Cybersecurity Analyst (Associate, Analyst, or Senior) - Technology Services
University of Illinois

CYBERSECURITY ANALYST (ASSOCIATE, ANALYST, OR SENIOR)

Technology Services
The Identity, Privacy & Cybersecurity team at the University of Illinois has an exceptional career opportunity for talented individuals seeking roles as Associate Cybersecurity Analyst, Cybersecurity Analyst, or Senior Cybersecurity Analyst. We are looking for candidates who can contribute to advancing the university's mission by joining a dynamic team of cybersecurity professionals dedicated to responding to evolving cybersecurity threats. This role entails collaborating with a highly motivated team in incident handling, vulnerability management, threat hunting, and supporting investigations, including e-discovery and digital evidence handling.

The ideal candidate understands the continuous, 24x7 nature of cybersecurity response and is committed to maintaining a positive work environment that prioritizes staff support and adherence to escalation procedures. This involves genuinely caring about creating a welcoming workplace where everyone feels included and has opportunities to grow as individuals and as part of the team.

In this role, candidates will be encouraged to pursue ongoing professional development through specialized training, becoming subject matter experts in various cybersecurity domains. They will also have the opportunity to collaborate with a diverse team of campus IT professionals, fostering partnerships and shared understanding.

Remote work options are available for this position, although occasional on-campus response to cybersecurity events may be required. If you are eager to tackle exciting challenges in cybersecurity within a supportive, team-oriented organization that values remote work flexibility, consider joining the University of Illinois' Identity, Privacy & Cybersecurity team.

Why Technology Services?

Why Illinois?

POSITION SUMMARY

Analyze, respond, and manage cybersecurity attacks, compromises, vulnerabilities, and breaches as related to the University. Proactively develop defensive security measures and capabilities. Address information security incidents and adverse information security events. Collaborate effectively in cybersecurity tools and technologies used for incident response, digital forensics, vulnerability management, and other relevant technologies. Contribute to investigations surrounding University operations, assets, and business/organizational processes.

DUTIES & RESPONSIBILTIES

Associate Cybersecurity Analyst

• Actively participate in CSOC initiatives to respond to cybersecurity incidents and related investigations.

o Enhance skills while actively participating in incident response and investigations into system, service or network attacks and breaches,

o Respond to security alerts and incidents and work to reduce their likelihood.

o Investigate intrusion incidents, participate in security incident remediation, assist in forensic investigations, and incident response.

o Assist team's work with local, State, and Federal law enforcement as well as with University staff on personnel and other investigations involving regulated private information.

o Conduct preservation of electronic data, e-discovery, chain-of-custody, evidence handling and the processes surrounding those actions in support of University operations.

o Support monitoring and tracking vulnerabilities and assist in notifying relevant stakeholders about current and emerging vulnerabilities as part of our vulnerability management efforts.

o Observe and evolve the processes surrounding investigations and data production/disclosure in support of University operations.

o Aid in documenting technical reports and formal documents detailing security issues and investigation outcomes.

o Work both regular business hours and participate in an on-call rotation of non-traditional hours to respond to on-call requests in a 24 x 7 service environment.

o Fulfill other responsibilities as assigned.

• Engage in collaborative and strategic initiatives as an integral, complementary part of the cybersecurity team.

o Participate in internal and external meetings and actively participate in discussions as needed to represent the needs of the assigned domain(s).

o Provide excellent customer service on behalf of the IT Security office.

o Offer suggestions for continual process improvement across all Security workflows.

o Draft and review documentation such as analyses of technical, administrative, or procedural security issues; procedural documentation/playbooks; and team documentation.

• Develop and maintain personal and professional excellence through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in manager-approved innovation programs and individual development initiatives.

Cybersecurity Analyst

• Play an active role in CSOC initiatives to respond to cybersecurity incidents and related investigations.

o Use forensics, incident response, and process expertise to respond to compromised accounts and investigate system, service, or network attacks and breaches. Collaborate with other security staff for security incident remediation and advanced security incident investigations.

o Respond to security alerts and incidents and work to reduce their likelihood.

o Investigate intrusion incidents, conduct forensic investigations, and initiate incident response.

o Work with local, State, and Federal law enforcement as well as with University staff on personnel and other investigations involving regulated private information.

o Conduct preservation of electronic data, e-discovery, chain-of-custody, evidence handling and the processes surrounding those actions in support of University operations.

o Produce responsive digital artifacts and evidence for investigations.

