Analyst Junior, Information Security

Job Id: 
University of San Francisco
Job Type: 
Job Start Date: 
Application Closing Date: 
Contact Name: 
Human Resources
Contact Phone: 
(415) 422-6707
Contact Email:

Analyst Junior, Information Security

University of San Francisco

Job Summary:

The Analyst Junior, Information Security provides direct support for the University's Information Security Program as administered by the USF ISC Department.
The Information Security Program consists of establishing policies and high level processes, overseeing education and training, implementing monitoring and control mechanisms, remediation of identified threats and overseeing compliance with statutory and regulatory requirements regarding electronic information confidentiality, integrity and availability. The Information Security & Compliance (ISC ) team collectively supports the Information Security Program and provides strategy, security assessment (risk), consultation, orchestration, governance, as well as maintains and audits against the USF security framework. The USF security framework establishes the foundational understanding that security is a shared responsibility coordinated by the ISC team and executed by each (accountable) service/operational owner - key internal and external stakeholders who collaborate to safeguard the University's data from internal and external threats.
Practicing as an entry level subject matter expert (SME ), administrator, analyst, and key team member, this role supports the efforts of the ITS Division, and the ISC Department by serving in four main roles:
Administration & Incident Response Contributor

• Serve as ISC point of contact administering, analyzing, escalating, and/or responding to all inquiries sent to ISC team, including exception requests, Firewall RFCs & Incident Response (IR) efforts

• Recognize and contribute to response efforts to information security incidents, preforming level 1 threat and risk analysis
SME (process / procedures / technical)

• Collaborate across ITS departments and teams to identify, administer, analyze, and solve critical security problems, as well as operationalize lessons learned into existing or new technological controls, solutions, processes, procedures, knowledge articles

• Support security education, policy, and procedure maintenance, and administration

• Level 1 participation in the coordination of PCI IT efforts, administer systems owned by ISC , serve as business analyst and provide project coordination for the Information Security Program
Vulnerability & Security Training Management

• Participate in the evangelization of information security throughout the enterprise striving for prevention by participating in the vulnerability management program, preforming level 1 threat analysis, and orchestrating remediation efforts

• Maintain awareness of current security risks in support of security enhancement to the enterprise security training courses
Level 1 - SIEM (Splunk) Data Science and Engineering

• Contribute to the development, implementation, operations and continuous improvement of a Security Incident Event Management (SIEM ) system: promote early detection, effective incident response, analytics to mitigate risks, automation
This role requires established integrity and leadership potential, customer service experience, outstanding organizational skills, a developing range of technical skills, developing project management/coordination abilities, and experience in maintaining a secure computing environment.

Job Responsibilities:

Summary Tasks
• Support the ISO with assuring IT Service Confidentiality, Integrity and Availability (CIA – security triad)
• Monitor the Information Security & Compliance queue, assign new tickets to team members, assist the ISC team with monitoring open tickets to ensure SLAs and metrics are meet, and escalate issues appropriately
• Monitor and analyze incoming needs (email, phone, in-person) requested directly to ISC , transition those needs into action item tickets, assigning them and/or update existing tickets appropriately
• Provides consultation to ITS and technology service owners with gold standard process baselining, including but not limited to ISC dashboard procedure and USF security framework
• Participate in the maintenance of access rules to data and other IT resources
• Participate in CIA over the assurance and maintenance of authorized user IDs and passwords
• Monitor security, privacy and copyright violations and take corrective actions to ensure that adequate security is provided
• Assist as Project coordinator or Internal Technical Consultant for security-related initiatives as assigned
• Perform daily level 1 security operational tasks to support the mission and vision set by the ISO to support and enable the business needs of the University
• Serve as backfill for team members as needed
• Other duties as assigned
• Provides initial support for the Information Technology Services Division regarding technical issues related to Information Security
• Stays well-informed as to the current and emerging threat environment
• Actively participates in risk management by evaluating current conditions, systems and practices within the ITS Division, and across the University as directed by the ISO to inform the Information Security Dashboard, and as appropriate develop and maintain effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts
• Provides level 1 system administration for key security-related systems owned by ISC
• Maintains active involvement within the greater Security Industry
• Provides consultation to ITS and technology service owners with gold standard technical baselining, including but not limited to USF security framework
• development, maintenance and deployment of vulnerability, system and application patching
• Provides administrative support for the operation and use of Security and Network Access related systems and services

SETA : Security Education, Training & Awareness
• Contribute in the planning, preparing, and delivering of the Information Security Awareness Program, which includes required virtual security training for faculty, staff, affiliates, as well as those with elevated access

Minimum Requirements:

• 2 -4 years of experience in IT supporting medium-to-large scale environment (1000+ endpoint systems), with preforming a variety of tasks related to the information security triad (confidentiality, availability, and integrity)
• Bachelor of Arts or Bachelor of Science degree in Computer Science, Information Systems, Information Security or equivalent work experience. 5 years or more of related technical experience may be substituted for degree requirements
• Desired: candidates with current IT Certifications: HDI Support Center Analyst, HDI Support Center Manager, and ITIL Foundation
• Ability to maintain current certifications as well as pursue others as recommended
• Developing range of technology, process and business operations skills including demonstrated knowledge and experience in ITIL , incident management, and the field of Information Security
• Excellent communication skills and ability to interact professionally with a diverse group of individuals across the University, including technical and non-technical staff, faculty and students
• Ability to interact with all levels of an organization in a professional, diplomatic and tactful manner
• Outstanding organizational skills, ability to prioritize effectively, and ability to follow complex tasks with minimal supervision
• Understanding and awareness of compliance issues related to information resources in a higher education environment
• Entry level understanding and experience of IT security management systems, best practices, standards, and/or frameworks (NIST , ISO , etc.)

• Experience with Windows and Linux Operating Systems
• Experience in python, perl, HTML /JS, SQL queries
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy
• Experience and aptitude for troubleshooting skills with the ability to analyze and resolve difficult problems quickly
• Effective documentation skills
• Entry level system & business administration: account lifecycle, report generating, data analysis,
• Entry level experience using monitoring and management tools and systems (Vulnerability Management, Endpoint Protection, Splunk/SIEM , DLP )
• Entry level knowledge of network architecture and protocols (Ethernet, TCP /IP, DNS )
• Entry level knowledge of Active Directory Computer Object, Organization Unit administration, and Group Policy design
• Entry level experience with enterprise asset management systems such as LANDesk, Service Now
• Entry level experience with managing and escalating ticket queues
• Entry level experience in development and operations of Security Information Event Management (SIEM ) system to support security operations utilizing Splunk
• Entry level experience with vulnerability scanning, threat management, system security hardening, security ticketing and automation
• Entry level knowledge of Palo Alto Networks equipment and configurations
• Entry level knowledge of Network Access Control systems (Impulse Point)
• Entry level of knowledge enterprise security concepts and tools including Log Management and GRC systems
• Entry level experience with network protocols relating to both systems and networks
• Provide off-hours support on an infrequent, but on an as needed basis

Additional Knowledge, Skills, and Abilities:

For information on how to apply, please visit the following link:

EEO Policy
The University of San Francisco is an equal opportunity institution of higher education. As a matter of policy, the University does not discriminate in employment, educational services and academic programs on the basis of an individual’s race, color, religion, religious creed, ancestry, national origin, age (except minors), sex, gender identity, sexual orientation, marital status, medical condition (cancer-related and genetic-related) and disability, and the other bases prohibited by law. The University reasonably accommodates qualified individuals with disabilities under the law.

Copyright ©2017 Inc. All rights reserved.