Security Analyst/Senior Security Analyst

Cybersecurity Directorate

The Security Analyst will have the opportunity to work in an exciting environment at the intersection of research and development (R&D) and real-world security operations with one of the fastest computer networks in the world. Working in the NCSA's Cybersecurity Directorate (CSD) with partners around the country, the candidate will utilize security tools at scale, such as, Bro IDS, Qualys, Splunk, SSH auditor, and blackhole routers. With users and developers sitting across the hall, they will have a chance to make a direct impact each day with opportunities to work on both R&D and operational activities at NCSA.

Apply cross-disciplinary Information Technology (IT) Security knowledge to design, develop, implement and administer the security cyber-infrastructure for NCSA networks and computer systems in keeping with NCSA's cybersecurity policies and objectives.

Key responsibilities

Security Analyst
  • Cybersecurity Research
    • Provide cybersecurity-related guidance to academic- and industry-funded research projects.
    • Assist with the development of projects that enhance the security stance of NCSA in support of research and education, and help develop strategy for future direction of team.
    • Maintain currency in the activities and high impact issues of the computer security or incident response community.
    • Apply scientific domain knowledge to implement and maintain the security and monitoring infrastructure in support of technical and scientific research projects.
    • Suggest and evaluate security requirements and evaluate solutions for NCSA and collaborator systems.
  • Cybersecurity Support
    • Respond to or assign security alerts and tickets as appropriate.
    • Make technical recommendations regarding NCSA's cybersecurity policies, practices, system development, architecture and posture.
    • Make recommendations for ticket processes.
    • Ensure the security and integrity of NCSA Incident Response and Security Team (IRST) systems according to NCSA policies and procedures.
    • Detect and, investigate digital intrusions and other incidents with cyber components by coordinating with the senior IRST staff.
    • Provide on-call and off-hours support as assigned; job duties may require working schedules that are outside of normal business hours.
    • Assist with drafting incident reports for public and internal use, cooperate with law enforcement and legal as needed.
  • Leadership and Outreach
    • Provide training, guidance, and assistance related to cybersecurity to NCSA staff and partners.
Senior Security Analyst

The duties and responsibilities of the Senior Security Engineer include those of the Security Engineer, with the addition of the following:

  • Cybersecurity Research
    • Lead and develop projects to enhance the security stance of NCSA in support of research and education, and help develop strategy for future direction of team.
    • Apply scientific domain knowledge to design, implement, and maintain the security and monitoring infrastructure in support of technical and scientific research projects.
    • Architect and develop security requirements and evaluate solutions for NCSA and collaborator systems.
  • Cybersecurity Support
    • Make technical recommendations regarding NCSA's cybersecurity policies, practices, system development, architecture and posture.
    • Establish procedures regarding ticket creation and handling.
    • Ensure the security and integrity of NCSA systems according to NCSA policies and procedures.
    • Detect, investigate, mitigate and remediate digital intrusions and other incidents with cyber components by coordinating with the Principal Security Engineer, unless there is no principal, in which case they lead.
    • Draft incident reports for public and internal use, cooperate with law enforcement and legal as needed.
    • Guide, assist, and task more junior Security Engineers.
    • May supervise students or interns.
  • Leadership and Outreach
    • Represent NCSA in the national community and liaise with other incident response teams.
    • Guide, assist, and task more junior Security Engineers.
    • May supervise students or interns.

Required education and experience

Security Analyst
  • Any combination totaling two years from the following categories:
    • Progressively more responsible work experience in an IT-related profession.
    • College course work which included IT, computer science, or a closely related discipline, as measured by the following conversion table or its proportional equivalent:
      • 60 semester hours or Associate's Degree equals one year.
      • 90-120 semester hours or Bachelor's Degree equals two years.
  • One year professional/intern/volunteer or classroom experience installing, configuring, and administering UNIX-like servers.
  • One year professional/intern/volunteer or classroom experience using shell programming and/or a scripting language.
  • One year professional/intern/volunteer or classroom experience with:
    • Network trace analysis (e.g. pcap).
    • or System log analysis (e.g. syslog).
    • or Network or system firewall management.
  • Experience can be concurrent.
Senior Security Analyst
  • Any combination totaling two years from the following categories:
    • Progressively more responsible work experience in an IT-related profession.
    • College course work which included IT, computer science, or a closely related discipline, as measured by the following conversion table or its proportional equivalent:
      • 60 semester hours or Associate's Degree equals one year.
      • 90-120 semester hours or Bachelor's Degree equals two years.
  • Three years analyzing computer event logs (e.g. syslog) and network traces (e.g., pcap).
  • Three years using shell programming and/or a scripting language.
  • Three years installing, configuring, and administering UNIX-like servers.

Preferred experience

Security Analyst
  • Work in a high-performance data center.
  • Network administration or configuration experience.
  • Security certifications from SANS or similar organizations.
  • Using or deploying intrusion detection technologies, in particular, the Bro IDS.
  • Giving presentations to a technical audience, in particular, security training and education.
  • Part of an incident response team or performing digital forensics.
Senior Security Analyst
  • Two years' experience in the area of computer/network security.
  • Two years installing, configuring, and administering UNIX-like servers using a centralized configuration management system (e.g., Puppet & Git).
  • One years using Python in a production environment.

Key skills/knowledge

Security Analyst
  • Excellent interpersonal relation skills.
  • Communicates clearly with all types of audiences.
  • Ability to work in distributed team setting with shared responsibilities.
  • Works independently once given direction.
  • Ability to work on multiple projects simultaneously.
Senior Security Analyst
  • Excellent interpersonal relations skills.
  • Communicates clearly with all types of audiences.
  • Ability to work in distributed team setting with shared responsibilities.
  • Works independently once given direction.
  • Ability to work on multiple projects simultaneously.

This is a full-time Civil Service Information Technology Technical Associate position appointed on a 12-month service basis. The expected start date is as soon as possible after the close of the search. Salary is commensurate with experience.

Applications must be received by October 8, 2019. If you have not applied before, you must create your candidate profile at jobs.illinois.edu. If you already have a profile, you will be redirected to that existing profile via email notification. To complete the application process:

Step 1) Submit the Staff Vacancy Application.

Step 2) Submit the Voluntary Self-Identification of Disability forms.

Step 3) Upload your cover letter, resume (months and years of employment must be included), and academic credentials (unofficial transcripts or diploma may be acceptable) and names/contact information for three references.

In order to be considered as a transfer candidate, you must apply for this position described above. Applications not submitted through this website will not be considered. For further information about this specific position, contact Bryan Fijalkovich, fijalkov@illinois.edu. For questions about the application process, please contact 217-333-2137.

The University of Illinois conducts criminal background checks on all job candidates upon acceptance of a contingent offer.

The University of Illinois is an Equal Opportunity, Affirmative Action employer. Minorities, women, veterans and individuals with disabilities are encouraged to apply. For more information, visit http://go.illinois.edu/EEO.

For further information regarding our application procedures, you may visit www.ncsa.illinois.edu or email NCSA-HR@illinois.edu.