Under the general direction of the Security Operation Center Manager, manages security and data protection solutions that support the mission of the university and protect the confidentiality, integrity, and availability of information assets owned or entrusted to UC Davis.
Assists in assessing the security of a wide variety of campus systems. This includes secure configuration, vulnerability profiles and management of the UC Davis overall attack surface.
Maintains and configures the large collection of UC Davis SOC data sources and intelligence feeds. Configures network and host-based attack detection technologies, including the collection and filtering of the alerts produced.
Conducts daily security operation workflows. Investigates significant alerts do determine validity, severity, impact and scope using the large collection of SOC data sources. Refine standard SOC processes to support repeatability and metric collection. Escalates critical incidents to the senior incident response leads and assists in basic forensic analysis and evidence preservation.
Direct timely vulnerability remediation and incident recovery measures using standard operating procedures. Produce periodic reports on vulnerability posture and incident recovery status.
Stay abreast of emerging vulnerabilities, technology capabilities, and threat intelligence from a variety of sources to optimize data protection measures relative to campus needs. Work with campus stakeholders to ensure data security needs and controls are aligned to support organizational goals and objectives.
Tracks and reports on security risks and control effectiveness to the CISO and other campus stakeholders such as the Assistant Chief Information Officer, Network Operations Managers, security professionals located at the Davis and Sacramento campuses and other campus IT leaders. Maintain or preserve confidentiality when required to do so.
To see IET job postings, please visit https://iet.ucdavis.edu/jobs
Candidates must already possess authorization to work in the United States to be considered.

MINIMUM QUALIFICATIONS - FOR FULL CONSIDERATION, APPLICANTS ARE ENCOURAGED TO UPLOAD LICENSE AND/OR CERTIFICATION IF REQUIRED OF THE POSITION

• Bachelor’s degree in a STEM discipline or equivalent experience.
• Experience with fundamental cyber-security concepts and familiarity with cyber-security processes.
• Experience working in a SOC environment and executing a variety of SecOps workflows.
• Ability to communicate complex technical subjects to both technical and non-technical audiences.
• Skills to organize and manage time to meet all tasks and project goals.

PREFERRED QUALIFICATIONS

• Experience handling incidents and security requests with the ServiceNow ticketing system.
• Fundamental Linux system skills.
• Knowledge of cyber-security detection methodologies and techniques.
• Problem-solving skills to define and analyze issues and implement solutions working independently and as part of a team.

SPECIAL REQUIREMENTS – PLEASE CONTACT YOUR RECRUITER WITH QUESTIONS REGARDING WHICH ACTIVITIES APPLY BY POSITION

• This is a critical position, as defined by UC Policy and local procedures, and as such, employment is contingent upon clearing a criminal background check(s) and may include drug screening, medical evaluation clearance and functional capacity assessment
• N/A
  Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

• 60% - Security Operations
• 15% - Incident Response
• 15% - Documentation and Governance
• 10% - Information Security Consulting