Information Security Analyst

Position Overview:

We are seeking a highly skilled Information Security Analyst to join our Information Security Operations Team. The ideal candidate will have extensive experience in SIEM, security monitoring, intrusion detection and prevention, security incident response, threat management, vulnerability management, and SOC best practices. This role requires hands-on expertise with SIEM, SOAR, IDS/IPS, and vulnerability management tools, with a strong ability to detect, investigate, and respond to cyber threats across on-premise and cloud environments (AWS, Azure, GCP).

ITS at UVA is a phenomenal place to lead, grow, and deliver impact. It's an organization that values results and teamwork. We like the people we work with and the work we get to do.  ITS values work-life balance and provides flexible work location options where possible. Please see additional information about joining our team

Benefits Include: The choice between 3 different health plans; vision and dental insurance; retirement plans; life insurance; benefits savings accounts; starting with 22 days of paid time off a year in addition to 12 or more paid holidays; 8 weeks of paid parental leave; short term disability; up to $4,360 after your first year for combined use of tuition toward a degree-seeking program or up to $2,000 for professional development including classes, certification training and conferences; and more!

Key Responsibilities:

Security Monitoring & Incident Response

Conduct proactive security monitoring, analysis, and investigation using Splunk, Splunk Enterprise Security, and other security technologies.Triage, investigate, and respond to security alerts, escalating incidents as necessary and leading response efforts.Develop and fine-tune correlation rules, dashboards, and threat detection analytics within Splunk and Splunk Enterprise SecurityWork closely with internal and externally managed security operations staff to improve threat detection capabilities and response workflows.

Threat Detection & Intrusion Prevention

Analyze and respond to network and endpoint security threats leveraging IDS/IPS, firewalls, and EDR solutions.Conduct threat hunting activities to proactively identify advanced persistent threats (APT) and anomalous behavior.Utilize threat intelligence feeds and frameworks to enhance detection capabilities.

Vulnerability & Threat Management

Perform vulnerability analysis and work with internal teams to remediate security gaps.Collaborate with security engineering and IT teams to harden systems, applications, and networks against cyber threats.

Security Operations & Process Improvement

Develop and maintain security operations playbooks/runbooks and incident response workflows.Automate security operations activities using SOAR and/or scripting languages (Python, PowerShell, Bash).Support, maintain, monitor, troubleshoot, and enhance security monitoring tools, methodologies, and infrastructure.Conduct post-incident reviews, identifying areas for improvement and mitigation strategies.

Qualifications & Skills:

Required:

5+ years of experience in Security Operations, SOC, or Incident Response roles.Deep expertise in Splunk and Splunk Enterprise Security for threat detection and incident analysis.Strong knowledge of SIEM, SOAR, IDS/IPS, vulnerability management tools, and incident response methodologies and best practices.Hands-on experience with network and endpoint security solutionsExperience investigating and responding to security incidents in cloud platforms and environments (e.g., AWS, Azure, M365, GCP).Understanding of key log sources commonly utilized in the investigation of cyber security incidents such as Microsoft Defender, operating system event logs (Windows,  Linux, MacOS), email logs and headers, firewall logs, IDS logs (Suricata, Zeek), network logs (DNS, DHCP, NAT/PAT), web server logs (Apache, IIS, Nginx), etc.Ability to automate security operations workflows using SOAR, Python, PowerShell, or Bash.Excellent analytical, troubleshooting, and communication skills.

Preferred:

Experience with Splunk SOAR (Phantom) for security automation and orchestration.Knowledge of cloud-native security toolsSecurity certifications such as Splunk Certified Cybersecurity Defense Analyst, Splunk SOAR Certified Automation Developer, CISSP, AWS Security Specialty, SANS/GIAC (e.g., GCIA, GCDA, GSOC, GX-IA, GCED, GCIH, GX-CS), Security+, Certified Ethical Hacker (CEH). Experience in threat hunting and forensic analysis.

Why Join Us?

Work in a high-impact cybersecurity role in a dynamic and evolving security landscape.Opportunity to lead and enhance security operations and incident response efforts in a large and complex enterprise environment.Competitive salary, benefits, and continuous learning opportunities.

Location: Hybrid
Employment Type: Full-Time
Reports To: Information Security Officer, Engineering and Operations

Complete an application online and attach:

1.     Cover letter to include your interest in the position and your knowledge, skills, abilities, and experiences

2.     Resume or CV

PROCESS FOR INTERNAL UVA APPLICANTS: Please apply through your Workday Home page, search “Find Jobs”, and search for R0069704 

PROCESS FOR EXTERNAL APPLICANTS: Please visit UVA job board: https://jobs.virginia.edu/us/en/ and search for R0069704

***Please note that you MUST upload ALL documents into the CV/Resume box. Applications that do not contain all of the required documents will not receive full consideration. ***

For questions about the application process, please contact Bill Crane Xer5ff@virginia.edu

For more information about UVA and the Charlottesville community please see  www.virginia.edu/life/charlottesville  and https://embarkcva.com/

The University of Virginia, including the UVA Health System which represents the UVA Medical Center, Schools of Medicine and Nursing, UVA Physician’s Group and the Claude Moore Health Sciences Library, are fundamentally committed to the diversity of our faculty and staff.  We believe diversity is excellence expressing itself through every person's perspectives and lived experiences.  We are equal opportunity and affirmative action employers. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender identity or expression, marital status, national or ethnic origin, political affiliation, race, religion, sex, pregnancy, sexual orientation, veteran or military status, and family medical or genetic information.