|Position Description|| |
The Enterprise Security Analyst I's scope of responsibility includes information security management at the enterprise level. This includes ensuring that necessary safeguards are present, operational, and effective. Discretion and sound judgment is expected. Enterprise positions are restricted for use in central IT Division areas reporting to the institutional CIO and, as such, may interface with key IT leadership and/or other functional leadership from the Texas Tech University System institutions.
|Essential Job Functions|
The Enterprise Security Analyst's scope of responsibility includes information security management at the enterprise level. With close supervision and/or assistance from team members, performs one or more of the following duties: Participates in the execution of vulnerability management systems at the network, system, application, and desktop levels. Performs network/protocol scanning and reporting. Develops and installs scripts for the customization or automation of security monitors and intrusion prevention systems. Analyzes systems, processes, or events as a part of formalized Incident Management procedures, including digital forensic investigation and event log analysis. Administers Access Control Systems and Policies including Access Requests, Identity Management Physical Access, or Surveillance Systems. Conducts risk and/or vulnerability assessments for active or proposed enterprise hardware and/or software systems and components. Administers security controls and access lists for network devices including firewalls, switches, routers, servers, and appliances. Performs other duties in support of the Information Security Program. Maintains an active awareness of the evolving security threat landscape. Maintains an active awareness of federal, state, and local regulations and policies. May interface with users, vendors, or other stakeholders. Uses a variety of desktop and/or web-based software and tools to create or modify documentation and to communicate with team members and supervisors. May interface with key IT leadership and/or other functional leadership from the Texas Tech University System institutions. Adheres to all appropriate Institutional policies (including IT Ops) and other relevant internal departmental policies.
Bachelor's degree with coursework in computer science, MIS, IT, or other related area OR a combination of related education and/or experience.
For TTU Only: Applicants for this Security Sensitive Level II position will be subject to a criminal background check and must pass a drug and alcohol test after a conditional offer of employment has been extended, but before employment can be confirmed.
|Knowledge, Skill, & Abilities|
Ability to: exercise judgment based on an understanding of organizational policies and activities; plan and organize effectively, prioritize goals, use time efficiently, and stay on task; communicate effectively, both orally and in writing; establish and maintain effective work relationships. Experience in one or more security domains as defined by the ISC2 CISSP Common Body of Knowledge (CBK), which currently includes: access control; information security and risk management; application security; operations security; business continuity/disaster recovery planning; security architecture and design; physical and environmental security; telecommunications and Network Security; cryptography; legal regulations, compliance, and investigations. Requires a very high level of proficiency in the theoretical and practical application of specialized knowledge in computer system analysis, programming, and software engineering, relating to IT Security. Professional certifications are not required, but Microsoft, Cisco, or CISSP certifications may be preferred qualifications.