Senior Information Security Analyst
University of Texas at Arlington
Arlington, TX
ID: 7305341
Posted: Newly posted
Application Deadline: Open Until Filled
Job Description
Job Summary
The Senior Information Security Analyst assists the Information Security Office (ISO) with the execution of the cybersecurity programs as part of the overall Information Security Program. Duties include security architecture, oversight of the vulnerability management program, incident response lifecycle, investigations, and advanced threat detection and response activities. Coordinate annual tabletop exercises, penetration tests, security controls testing, and third-party risks assessments. Perform updates to the incident response plan and internal security control documentation. Participate in security council and lead topics for the Information Security Administrator workgroup.
Essential Duties and Responsibilities
Security Architecture:
Serve as a security liaison and subject matter expert to ensure security best practices are incorporated within our technology architecture.
Assist with policies, standards and procedures for security architecture that integrate with the university’s enterprise architecture.
Assist the office of information technology with the technical design and documentation of security controls.
Participate in change management activities.
Vulnerability Management:
Create vulnerability management policies, procedures, and training.
Compiling and tracking vulnerabilities and mitigation results and develop metrics reporting.
Lead education initiatives of both centralized and decentralized stakeholders to ensure compliance with the vulnerability management program. Assist with mitigation strategies.
Incident Response:
Lead security investigations incidents escalated to the Information Security Office.
Lead incident response activities, tabletop exercises and provide detailed incident response report as needed. Coordinate forensics investigations with third-party providers.
Security Controls:
Monitor cyber programs to ensure required controls are in place and provide recommendations as needed for improvement.
Coordinate with third-party services to conduct penetration tests and control evaluation.
Lead and coordinate the audit of technical controls. Stay current on information security trends and news.
Other Duties:
Performs other duties as assigned.
Participate in security awareness activities.
Minimum Qualifications
Bachelor’s degree with demonstrated information security knowledge and experience or an equivalent mix of education and relevant experience in similar role.
Four (4) years of progressively responsible and demonstrated information security work experience, including experience in designing, implementing, auditing and/or managing information security or risk management programs including qualitative and quantitative risk assessments.
Must have CISSP or CRISC certification or ability to obtain the certification within one (1) year from hire.
Demonstrated experience with developing and maintaining information security policies.
Extensive knowledge of and experience in information security risk management.
In depth knowledge and practical experience with implementing or auditing risk frameworks, e.g. NIST 800 series, ISO 20001, CIS Top 20, and CMMC.
Preferred Qualifications
Five (5) years of experience in Information Security including vulnerability management, incident response, security operations, monitoring and alerting and/or network security or nine (9) years of an equivalent combination of education and experience.
Experience working with SIEM systems, endpoint detection, response (EDR) solutions, threat intelligence platforms, security automation, and orchestration solutions, intrusion detection systems (IDS), data loss prevention (DLP), or other network and security monitoring tools.
Certifications related to the duties and responsibilities specified, including but not limited to CISSP, SSCP, CRISC, CISA, and SANS GIAC.
Splunk, Microsoft Security Center, Python, Linux shell scripting, or Windows PowerShell experience a plus.
Knowledge, Skills and Abilities
History of communication with and presenting to stakeholders regarding risks and remediation.
Advanced Information Security knowledge and understanding.
Must have excellent interpersonal, verbal and written communication skills.
Successful experience working, collaborating and establishing credibility and relationships with senior leadership, colleagues, and customers.
Ability to translate technical language to common language for non-technical users.
Attention to detail and documentation skills will be required for this position.
Comfortable using Microsoft Office Suite (Word, Excel, Outlook, PowerPoint, Visio, etc.).
Advanced Microsoft Office Suite, Teams, and SharePoint skills.
The Senior Information Security Analyst assists the Information Security Office (ISO) with the execution of the cybersecurity programs as part of the overall Information Security Program. Duties include security architecture, oversight of the vulnerability management program, incident response lifecycle, investigations, and advanced threat detection and response activities. Coordinate annual tabletop exercises, penetration tests, security controls testing, and third-party risks assessments. Perform updates to the incident response plan and internal security control documentation. Participate in security council and lead topics for the Information Security Administrator workgroup.
Essential Duties and Responsibilities
Security Architecture:
Serve as a security liaison and subject matter expert to ensure security best practices are incorporated within our technology architecture.
Assist with policies, standards and procedures for security architecture that integrate with the university’s enterprise architecture.
Assist the office of information technology with the technical design and documentation of security controls.
Participate in change management activities.
Vulnerability Management:
Create vulnerability management policies, procedures, and training.
Compiling and tracking vulnerabilities and mitigation results and develop metrics reporting.
Lead education initiatives of both centralized and decentralized stakeholders to ensure compliance with the vulnerability management program. Assist with mitigation strategies.
Incident Response:
Lead security investigations incidents escalated to the Information Security Office.
Lead incident response activities, tabletop exercises and provide detailed incident response report as needed. Coordinate forensics investigations with third-party providers.
Security Controls:
Monitor cyber programs to ensure required controls are in place and provide recommendations as needed for improvement.
Coordinate with third-party services to conduct penetration tests and control evaluation.
Lead and coordinate the audit of technical controls. Stay current on information security trends and news.
Other Duties:
Performs other duties as assigned.
Participate in security awareness activities.
Minimum Qualifications
Bachelor’s degree with demonstrated information security knowledge and experience or an equivalent mix of education and relevant experience in similar role.
Four (4) years of progressively responsible and demonstrated information security work experience, including experience in designing, implementing, auditing and/or managing information security or risk management programs including qualitative and quantitative risk assessments.
Must have CISSP or CRISC certification or ability to obtain the certification within one (1) year from hire.
Demonstrated experience with developing and maintaining information security policies.
Extensive knowledge of and experience in information security risk management.
In depth knowledge and practical experience with implementing or auditing risk frameworks, e.g. NIST 800 series, ISO 20001, CIS Top 20, and CMMC.
Preferred Qualifications
Five (5) years of experience in Information Security including vulnerability management, incident response, security operations, monitoring and alerting and/or network security or nine (9) years of an equivalent combination of education and experience.
Experience working with SIEM systems, endpoint detection, response (EDR) solutions, threat intelligence platforms, security automation, and orchestration solutions, intrusion detection systems (IDS), data loss prevention (DLP), or other network and security monitoring tools.
Certifications related to the duties and responsibilities specified, including but not limited to CISSP, SSCP, CRISC, CISA, and SANS GIAC.
Splunk, Microsoft Security Center, Python, Linux shell scripting, or Windows PowerShell experience a plus.
Knowledge, Skills and Abilities
History of communication with and presenting to stakeholders regarding risks and remediation.
Advanced Information Security knowledge and understanding.
Must have excellent interpersonal, verbal and written communication skills.
Successful experience working, collaborating and establishing credibility and relationships with senior leadership, colleagues, and customers.
Ability to translate technical language to common language for non-technical users.
Attention to detail and documentation skills will be required for this position.
Comfortable using Microsoft Office Suite (Word, Excel, Outlook, PowerPoint, Visio, etc.).
Advanced Microsoft Office Suite, Teams, and SharePoint skills.