Assoc. Cybersecurity Analyst

Position Summary:

As an Associate Security Analyst, you’ll be responsible for supporting a diverse range of information security tasks that may include administration of cybersecurity tools, responding to cybersecurity incidents, supporting risk and compliance efforts, and developing information security policies, standards and procedures.

About the Work Unit:

Vanderbilt University Information Technology is a human-centric organization that advances our university by delivering innovative solutions and frictionless experiences through collaboration.

Key Functions and Expected Performance:

• Monitoring and reporting on compliance with institutional and functional security policies, as well as the enforcement of those policies across university IT departments;
• Implementing changes to policies, standards and procedures;
• Maintaining and/or operating security tools and applications;
• Initial identification of unresolved network security exposures, misuse of resources or non-compliance situations using defined escalation processes;
• Mitigating identified vulnerabilities with the help of experienced security analysts (e.g., installing security patches or removing unnecessary services, applications, and unauthorized user accounts);
• Collecting metrics related to information security operations, risk and compliance, and University security policies (e.g., vulnerability or patching status);
• Building and executing incident response Table Top Exercises (TTX) to prepare for cyber incidents; and
• Monitoring for changes in the digital business and threat landscape to ensure updates are adequately addressed in daily operations and information security strategy plans.

Supervisory Relationships :

This position does not have supervisory responsibility. This position reports administratively and functionally to Cybersecurity Operations and Engineering Director.

Education and Certifications:

- Bachelor’s degree is necessary
Willingness to pursue professional information security certifications is preferred

Experience and Skills :

• 2 years of relevant Cybersecurity experience is necessary
• Familiarity with information security principles, including governance and policy, risk and compliance, security operations, threat and vulnerability management, and incident response;
• Basic knowledge of security-related tools, software, protocols, and procedures;
• Basic knowledge of IT infrastructure: applications, databases, operating systems — Windows, Unix and Linux, hypervisors, IP networks, storage networks, backup networks and media;
• Basic knowledge of the following preferred: NIST Cybersecurity Framework (CSF), ISO/IEC 27001/2, CIS Top 20 Controls, NIST SP 800-53, ISA/IEC 62443, DoD CMMC;
• Strong written and verbal communication skills, interpersonal and collaborative skills; and
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
• Demonstrated commitment to VUIT’s Guiding Principles is necessary

Information Technology’s Guiding Principles:

• Trust and Respect- VUIT cultivates a community built on trust, mutual respect, and inclusivity, where all members feel valued and supported. We prioritize honesty, dignity, empathy, and a willingness to listen and understand.
• Professionalism- VUIT strives to maintain a culture of maturity, accountability, and integrity to best represent the University and self. Have a sense of humility and poise in your work and daily interactions.
• Collaborate- VUIT commits to being inclusive in solution design where we value sharing within and partnering across the university. We are intentional about including our colleagues and preventing silos.
• Bias-to-Action- VUIT is seen as a changemaker by exhibiting a decisive, self-starter, take-action approach with a willingness to make decisions without excessive deliberation. Personal initiative is recognized as a key part of the creative process.
• Communicate- Communication (written, verbal and non-verbal), within and outside VUIT, is open, thoughtful, welcoming, clear, proactive, concise yet complete, always honest, and delivered kindly.
• Innovate- VUIT pledges to be bold and challenge the status quo by inspiring a culture of creativity that promotes growth and advancement for the university.
• Celebrate Each Other- We are intentional in showing appreciation for the work of others by valuing and acknowledging meaningful contributions at all levels of the organization.
• Optimize- VUIT will practice continuous and thoughtful optimization of our solutions and services to increase our human and technological capacity. Capacity drives innovation.