Cybersecurity Analyst II

Job Category

Job Profile

Job Title

Department

Compensation Range

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge qualifications and experience for the the normal course employees will be hired transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date

Note: Applications will be accepted until 11:59 PM on the Posting End Date.

Job End Date

At UBC we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research innovation and learning for all faculty staff and students. Our commitment to employment equity helps achieve inclusion and fairness brings rich diversity to UBC as a workplace and creates the necessary conditions for a rewarding career.

Job Summary

The Cybersecurity Analyst II is responsible for the design implementation configuration automation and ongoing management of network and endpoint security solutions based on business security and privacy needs. The Incumbent monitors and responds to threats and vulnerabilities by implementing protective measures using existing solutions and making recommendations on new network and endpoint protection solutions.

A fixed schedule is set for this role but flexibility is required as some work must be performed outside of regular business operating hours. The Incumbent may be required to participate in an on-call rotation schedule.

Organizational Status

Reports to the Manager Cyber Operations. Works independently and jointly within the Security Operations Centre. Collaborates with management and staff from all areas of the Chief Information Security Officer portfolio UBC Information Technology other administrative and academic offices and faculties to coordinate network and endpoint security activities. Interacts directly with other University technology professionals.

Work Performed

• Responsible for implementation automation and ongoing management of network and endpoint security solutions and other network and endpoint protection tools supporting systems and infrastructure. Work is undertaken in support of and in compliance with UBC Information Security standards.

• Responsible for the development sustainment and communication of technical documentation including operational procedures and guides architectural diagrams data flow diagrams and knowledge base articles for network and endpoint security solutions.

• Provides subject matter expertise in collaboration with others to identify and implement opportunities to enhance network and endpoint availability security and privacy through effective use of network and endpoint protection tools.

• In adherence with industry best practice leads the development testing and deployment of signatures and rules for implementation in network protection solutions; the incumbent is accountable for creating outcomes that mitigate identified vulnerabilities and respond to new or observed threats.

• Leads the integration of newly developed or procured solutions with existing cybersecurity network and endpoint security infrastructure and solutions through standard interfaces and protocols.

• Leads the planning and implementation of small-to-medium sized projects as assigned.

• Designs and leads the implementation of solutions for automated monitoring of external threat and vulnerability feeds to identify risks directly applicable to network and endpoint platforms in use by the University prepares recommendations on new network and endpoint protection solutions for senior staff.

• Provides input and researches new or enhanced cybersecurity solutions to meet current and future network and endpoint protection requirements.

• May develop deploy and support custom internal-facing tools to meet specific cybersecurity needs.

• Analyzes functional and business requirements system features integration requirements and security/scaling/performance requirements for current and future network and endpoint security solutions preparing recommendations for senior staff.

• Provides subject matter expertise to the review and analysis of network and endpoint platform vulnerability and threat risk assessments.

• Correlates events using information gathered from various sources to gain situational awareness and determine the effectiveness of an observed attack.

• Develops technical communication materials and participates in strategy planning aimed at educating members of the UBC community on established network and endpoint security best practices and greater UBC Information Security Standards. May also participate in facilitation of workshops or other training events.

• Collaborates with peers/team members to identify analyze recommend and implement changes that will improve the security and privacy of existing information systems.

• Responsible for the implementation of centralized network and endpoint security logs to support alerting and event monitoring.

• Responsible to ensure that the required systems and processes are in place to allow for timely detection identification and alerting of possible attacks/intrusions anomalous activities and misuse activities and distinguishes these incidents and events from benign activities.

• Leads the planning and implementation of logging for network and endpoint security solutions ensuring that logs are shipped to and properly ingested by the established centralized logging service.

• Actively monitors the review process of network and endpoint security solution logs and alerts to ensure security of protected network and endpoint Takes corrective actions when necessary and collaborates with junior staff to identify opportunities to enhance network and endpoint availability security and privacy.

• Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity techniques and tools.

• Investigates and remains current with industry technology trends in the network and endpoint security field such as: network and endpoint firewalls vulnerability scanners endpoint protection technologies etc.

• This role is part of the Security Operations Centre which works to actively support the Incident Response Team.

• Performs other related duties as required.

