Security Analyst

Who We Are:

System Administration, which also houses the Office of the President, is located in the uptown neighborhood of Denver with a few smaller offices located on the campuses.  Many of our departments support the educational and research missions of the four University of Colorado campuses, but System Administration is not considered a campus. We provide diverse opportunities for professional development, innovation, and collaboration with talented staff and faculty.  Learn more about CU System Administration .

The Chief Information Security Officer and the campus Information Security Officers jointly oversee the University of Colorado’s (CU) efforts to protect its computing and information assets and comply with information-related privacy and security laws and regulations. The Office of Information Security provides information security services to both the CU Boulder campus as well as the System Administration division of CU. The University of Colorado’s technology environment includes a vast user population with large, complex networks and a wide variety of applications.

Position Summary:

The Incident Response and Monitoring Analyst is an early career incident response role within the Security Operations team. The focus of this position is monitoring, analyzing, triage, response, and escalation of information security incidents. Typical work involves reviewing alerts from network monitoring and security information and event management (SIEM), reviewing incident tickets assigned to the security team, responding to or escalating issues to team members, performing follow-up and documenting events, and learning more about information security threats and technologies. The Incident Response and Monitoring Analyst works closely with the Lead Incident Response Analyst as well as other team members within the Office of Information Security and across CU. This position is available as full time or part time, with a minimum of 75%-time work schedule, and is located on the Boulder campus.

This position reports to the Information Security Officer and is exempt from the State of Colorado Classified Staff System.

Where You Will Work:

This position has the ability to work in a hybrid remote environment within the Denver/Boulder area. 

Diversity and Equity:

The University of Colorado System Administration Office is committed to recruiting and supporting a diverse workforce. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnic minorities, persons with disabilities, persons within the LGBTQ+ community and all veterans.

Duties & Responsibilities:

Monitoring

• Reviews alerts from information security monitoring systems
• Reviews and evaluates incident tickets assigned to the security team
• Triages items for appropriate action (e.g. resolution, investigation, follow-up)
• Recognizes patterns related to information security alerts and issues and communicates them to other team members

Incident Response

• Investigates alerts of concern and engages other individuals and information sources as needed
• Communicates with system or account owners to collect more information related to incident requests and to recommend next steps related to resolution
• Escalates complex issues outside of established scope to senior team members as appropriate
• Aids in forensic collections and documentation related to information security incident requests
• Document incidents according to Office of Information Security standards

Process and Technology Improvements

• Identifies opportunities to improve monitoring, alerting, and response activities
• Proposes and tests improvements to activities, processes, and systems

Professional Development

• Maintains awareness and knowledge of information security threats, vulnerabilities, technologies and business processes
• Continuously learns new professional and technical skills and abilities through formal and informal learning opportunities

Applications Used:

• Bro/Zeek/Snort intrusion detection system
• LogRhythm SIEM
• Service Now ticket management
• Forensics and analysis tools
• Confluence wiki

What We Offer:

Salary: The anticipated hiring range has been established at $70,000-$77,000. 

The salary of the finalist(s) selected for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, specialty and training.

The above salary range (or hiring range) represents the University’s good faith and reasonable estimate of the range of possible compensation at the time of posting.

Benefits: The University of Colorado offers an excellent benefits package including:

• Medical: Multiple plan options
• Dental: Multiple plan options
• Additional Insurance: Disability, Life, Vision and Wellness
• Retirement 401(a) Plan: Employer contributes 10% of your gross pay
• Paid Time Off: Accruals over the year
  • Vacation Days: 22
  • Sick Days: 15
  • Holiday Days: 10
• Tuition Benefit: System employees have the benefit on all campuses 
• ECO Pass: RTD Bus and light rail service
• Additional Perks & Programs: Click here to access a few more Perks and Programs

Click here to access our Total Compensation Calculator to see what your total rewards could be at CU. This position is a University Staff position.

Additional taxable fringe benefits may be available.

More information on benefits programs, including eligibility, is available at www.cu.edu/employee-services/ .

Qualifications:

Minimum Qualifications:

Please ensure your resume includes any and all relevant experience to be accurately assessed against these qualifications.  You must meet all minimum requirements listed at the time of application to be considered for this role.

• Bachelor’s degree from an accredited institution of higher education, or equivalent professional experience (professional experience may be substituted for the educational requirement on a year-for-year basis)
• One (1) year of equivalent experience

Preferred Qualifications:

• Two (2) years of equivalent experience
• Experience performing information security incident response duties
• Experience with Security Information and Event Management (SIEM) systems
• Experience with network security monitoring (IDS/IPS/Netflow)
• Experience with scripting and automation
• Experience with public cloud computing environments (e.g. Amazon AWS, Microsoft Azure)
• Specific training and/or certification in incident response, digital forensics, network security monitoring, and related topics (e.g. degree programs, SANS Institute training, Global Information Assurance Certification [GIAC])

Knowledge, Skills, and Abilities:

• Knowledge of cybersecurity and privacy principles and best practices
• Knowledge of incident response and handling methodologies
• Knowledge of computer networking fundamentals
• Knowledge of common computer operating systems
• Analytical and problem-solving skills, including the ability to examine and summarize data and trends in order to resolve issues and produce results
• Evaluative skills, including the ability to assess information for reliability, validity, and relevance
• Critical thinking skills, including the ability to identify problems, questions, and assumptions; establish significance; and understand logical connections between ideas
• Oral, written, and listening communication skills, including the ability to accurately interpret what others are saying and convey messages, information, concepts, and details accurately and clearly
• Ability to prepare reports and briefings
• Ability to identify security risks that may impact the organization
• Ability to communicate complex information in a well-organized manner through verbal, written or visual means
• Ability to effectively collaborate with team members in-person and remotely

COVID-19:

The University of Colorado has a requirement for COVID-19 vaccinations and full completion of the attestation form within the first 30 days after hire date.  Information regarding this requirement, and exemptions can be found at https://www.cu.edu/vaccine-requirement

How to Apply:

For full consideration, please attach the following as separate documents to your application:

Please ensure you check the “Job Specific Attachments” box next to each document on the “Required Documents” page of the application for the appropriate documents to be attached.

When to Apply:

For full consideration completed applications must be submitted by November 4, 2022.  Reference checking is a standard step in our hiring process. You may be asked to provide contact information, including email addresses, for up to five references as part of the search process for this position. *Please note: All application materials must be submitted through CU Careers; emailed materials will not be considered.*

Background Check Statement:

The University of Colorado is committed to providing a safe and productive learning and living community. To achieve that goal, we conduct background investigations for all final applicants being considered for employment. Background investigations include a criminal history record check, and when appropriate, a financial and/or motor vehicle history. The Immigration Reform and Control Act requires that a verification of employment eligibility be documented for all new employees by the end of the third day of work. The University of Colorado is committed to diversity and equality in education and employment.

ADA Statement:

We are committed to an inclusive and barrier-free search process. We provide accommodations for applicants requesting accommodation through the search process such as alternative formats of this posting.  Individuals with disabilities in need of accommodations throughout the search process should contact the ADA Coordinator at: [email protected] .