UPEI requires an experienced Cybersecurity Analyst to protect the confidentiality, integrity, and availability of IT assets and data University wide. The Cybersecurity Analyst will be instrumental in the ongoing maturity of cyber security procedures and practices. This role will also be the key contact for UPEI (ECN PEI) with regional and national organizations that support cybersecurity initiatives and programs for the higher educational sector.

RESPONSIBILITIES:

UPEI ITSS (Information Technology Systems and Services) is responsible for the establishment of and assessment against Information Security architecture policies, standard, and guidelines to ensure that systems are designed, built, implemented, and integrated in a manner that minimizes security and compliance risk while ensuring UPEI’s organizational needs are met. The Cyber Security Analyst’s primary mandate is to protect the confidentiality, integrity, and availability of IT assets and date University wide.

• Operational administration and maintenance of the university’s IT security applications and plans
• Performs daily system monitoring of computer systems and networks for issues
• Investigates suspected security issues, identifies root cause, and determines if caused by security breach or another incident. Performs initial assessment of exposure scope
• Monitors email gateways and responds to ‘phishing’ emails and ‘pharming’ activity. Provides advice and guidance to staff on issues such as spam and unwanted or malicious emails
• Works independently, with the ITSS team, or with clients and stakeholders, to install security components to protect systems, and information infrastructure, including anti-malware agents, monitoring, and other programs
• Conducts security assessments, including testing of processes, system and application vulnerability testing and risk analysis. Identifies potential weaknesses and offer recommendations to remediate vulnerabilities to the ITSS Manager of Network and Infrastructure Solutions
• Provides first level troubleshooting and resolution for security systems including end point security software, third party security systems/applications and cross functional issues requiring collaboration
• Performs operational administration of various security application including WAF,SIEM, SCCM, SCOM, Email Gateway, Endpoint Anti-Malware, Firewall and IDS (Intrusion Detection System)
• Works with ITSS management, system and network administrators, and process owners to remediate security issues and document security incidents

Operational Tasks

• Change and configuration management
• Upgrades, patches, performance, and usage issues
• Documentation of processes including countermeasures or mitigating controls
• Disaster planning and business continuity

Communication Tasks

• Assists with the creation, maintenance, and delivery of cyber security awareness training
• Develops security awareness by providing orientation, educational programs, and ongoing communication
• Prepares written technical documentation for processes, procedures, and standards
• Collaborates with other departmental staff regarding cross-functional processes, procedures, and standards
• Assists various internal UPEI client communities with security related questions, issues, and problems
• Liaises with internal UPEI clients to maintain and improve security on a variety of business systems, application, processes, and procedures
• Actively participate and represent UPEI (ECN PEI) with organizations such as CUCCIO, CANARIE, ECN, and implement initiatives and programs in which UPEI has agreed to participate

QUALIFICATIONS:

• Undergraduate degree in Computer Science, Information Systems, or a related field
• Certifications such as CISSP, Security+, or GSEC (GIAC Security Essentials); from ISACA, ISC2, or similar body or an agreement to become certified in the first 9 months of the position
• Information Technology recognized training (e.g., OFFSEC, SANS, security vendor) would be an asset
• Minimum 5 years’ experience in Information Technology with at least 3 years’ experience working with security applications. Demonstrated knowledge of IT security principles, practices, technologies, and procedures
• Operational experience with the following: Security Event Monitoring (SIEM), enterprise endpoint management, Web Application Firewalls (WAF), endpoint anti-malware, DLP and HIPS, Intrusion Prevention IDP (Identity Provider) firewall management
• Demonstrated expertise in the following: Linux administration, Microsoft server administration, networking technologies, Active Directory/LDAP
• Demonstrated understanding of the following: technical capability of security components, vulnerability assessment, authentication techniques, security attack pathologies, risk assessment procedures, IT auditing practices
• Understanding of the cyber security risks associated with various technologies and ways to protect
• A working knowledge of various security technologies such as network and application firewalls, host intrusion and prevention and anti-virus
• Excellent IT skills, including a passion for cybersecurity, knowledge of computer networks, operating systems, software, hardware, and security
• Ability to work as part of a team and to build strong relationships with staff and other relevant individuals
• Excellent written communication skills, technical report writing is an asset.
• Time-management and organizational skills to manage a variety of tasks, prioritize workload and meet deadlines
• Excellent attention to detail, analytical skills, and an ability to analyze complex technical information to identify patterns and trends
• Ability to work under pressure, particularly when dealing with threats and at times of high demand