Job Details

This ad is expired.
University of San Francisco
  • Position Number: 1157863
  • Location: San Francisco, CA
  • Position Type: Computer and Information Technology


Junior Analyst, Information Security (Internal Applicants Only)

University of San Francisco


Job Summary:

The Junior Analyst, Information Security provides direct support for the University's Information Security Program as administered by the USF ISC Department.
The Information Security Program consists of establishing policies and high level processes, overseeing education and training, implementing monitoring and control mechanisms, remediation of identified threats and overseeing compliance with statutory and regulatory requirements regarding electronic information confidentiality, integrity and availability. The Information Security & Compliance (ISC) team collectively supports the Information Security Program and provides strategy, security assessment (risk), consultation, orchestration, governance, as well as maintains and audits against the USF security framework. The USF security framework establishes the foundational understanding that security is a shared responsibility coordinated by the ISC team and executed by each (accountable) service/operational owner - key internal and external stakeholders who collaborate to safeguard the University's data from internal and external threats.
Practicing as an entry level subject matter expert (SME), administrator, analyst, and key team member, this role supports the efforts of the ITS Division, and the ISC Department by serving in four main roles:
Administration & Incident Response Contributor

  • Serve as ISC point of contact administering, analyzing, escalating, and/or responding to all inquiries sent to ISC team, including exception requests, Firewall RFCs & Incident Response (IR) efforts
  • Recognize and contribute to response efforts to information security incidents, preforming level 1 threat and risk analysis
    SME (process / procedures / technical)
  • Collaborate across ITS departments and teams to identify, administer, analyze, and solve critical security problems, as well as operationalize lessons learned into existing or new technological controls, solutions, processes, procedures, knowledge articles
  • Support security education, policy, and procedure maintenance, and administration
  • Level 1 participation in the coordination of PCI IT efforts, administer systems owned by ISC, serve as business analyst and provide project coordination for the Information Security Program
    Vulnerability & Security Training Management
  • Participate in the evangelization of information security throughout the enterprise striving for prevention by participating in the vulnerability management program, preforming level 1 threat analysis, and orchestrating remediation efforts
  • Maintain awareness of current security risks in support of security enhancement to the enterprise security training courses
    Level 1 - SIEM (Splunk) Data Science and Engineering
  • Contribute to the development, implementation, operations and continuous improvement of a Security Incident Event Management (SIEM) system: promote early detection, effective incident response, analytics to mitigate risks, automation
    This role requires established integrity and leadership potential, customer service experience, outstanding organizational skills, a developing range of technical skills, developing project management/coordination abilities, and experience in maintaining a secure computing environment.

    Job Responsibilities:

    Summary Tasks
    Support the ISO with assuring IT Service Confidentiality, Integrity and Availability (CIA security triad)
    Monitor the Information Security & Compliance queue, assign new tickets to team members, assist the ISC team with monitoring open tickets to ensure SLAs and metrics are meet, and escalate issues appropriately
    Monitor and analyze incoming needs (email, phone, in-person) requested directly to ISC, transition those needs into action item tickets, assigning them and/or update existing tickets appropriately
    Provides consultation to ITS and technology service owners with gold standard process baselining, including but not limited to ISC dashboard procedure and USF security framework
    Participate in the maintenance of access rules to data and other IT resources
    Participate in CIA over the assurance and maintenance of authorized user IDs and passwords
    Monitor security, privacy and copyright violations and take corrective actions to ensure that adequate security is provided
    Assist as Project coordinator or Internal Technical Consultant for security-related initiatives as assigned
    Perform daily level 1 security operational tasks to support the mission and vision set by the ISO to support and enable the business needs of the University
    Serve as backfill for team members as needed
    Other duties as assigned
    Technical
    Provides initial support for the Information Technology Services Division regarding technical issues related to Information Security
    Stays well-informed as to the current and emerging threat environment
    Actively participates in risk management by evaluating current conditions, systems and practices within the ITS Division, and across the University as directed by the ISO to inform the Information Security Dashboard, and as appropriate develop and maintain effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts
    Provides level 1 system administration for key security-related systems owned by ISC
    Maintains active involvement within the greater Security Industry
    Provides consultation to ITS and technology service owners with gold standard technical baselining, including but not limited to USF security framework
    development, maintenance and deployment of vulnerability, system and application patching
    Provides administrative support for the operation and use of Security and Network Access related systems and services

