Minimum Qualifications:

Bachelor's degree or equivalent in a related field. No experience is required

Preferred Qualifications:

Two years of IT experience is highly preferred Python, rust, C, C+, Java, and / or PowerShell Web application experience Microsoft Active Directory / Azure EntralD

Job Summary:

Under direct supervision, supports the IT security environment and resources to ensure systems are adequately secured from unauthorized use. Assists in identifying, investigating, and reporting fraudulent use, misuse, and/or abuse of IT systems and applications.

Job Duties:

Under direct supervision, this person will serve as an integral member of a high-functioning, tightly integrated, cybersecurity incident detection and response team.  This position will perform duties as a Tier 1 Security Operations Center (SOC) cybersecurity analyst. Primary responsibilities are security event monitoring, triage, and basic response to all alerts generated from on-premises and Microsoft cloud SIEM systems.

Must complete CompTIA Cybersecurity Analyst (CySA+) training and successfully pass the associated certification exam within 90 days of hire. Work assigned shifts that will include 24x7x365 coverage of Tier 1 SOC duties. Perform triage of alerts from on-premises and cloud-based security information and event management systems, intrusion detection systems, antivirus, cloud-based services, windows servers, network infrastructure, data loss prevention systems, user behavior analytics systems, and user-submitted security inquiries. Apply basic security controls to minimize the propagation of malicious software throughout the network and to protect the unauthorized disclosure of confidential information. Escalate alerts for Tier 2 investigation based on their severity, including prioritization of the alerts for follow-on incident response activities. Provide feedback on process improvements and how to eliminate false positive alerts and improve SOC workflow processes and procedures. Assist with incident response efforts to conclude and develop after-action reports. Participate in ongoing skill development to build incident response skills to support complex investigations. Adhere to internal controls and reporting structure. Comply with related practice standards, processes, and procedures. Perform other related duties as directed by management.  

Key Skills and Knowledge: 

Academic and/or working experience with TCP/IP networking, and networking services such as DNS, SMTP, DHCP, etc. Windows, MacOS, and Linux-variant operating systems such as the file system structure, system services, and typical behavior of endpoints and servers.  Cloud-based services such as Microsoft Office 365 and Azure productivity tools. High-level understanding of Enterprise Information System architecture such as Active Directory, Domain Controllers, Exchange, etc. Ability to analyze logs from various sources to detect patterns, identify anomalies, and correlate events for effective threat response. Experience or foundational understanding of incident response processes, including triage, investigation, remediation, and lessons learned

 

 Salary Range: 

Starting salary will range from $56,080.00 - $70,100.00 annually, commensurate with experience. 

Work Schedule:

Mostly remote but local, so as to come in as needed on occasion, rotating shifts, including nights, and weekends.

 

 

Equal Employment Opportunity

UTMB Health strives to provide equal opportunity employment without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, genetic information, disability, veteran status, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law. As a VEVRAA Federal Contractor, UTMB Health takes affirmative action to hire and advance women, minorities, protected veterans and individuals with disabilities.

Compensation