Security Analyst

PPH-Domestic-Core-IZ

Full Time

77068BR

Job Summary

This position supports the California Immunization System and involves work implementing and maintaining measures to safeguard the system from unauthorized access, data breaches, and cyber threats.  This includes tasks like setting up firewalls, intrusion detection systems, and encryption protocols, regularly updating software for security patches, conducting vulnerability assessments and penetration testing, monitoring network traffic for suspicious activity, educating users about security best practices, and responding to security incidents promptly and effectively.

The position will be working with the Information Security Engineering and System Engineering Domains.

• Application security testing and training (Ad-hoc)
  • Provide interactive application security testing of California Department of Public Health (CDPH) applications as requested
  • Perform re-tests, as necessary, to validate any remediation of findings by CDPH
  • Provide overview/training to CDPH Security Operations Center (SOC) staff via screen sharing during interactive application security testing
  • Provide overview/training on other CDPH testing tools used during engagement, e.g. SQLMap, Postman
• Reporting
  • Provide output from Burp Suite applications testing and manual penetration testing in the form of actionable reports delivered to SOC staff within the mutually agreed to timeframe established prior to testing
  • Provide remediation steps/recommendations for all vulnerabilities found
  • Provide guidance to SOC staff on producing similar reports

The final salary and offer components are subject to additional approvals based on UC policy.

To see the salary range for this position (we recommend that you make a note of the job code and use that to look up): TCS Non-Academic Titles Search (https://tcs.ucop.edu/non-academic-titles)

Please note: An offer will take into consideration the experience of the final candidate AND the current salary level of individuals working at UCSF in a similar role.

For roles covered by a bargaining unit agreement, there will be specific rules about where a new hire would be placed on the range.

To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html

Department Description

UCSF Institute for Global Health Sciences (IGHS) is dedicated to improving health and reducing the burden of disease in the world’s most vulnerable populations. It integrates UCSF expertise in all of the health, social, and biological sciences, and focuses that expertise on pressing issues in global health. IGHS works with partners in countries throughout the world to achieve these aims. IGHS seeks to improve health worldwide, especially in developing countries, through research that informs policy. IGHS is committed to ensuring a diverse, equitable and inclusive work environment as we work towards becoming an anti-racist organization. We strongly encourage applicants from diverse backgrounds. Please see our statement on anti-racism here: https://globalhealthsciences.ucsf.edu/about-us/diversity-equity-and-inclusion/statement-structural-racism .

The California Department of Public Health is dedicated to optimizing the health and well-being of the people in California. Immunizations are one of public health’s greatest achievements. Vaccines help prevent diseases and help keep Californians of all ages healthy. The Immunization program provides leadership and support to public and private sector efforts to protect the population against vaccine-preventable diseases.

Required Qualifications

• Bachelor's degree in related area and / or equivalent experience / training
• 3+ years directly related experience
• Experience using IT security systems and tools. Knowledge of data encryption techniques.
• Experience analyzing logs for security breaches
• Experience in incident response or digital forensics including data collection, examination or analysis
• Basic skill at reading and interpreting security logs
• Ability to follow department processes and procedures
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization
• Knowledge of other areas of IT, department processes and procedures
• Demonstrated skills applying security controls to computer software and hardware
• Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks
• Knowledge of computer hardware, software and network security issues and approaches
• Demonstrated experience selecting and applying appropriate data encryption technologies

Preferred Qualifications

• Certified Ethical Hacker (CEH)
• GIAC Certified Penetration Tester (GPEN)
• PenTest+
• EC-Council Certified SOC Analyst (ECSA)
• Certified Expert Penetration Tester (CEPT)

About UCSF

The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world’s leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells.

Pride Values

UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence – also known as our PRIDE values.

In addition to our PRIDE values, UCSF is committed to equity – both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu

Join us to find a rewarding career contributing to improving healthcare worldwide.

Equal Employment Opportunity

The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Job Code and Payroll Title

007338 IT SCRTY ANL 3

Job Category

Clinical Systems / IT Professionals, Professional (Non-Clinical), Technical & Technologist

Bargaining Unit

99 - Policy-Covered (No Bargaining Unit)

Location

Remote / Telecommute, Richmond, CA

Additional Shift Details

Monday- Friday; 8AM -5PM PST, Remote – if return to office, Richmond CDPH to be home location