    SETA: Security Education, Training & Awareness
    Contribute in the planning, preparing, and delivering of the Information Security Awareness Program, which includes required virtual security training for faculty, staff, affiliates, as well as those with elevated access

    Minimum Requirements:

    Professional:
    2 -4 years of experience in IT supporting medium-to-large scale environment (1000+ endpoint systems), with preforming a variety of tasks related to the information security triad (confidentiality, availability, and integrity)
    Bachelor of Arts or Bachelor of Science degree in Computer Science, Information Systems, Information Security or equivalent work experience. 5 years or more of related technical experience may be substituted for degree requirements
    Desired: candidates with current IT Certifications: HDI Support Center Analyst, HDI Support Center Manager, and ITIL Foundation
    Ability to maintain current certifications as well as pursue others as recommended
    Developing range of technology, process and business operations skills including demonstrated knowledge and experience in ITIL, incident management, and the field of Information Security
    Excellent communication skills and ability to interact professionally with a diverse group of individuals across the University, including technical and non-technical staff, faculty and students
    Ability to interact with all levels of an organization in a professional, diplomatic and tactful manner
    Outstanding organizational skills, ability to prioritize effectively, and ability to follow complex tasks with minimal supervision
    Understanding and awareness of compliance issues related to information resources in a higher education environment
    Entry level understanding and experience of IT security management systems, best practices, standards, and/or frameworks (NIST, ISO, etc.)

    Technical:
    Experience with Windows and Linux Operating Systems
    Experience in python, perl, HTML/JS, SQL queries
    High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy
    Experience and aptitude for troubleshooting skills with the ability to analyze and resolve difficult problems quickly
    Effective documentation skills
    Entry level system & business administration: account lifecycle, report generating, data analysis,
    Entry level experience using monitoring and management tools and systems (Vulnerability Management, Endpoint Protection, Splunk/SIEM, DLP)
    Entry level knowledge of network architecture and protocols (Ethernet, TCP/IP, DNS)
    Entry level knowledge of Active Directory Computer Object, Organization Unit administration, and Group Policy design
    Entry level experience with enterprise asset management systems such as LANDesk, Service Now
    Entry level experience with managing and escalating ticket queues
    Entry level experience in development and operations of Security Information Event Management (SIEM) system to support security operations utilizing Splunk
    Entry level experience with vulnerability scanning, threat management, system security hardening, security ticketing and automation
    Entry level knowledge of Palo Alto Networks equipment and configurations
    Entry level knowledge of Network Access Control systems (Impulse Point)
    Entry level of knowledge enterprise security concepts and tools including Log Management and GRC systems
    Entry level experience with network protocols relating to both systems and networks
    Provide off-hours support on an infrequent, but on an as needed basis

    Additional Knowledge, Skills, and Abilities:


    For information on how to apply, please visit the following link: www.usfjobs.com

    EEO Policy
    The University of San Francisco is an equal opportunity institution of higher education. As a matter of policy, the University does not discriminate in employment, educational services and academic programs on the basis of an individuals race, color, religion, religious creed, ancestry, national origin, age (except minors), sex, gender identity, sexual orientation, marital status, medical condition (cancer-related and genetic-related) and disability, and the other bases prohibited by law. The University reasonably accommodates qualified individuals with disabilities under the law.







    Copyright 2017 Jobelephant.com Inc. All rights reserved.

    Posted by the FREE value-added recruitment advertising agency



    jeid-ddd90da1d7967f448f7e36278d2b9a20