o Perform assessments of systems and networks within the enterprise environment. Analyze vulnerabilities and work collaboratively with units to develop risk-based mitigation strategies for networks, operating systems, and applications.

o Observe and evolve the processes surrounding investigations and data production/disclosure in support of University operations.

o Correspond with all responsible parties tasked with conducting official investigations on expectations, delivery dates, and evolutions in specifics surrounding any given official investigation. Responsible parties could include Legal counsel, Ethics office, HR, FOIA, UIPD or other Law Enforcement Agency.

o Consult with customers and internal staff to implement cybersecurity solutions and best practices.

o Produce technical reports and formal documents outlining security issues and investigation outcomes, presenting to audiences of carrying technical expertise.

o Work both regular business hours and participate in an on-call rotation of non-traditional hours to respond to on-call requests in a 24 x 7 service environment.

o Fulfill other responsibilities as assigned.

• Actively engage in collaborative and strategic initiatives applying expertise as an integral, complementary part of the cybersecurity team.

o Participate in and facilitate internal and external meetings. Drive discussions as needed to represent the needs of the assigned domain(s).

o Provide excellent customer service on behalf of the IT Security office.

o Advocate for Technology Services or other clients and partners in service planning and deployment across the organization.

o Provide recommendations for continual process improvement across all Security workflows.

o Draft and review documentation such as analyses of technical, administrative, or procedural security issues; procedural documentation/playbooks; and team documentation.

• Develop and maintain personal and professional excellence through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in manager-approved innovation programs and individual development initiatives.

Senior Cybersecurity Analyst

• Handle assigned projects related to CSOC initiatives playing a key role in responding to cybersecurity incidents and related investigations.

o Use forensic, incident response, and process expertise to respond to compromised accounts and investigate system, service, or network attacks and breaches. Collaborate with other security staff for security incident remediation and advanced security incident investigations.

o Respond to security alerts and incidents and work to reduce their likelihood.

o Investigate intrusion incidents, conduct forensic investigations, and initiate incident response.

o Work with local, State, and Federal law enforcement as well as with University staff on personnel and other investigations involving regulated private information.

o Conduct preservation of electronic data, e-discovery, chain-of-custody, evidence handling and the processes surrounding those actions in support of University operations.

o Produce responsive digital artifacts and evidence for investigations.

o Research, analyze, manage, track and report existing and emerging vulnerabilities. Work with units to develop risk-based mitigation strategies for vulnerabilities. Provide leadership with comprehensive analysis to include mitigation recommendations and the resources needed to address them.

o Observe and evolve the processes surrounding investigations and data production/disclosure in support of University operations.

o Correspond with all responsible parties tasked with conducting official investigations on expectations, delivery dates, and evolutions in specifics surrounding any given official investigation. Responsible parties could include Legal counsel, Ethics office, HR, FOIA, UIPD or other Law Enforcement Agency.

o Consult with customers and internal staff to implement cybersecurity solutions and best practices.

o Produce technical reports and formal documents outlining security issues and investigation outcomes, presenting to audiences of carrying technical expertise.

o Work both regular business hours and in an on-call rotation of non-traditional hours to respond to on-call requests in a 24 x 7 service environment.

o Fulfill other responsibilities as assigned.

• Act as a subject-matter expert in operational cybersecurity domain(s)

o Cultivate subject-matter expertise and skills in less experienced staff, in coordination with management.

o Work with Security Engineers and CSOC team to plan and build proactive defenses, automation, and event detection into the University IT infrastructure.

o Consult with customers and internal staff to recommend solutions related to assigned domain(s).

o Provide recommendations on emerging issues and the resources needed to address them.

o Develop training and other educational material in conjunction with support & training staff.

• Represent the IT Security office in collaborative and strategic initiatives, applying expertise and functioning as an integral, complementary part of the cybersecurity team.

o Participate in and facilitate internal and external meetings. Drive discussions as needed to represent the needs of the assigned domain(s). Present findings/reports to technical and non-technical audiences.

o Provide excellent customer service on behalf of the IT Security office.

o Advocate for Technology Services or other clients and partners in service planning and deployment across the organization.

o Provide recommendations for continual process improvement across all Security workflows.

o Draft and review documentation such as analyses of technical, administrative, or procedural security issues; procedural documentation/playbooks; and team documentation.

• Develop and maintain personal and professional excellence through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in manager-approved innovation programs and individual development initiatives.

