Job Description

Diversity Statement The University is especially interested in candidates who can contribute to the diversity and excellence of the institution. Applicants are encouraged to include in their cover letter information about how they will further this goal.
Posting Summary
Develops and leads the application of analytical techniques and workflows to operational data in support of the Information Security Office’s mission to identify and remediate threats to the confidentiality, integrity, and availability of information in the University of Vermont’s information ecosystem. High-impact technical, educational, and leadership role focused on securing both the physical and virtual aspects of UVM’s information environment and works most closely with the Information Security Officer, the Information Security Engineer, and personnel responsible for enterprise technology infrastructure operations, and acts as a subject-matter expert/consultant to constituent- and governance groups. Participates in UVM’s Cybersecurity Incident Response Team (CSIRT), provides functional supervision to one or more Information Security/Identity Management Analysts and student employees operating in supporting roles, and reports to the Director of Information Security.

Develop and leverage a deep understanding of UVM’s information ecosystem in order to identify intrusion, exfiltration, and other threats to information security using ethical, repeatable, defensible methods. Exercise discretion and judgment while maintaining the security of University information, protecting individuals’ privacy, and educating constituents and due to the sensitivity of the information and access required to dispatch their duties, ensure the maintenance of strict confidentiality.
Minimum Qualifications (or equivalent combination of education and experience)
Bachelor’s degree in a related field and two years as an information security professional to include cybersecurity incident response; endpoint/network forensics; and/or continuous security monitoring required. An understanding of technical concepts underpinning internet-connected enterprise services required.

Effective customer service, communication, and interpersonal skills are required. Effective written communications, especially the ability to produce both procedural documentation and activity/incident documentation in support of the Information Security Office’s self-assessment reporting is required. Demonstrated ability to communicate information security concepts and concrete action steps to both technical and general populations through teaching, writing, presenting, and individual interactions required.

Effective organizational skills, including ability to manage multiple concurrent tasks and investigations; demonstrated ability to apply judgment and work with accuracy in routine cases and in exceptional situations; and proficiency with common productivity applications and command line interfaces in Windows, macOS, or Linux required.
Desirable Qualifications
Any one or more of the following will strengthen an applicant’s candidacy: Ability to produce admissible documentation and maintain evidentiary chain of custody; experience with cyber threat intelligence platforms; familiarity with securing cloud-based email, file storage, and applications; experience with constituent education/outreach and proficiency presenting via remote instruction tools; web publishing experience.
Industry recognized certifications specializing in incident response, network administration, system administration, or data management are also desired qualifications.