This position works with the Director, Information Security and Manager, Security Operations to implement the stated mission of the Information Security Office (ISO) to preserve trust in the University and protect student data. Additionally this position improves, manages, consults collaboratively to perform security intrusion, incident and event analysis. Finally, in this role you will assist with operations, measurement and reporting for information security systems.

Duties

• MANAGE OPERATIONAL CHANGE REQUESTS
  • Maintain configurations and updates for firewall, IDS, NAC, DHCP, DNS and other security systems and use professional judgment to determine whether and how the requests shall be implemented to provide best security and service. Oversee operation and manage documentation for systems security tools. Work closely with the Director, Information Security and other analysts to document and ensure that security best practices and University security policies are being followed for configuration and updates.
• CONSULT WITH TECHNICAL COLLEAGUES TO IMPLEMENT SECURITY BEST PRACTICES
  • Integrate security controls and best practices into their IT procedures. Promote understanding and compliance with incident handling procedures among IT teams. Network with colleagues to collect input and propose improvements to procedures. Analyze University business processes with information security implications and work with colleagues in business units to improve security and efficiency of the process.
• IMPROVE, DEVELOP, MANAGE, MONITOR, TEST AND VERIFY THE IMPLEMENTATION OF NECESSARY SECURITY CONTROLS
  • Protect the University's infrastructure from attack and from unauthorized access, modification or destruction. As part of this oversight, Sr. Analyst will perform, develop and improve vulnerability scanning, intrusion detection and log analysis. Develop and improve upon the mature ISO incident handling procedures according to the standard Incident Handling pattern (Preparation, Identification, Containment, Eradication, Restoration, and Lessons Learned).
• ANALYZE SYSTEM AND NETWORK DATA
  • Use the data to identify threats, misconfigurations and vulnerabilities in network and system infrastructure and develop, automate, promulgate and present reports on results of this analysis and measured effectiveness of security controls developed or under management. Participate regularly in attack/vulnerability recognition and defense, based on security event review methods developed and improved by the Sr. Analyst or other members of the ISO team. 
• COLLABORATION
  • Provides backup support and assistance to other team members. Collaborates with co-workers and University colleagues on departmental, division-wide, and institutional projects. Shares process information and makes recommendations on how to improve processes and overall job execution within the team/department.
• PROFESSIONAL DEVELOPMENT
  • Attends training sessions, vendor presentations, user group meetings, conferences, and seminars. Engages regularly in individual professional development related activities, including formal certifications related to information security to remain current with industry technology trends and work processes.
• COMMITTEES AND BEYOND JOB DUTIES
  • Volunteers to undertake tasks that stretch the employee's capabilities. Contributes leadership and expertise on various committees within the Information Technology division. Participates in external University committees. Performs other related duties as assigned.
• UNIVERSITY MISSION
  • Understands and supports the Christian mission of the University. Upholds the University mission through team, location, atmosphere, and work performed.

The above information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Skills and Qualifications

Required

• SANS 503 - Intrusion Detection In Depth current certification or equivalent.
• Three (3) years IT or Information Security experience.
• Practical TCP/IP knowledge to the level of expertise in access control lists and low level packet analysis.
• Installation and management of Windows systems.
• Familiarity with Perl. Unix command line; Powershell.
  
  

Preferred

• Additional advanced technical certifications equivalent to SANS 5xx or 6xx courses.
• Experience sufficient to read procedural documentation to effectively operate department systems.
• Experience in data reporting and documentation writing.
• Knowledge of perl or other web or system administration scripting languages to the level of timely troubleshooting unfamiliar scripts and creating new ones.
• Palo Alto Firewalls, QualysGuard Vulnerability Management, FortiNAC.

This is a Regular, Exempt, 40 hour per week position.

Expected Pay Range: $68,640 - $70,000 per year

The above pay range reflects what Pepperdine University reasonably expects to pay for this position at time of posting. Actual compensation may vary based on relevant factors such as work experience, market conditions, education/training, and skill level. In addition to base pay, Pepperdine offers a robust and highly competitive benefits package.

Pepperdine is an Equal Employment Opportunity employer and does not unlawfully discriminate on the basis of any status or condition protected by applicable federal, state, or local law.

Qualified individuals should be able to show respect for workplace differences, and have the ability to work effectively with individuals from different backgrounds.

Offers of employment are contingent upon successful completion of a criminal, education, and employment screening. The University conducts such screenings in compliance with applicable laws and with the objectives of evaluating risk and supporting a safe environment for students, faculty, staff, and guests; safeguarding key University assets including people, property, information, and the University’s reputation; and providing comprehensive job-related information to University leaders to enable them to make prudent hiring decisions. Individuals will be required to disclose any criminal convictions on a designated form after receiving a conditional offer of employment; failure to disclose accurate information may result in withdrawal of the offer or termination of employment. Qualified individuals with criminal histories will be considered for employment in compliance with applicable laws, including the Los Angeles County Fair Chance Ordinance.