REQUIRED QUALIFICATIONS

The Associate, Analyst, and Senior levels require the following:

1. High school diploma or equivalent.

2. Any one or any combination totaling two years (24 months)* from the following categories:

A. College coursework which includes Information Technology (IT), IT Management, Programming, IT systems, or a closely related discipline, as
measured by the following conversion table or its proportional equivalent:

• 30 semester hours equals one year (12 months)
• Associate's Degree (60 semester hours) equals 18 months
• 90 semester hours equals two years (24 months)
• Bachelor's Degree (120 semester hours) equals three years (36 months))

B. Work experience in IT-related functions, such as hardware/software support, programming, network design, network engineering, IT systems
integration, or closely related field.

The Analyst and Senior levels also require the following

3. Demonstrated experience or training in Cybersecurity or in Secure IT Operations, Data Security, Incident Response and Analysis, Vulnerability Management, Digital Forensics, Network Security or Systems and Applications Security

*The years of experience requirement in item number 2 increases from two to four years for the Senior level.

PREFERRED QUALIFICATIONS

• Bachelor's degree in a related field
• Experience in IT environments within academic or higher education institutions, or in professional settings.
• Demonstrated knowledge of incident response, network security, and vulnerability testing.
• Experience with SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems (IDS/IPS), firewalls, vulnerability assessment tools (Qualys, Nmap, Burp Suite/ZAP, etc.) and EDR (Endpoint Detections and Response) tools.
• Demonstrated familiarity of tools such as Splunk, Snort and Nessus
• Broad understanding and knowledge of networking technologies, architectures, and tools and internet network addressing.
• Broad understanding and knowledge of programming languages and methodologies.
• Customer engagement/customer service experience.
• Training, Licenses or Certifications: SANS (GSEC, GCIH, GCIA, GCFA, GCDA), (ISC)2 (CCSP, CISSP), CEH, or similar security certifications highly desired.

KNOWLEDGE, SKILLS, AND ABILITIES

• Excellent attention to detail.
• Problem-solving ability.
• Demonstrated ability in effective communication and collaborating in a high-performance team environment, including oral, written, and active listening.
• Demonstrated commitment to customer service and customer satisfaction principles.
• Ability to foster positive and productive collaboration across diverse workgroups.

APPOINTMENT INFORMATION

This is a 100% full-time Civil Service 5031 - Information Technology Technical Associate position, appointed on a 12-month basis. The expected start date is as soon as possible after 5/6/2024. Salary range starts at $60,000 for the Associate level, $70,000 for the Analyst level, and $80,000 for the Senior level. Final salary depends on a combination of experience, market value, and internal equity.

This position is eligible for remote or hybrid work. Immigration sponsorship is not available for this position.

For more information on Civil Service classifications, please visit the SUCSS web site at https://www.sucss.illinois.gov/pages/classspec/default.aspx .

APPLICATION PROCEDURES & DEADLINE INFORMATION

Applications must be received by 6:00 pm (CST) on Sunday, April 7 . Apply for this position using the Apply Now button at the top or bottom of this posting. If you have not applied before, you must create your candidate profile at http://jobs.illinois.edu. If you already have a profile, you will be redirected to that existing profile via email notification. To complete the application process:

Step 1) Submit the Staff Vacancy Application using the "Apply for Position" button below.

Step 2) Submit the Voluntary Self-Identification of Disability forms.

Step 3) Upload your cover letter, resume (months and years of employment must be included), and names/contact information for three references. Academic credentials will be verified before hire.

In order to be considered as a transfer candidate, you must apply for this position. Applications not submitted through https://jobs.illinois.edu will not be considered. If required by the position, transcripts or other documentation of credentials are to be provided no later than the first day of employment. For further information about this specific position, please contact swill9@illinois.edu. For questions regarding the application process, please contact 217-333-2137.

____________________________________________________________________________________________________________________________

The University of Illinois System is an equal opportunity employer, including but not limited to disability and/or veteran status, and complies with all applicable state and federal employment mandates. Please visit Required Employment Notices and Posters to view our non-discrimination statement and find additional information about required background checks, sexual harassment/misconduct disclosures, and employment eligibility review through E-Verify .

Applicants with disabilities are encouraged to apply and may request a reasonable accommodation under the Americans with Disabilities Act (2008) to complete the application and/or interview process. Requests may be submitted through the reasonable accommodations portal , or by contacting the Accessibility & Accommodations Division of the Office for Access and Equity at 217-333-0885, or by emailing accessibility@illinois.edu .

• Requisition ID: 1023157
  Job Category: Technical
  Apply at: https://jobs.illinois.edu

This job has expired.