (CIS) Top 20 Critical Security Controls, NIST Cybersecurity Framework and OWASP.

Physical Capabilities

N/A

Employment Category Full-Time Minimum Salary Commensurate with Experience Posted Salary Commensurate with Experience Position Available Date 06/21/2024 Grant Funded Position No If Yes, Provide Grant Expiration Date