CYBERDEFENSE ANALYST

Job no: 237325-AS
Work type: Partial Remote, Staff-Full Time
Department: DOIT/CYBERSECURITY/DEPTOFFICE
Location: Madison
Categories: Engineering, Information Systems/Technology, Quality, Risk Management and Compliance, Other, Computer Science



Position Summary:

The Office of Cybersecurity supports the CIO and the campus by leading and managing campus efforts to reduce risk. Strategies include appropriate handling of data, continued diagnostics and good processes and procedures to manage our intellectual property and other sensitive information.

This Cyberdefense Analyst is responsible to completing work efforts within the Security Testing and Cyber Defense domain of the UW-Madison Office of Cybersecurity. The team focuses on implementation of frameworks and processes that pro-actively identify, assess, and manage vulnerabilities through testing systems throughout the systems development life cycle. Utilizing the implemented frameworks and processes, the team performs vulnerability and risk assessments of networks, systems, and applications to support system operations and guides the developers, system administrators, and engineering staff in implementing an appropriate set of IT risk mitigation controls. These may also include phases of the Risk Management Framework (RMF). Security testing includes establishing and maintaining services for host-based, web application, database vulnerability management, and penetration testing.

This position is also responsible for organizing Cyber Defense Engineering services and supporting the operational cybersecurity controls identified from the Risk Management and Compliance (RMC), Cybersecurity Operation Center (CSOC), and Cybersecurity Programs and Business Systems and from the Office of the CIO. This includes providing services and controls associated with application security, endpoint security, data security, and network security across the UW-Madison campus. This position reports to the UW-Madison Chief Information Security Officer.

Position Duties:

List of Duties

Institutional Statement on Diversity:

Diversity is a source of strength, creativity, and innovation for UW-Madison. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals.

The University of Wisconsin-Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background - people who as students, faculty, and staff serve Wisconsin and the world.

For more information on diversity and inclusion on campus, please visit: Diversity and Inclusion

Degree and Area of Specialization:

Degree not required, bachelor's degree in network security, information security, or a related field preferred.

Minimum Years and Type of Relevant Work Experience:

Required Qualifications:
* Minimum two years experience in developing, implementing, and testing security controls for systems (e.g. web applications and/or servers).
* Demonstrated understanding of network design, security protocols and systems administration with excellent analytical and problem solving skills.
* Demonstrated experience of collaborating across cross-functional teams to report to management the status of risk and remediation options.
* Demonstrated ability to communicate technical and security concepts to non-technical audience by written and verbal communication including the ability to write analysis reports based on findings.
* Experience with typical application components such as web servers, application servers, relational database (Oracle and/or SQL), middleware and underlying infrastructure devices (WAN and LAN devices, operating systems for server platforms such as Windows Server and/or Linux/Unix, and container/DevOps technology such as Docker), workstations, and a broad range of applications, host and network security devices.
* Must hold, or be able to obtain within one year, a management oriented security certification (e.g. CISSP or CISM) and/or Vulnerability Assessment certification (e.g. GWAPT).

Preferred Qualifications:
* Solid understating of manual, automated application penetration testing skills, vulnerability scanning and analysis as well as skill in careful, limited live testing in live production environments.
* Experience with API, Scripting and/or programming languages.

License or Certificate:

See required qualifications

Additional Information:

Please note that successful applicants must be authorized to work in the United States without need of employer sponsorship, on or before the effective date of appointment.

This position is an onsite position however, some combination of onsite and remote could be discussed in accordance with policy and subject to approval. Remote work requires successful candidates to possess their own high-speed internet and phone to perform the work on a University provided computer.

No oncall work however some best effort after hours work would be needed in handling security incidents.

Department(s):

A060370-INFORMATION TECHNOLOGY/CYBERSECURITY/DEPTOFFICE

Work Type:

Full Time: 100%

Appointment Type, Duration:

Ongoing/Renewable

Salary:

Minimum $80,000 ANNUAL (12 months)
Depending on Qualifications

Instructions to Applicants:

Click on the "Apply Online" button to start the application process.
You will be prompted to upload the following documents:
Resume (REQUIRED)
Cover letter (REQUIRED)
Please use your cover letter to speak to each of the Required Qualifications for this position (listed above in the Minimum Years and Type of Relevant Work Experience section). For each Required Qualification, describe your relevant experience, using specific examples from your work history to illustrate how your experience satisfies the requirement.

Contact:

Jeff Palkowski
jeff.palkowski@wisc.edu
608-262-1657
Relay Access (WTRS): 7-1-1 (out-of-state: TTY: 800.947.3529, STS: 800.833.7637) and above Phone number (See RELAY_SERVICE for further information. )





Official Title:

IS SPECIALIST(S45DN)

Employment Class:

Academic Staff-Renewable

Job Number:

237325-AS

The University of Wisconsin is an Equal Opportunity and Affirmative Action Employer. We promote excellence through diversity and encourage all qualified individuals to apply.

If you need to request an accommodation because of a disability, you can find information about how to make a request at the following website: https://employeedisabilities.wisc.edu/disability-accommodation-information-for-applicants/

The University of Wisconsin-Madison is engaged in a Title and Total Compensation (TTC) Project to redesign job titles and compensation structures. As a result of the TTC project, official job titles on current job postings may change. Job duties and responsibilities will remain the same. For more information please visit: https://hr.wisc.edu/title-and-total-compensation-study/ .

Employment will require a criminal background check. It will also require you and your references to answer questions regarding sexual violence and sexual harassment.

The University of Wisconsin System will not reveal the identities of applicants who request confidentiality in writing, except that the identity of the successful candidate will be released. See Wis. Stat. sec. 19.36(7).

The Annual Security and Fire Safety Report contains current campus safety and disciplinary policies, crime statistics for the previous 3 calendar years, and on-campus student housing fire safety policies and fire statistics for the previous 3 calendar years. UW-Madison will provide a paper copy upon request; please contact the University of Wisconsin Police Department .

Applications Open: Jul 13 2021 Central Daylight Time
Applications Close: Aug 5 2021 11:55 PM Central Daylight Time

Similar jobs

Similar jobs