Consequence of Error/Judgement

Effective network and endpoint security is essential for UBC to deliver secure services to the broad UBC community. Decisions and actions taken by the incumbent will have a direct impact on how quickly the Cybersecurity team can respond to a rapidly changing network and endpoint threat landscape how secure UBC systems are from attackers how available they are to the community and a secondary impact on how UBC systems perform and function. Errors in judgment poor analysis or failure to act decisively could have a detrimental effect on the security and availability of these systems. Insecure systems could lead to system downtime or a data addition to damaging the reputation of UBC a breach could also adversely impact the University community including students faculty researchers and staff and could have a significant impact on funding and revenue.

Supervision Received

Works under the general direction of the Manager Cyber Operations and may receive direction from senior technical staff as assigned. The Cybersecurity Analyst II must be able to work independently as well as contribute actively and collaborate openly as a team member.

Supervision Given

Acts as a mentor to other less experienced members of the team and may oversee day-to-day work of other cybersecurity or IT professionals on a project basis.

Minimum Qualifications

Undergraduate degree in a relevant -depth knowledge of applications and the business requirements supporting them. Minimum of five years of related experience or the equivalent combination of education and experience.

- Willingness to respect diverse perspectives including perspectives in conflict with ones own.

- Demonstrates a commitment to enhancing ones own awareness knowledge and skills related to equity diversity and inclusion.

Preferred Qualifications

• Preference will be given to candidates with cybersecurity experience in a large research-focused higher-education institution.

• Candidates must have advanced experience implementing supporting automating and securing networks endpoints and firewalls in an enterprise multi-cloud environment.

• Candidates should possess cybersecurity industry certifications from recognized bodies such as ISC2 ISACA GIAC or EC-Council.

• Advanced expertise with some or all of the following technologies is required: DNS Linux command line and shell scripting HTTP TLS TCP/IP JSON APIs version control network firewall management EDR NDR XDR and Python programming.

• Experience working with LDAP OAUTH SAML PHP and ServiceNow is an asset.

• Candidates must know how to identify and mitigate network and endpoint vulnerabilities.

• A thorough understanding of cybersecurity fundamentals is required.

• Knowledge of network and endpoint frameworks and architectures is required.

• Knowledge of past and current desktop and mobile browser standards and cross-platform compatibility common networks and endpoints and related development issues is also required.

• Experience with incident request and change management in a large complex environment is required.

• The Incumbent is accountable for raising security concerns regardless of ownership or potential impact.

• The Incumbent will demonstrate an ability to manage multiple tasks and priorities effectively particularly under pressure to meet time-sensitive and mission-critical deadlines.

• Initiative-taking is valued but should be balanced with judgement about seeking input advice from others.

• The Incumbent will display aptitude in seeking out new challenges taking calculated risks and persisting in the face of obstacles as well as in managing resources team support and technical requirements to ensure success.

• The ability to work independently as part of a team cross-functionally collaboratively with staff at all organizational levels is crucial.

Collaboration - Actively solicits ideas and opinions from others to efficiently and effectively accomplish specific objectives targeted at defined business outcomes. Openly encourages other team members to voice their ideas and concerns. Shows respect for differences and diversity and disagrees without personalizing issues. Utilizes strengths of team members to achieve optimal performance.

Communication for Results - Conducts discussions with and writes memoranda to all levels of colleagues and peer groups in ways that support troubleshooting and problem solving. Seeks and shares relevant information opinions and judgments. Handles conflict empathetically. Explains the context of interrelated situations asks probing questions and solicits multiple sources of advice prior to taking action when appropriate.

Problem Solving - Applies problem-solving methodologies and tools to diagnose and solve operational and interpersonal problems. Determines the potential causes of the problem and devises testing methodologies for validation. Shows empathy and objectivity toward individuals involved in the issue. Analyzes multiple alternatives risks and benefits for a range of potential solutions. Recommends resource requirements and collaborates with impacted stakeholders.

Accountability - Sets objectives that meet organizational needs. Provides recommendations to individuals and teams on ways to improve performance and meet defined objectives. Monitors and provides feedback on individual and team performance against defined standards.

Business Process Knowledge - Defines routine integrated processes. Documents processes using basic formal process charting techniques. Applies process definitions and flows to work performed. Identifies process bottlenecks and contributes suggestions for process improvement.

Information Systems Knowledge - Resolves escalated problems of technical support. Identifies root causes. Sets up and integrates new and enhanced information systems. Identifies customer needs and determines the appropriate approach to apply and ensure resolution. Solicits the input of appropriate technical experts and managers as required.