Location: Eugene, OR
Categories: Information Technology, Computer and Information Science, Data Science

Department: Information Services
Appointment Type and Duration: Regular, Ongoing
Salary: $72,000 – $82,000 per year
Compensation Band: OS-OA08-Fiscal Year 2022-2023
FTE: 1.0

Hybrid eligible

Application Review Begins
June 6, 2023; open until filled

Special Instructions to Applicants
In addition to your online application, please include:
1) A current resume
2) A cover letter that clearly articulates how your skills and experience make you an ideal candidate for this position. Please elaborate on how you meet minimum qualifications and provide details on any preferred qualifications that you meet.

All applications must be submitted here, https://careers.uoregon.edu/en-us/job/531772/threat-intelligence-analyst

Department Summary
Information Services (IS) is the central information technology unit at the University of Oregon and provides wide ranging services to campus. Information Services consists of four major functional areas: Customer Experience, which serves as the key contact point for interactions with campus clients and customers; Applications & Middleware, which manages and supports applications, integration services, identity management and data management; Information Security, which helps protect virtual or physical information; and Technology Infrastructure, which provides administration and support for the software, hardware, and services needed to support the campus IT environment. Information Services also includes the Advanced Network Technology Center. IS works closely with Link Oregon, the high-speed fiber broadband provider for Oregon’s public and non-profit sectors.

Established in 1876, the University of Oregon offers a breadth and depth of curricula with more than 270 academic programs and provides the opportunity to work at a respected research university with a strong holistic, liberal arts foundation. The UO also has a history of political and social involvement that embraces diverse beliefs, cultures, and values, and it is committed to environmental responsibility.

The university is also proud of the Phil and Penny Knight Campus for Accelerating Scientific Impact, an initiative specifically designed to fast-track scientific discoveries and the process of turning those discoveries into innovations that improve the quality of life for people in Oregon, the nation and beyond. Information Services collaborates with Research and Innovation and our schools and colleges to support the research, teaching, and learning mission of the university.

Eugene is the home of the University of Oregon’s main campus. Located in the lush Willamette Valley, Eugene is well-known for outdoor pursuits like running, cycling, rafting, and fishing, as well as arts, music, crafts, brewing, wine-making, and community-supported agriculture. With branches in Portland and on the Oregon coast, the UO is deeply connected to Oregon’s natural and cultural treasures.

Position Summary
Reporting to the Cybersecurity Operations Center Manager, the Threat Intelligence Analyst is a member of the Information Security Office (ISO) team. This is a technical position, responsible for developing indicators of threat or compromise in an evolving threat landscape, collecting threat data, and processing the data to provide actionable intelligence, developing, and publishing daily watch briefs from information and reports collected from vendors and other threat intelligence sources detailing their impact on the university environment and necessary actions to maintain a secure environment.

The Threat Intelligence Analyst will maintain a clear understanding of the research, academic, and operational needs of the university, including its infrastructure, assets, identities, and associated risks. This will involve working with IT staff, service owners and other members of the university community to define and prioritize cyber threat indicators relevant to our environment and staying up to date with the evolving IT environment and emerging threats. In addition, maintaining an overview of the overall threat landscape will allow the position to provide high level situational awareness and warnings about emergent threats.

This position uses threat indicators and data sources (logs, alerts, etc.) from both internal and external sources to develop monitoring and alert strategies. As part of the ISO team, the person in this role will collaborate with other members of the team to tailor our vulnerability management program, help prioritize actions, advise system owners, and contribute their expertise during incidents.

This position requires superior people and “soft” skills, like empathy, tact, flexibility, and collaboration. Woven through these responsibilities and duties is the need for effective oral and written communication skills to successfully interact with the diverse range of stakeholders at the university. The array of tasks performed by this position requires good organization, the ability to work independently, and to manage multiple, and sometimes competing, priorities.

Essential Personnel
This position may provide essential services during times of emergencies and inclement weather. This position may be required to fulfill essential services and functions during these times. The incumbent will be part of an on-call rotation and may be expected to work after hours and/or weekends.

Minimum Requirements
• Bachelor’s degree from an accredited college or university or demonstrated equivalent skills and experience
• Three years of experience working in an IT position with significant information security responsibilities; this may include responsibilities as a security professional or as an IT administrator (e.g., network, systems, application, or cloud administrator) with significant experience implementing or supporting security controls. An advanced degree (Master’s) may be substituted for one year of experience.
• Demonstrated expertise in two or more of the following IT Security domains: Data Security, Digital Forensics, Incident Response and Analysis, IT Systems and Operations, Network Security, Systems and Applications Security, Vulnerability Management, Penetration Testing, or Cloud Security.

Professional Competencies
• Ability to work effectively with faculty, staff, and students from a variety of diverse backgrounds
• Ability to research and resolve problems
• Ability to adapt within a rapidly changing technical environment
• Excellent verbal and written communication skills, including the ability to explain technical concepts to audiences with a wide range of technical skills
• Ability to work independently as well as in a team-oriented, collaborative environment.

Preferred Qualifications
• One (1) year of experience in an operational information security role.
• Demonstrated experience with anticipating and/or emulating threat capabilities and actions based on knowledge of tactics used by cyber threat actors.
• Demonstrated experience with the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
• Demonstrated experience with cyber intelligence/information collection capabilities and repositories.
• Demonstrated experience with common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
• Demonstrated experience with how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
• Demonstrated experience with the ways in which targets or threats use the Internet.
• Demonstrated experience with what constitutes a “threat” to a network
• Working knowledge of laws, regulations and standards affecting information technology security in a higher education environment, including, but not limited to, PCI-DSS, HIPAA, NIST special publications, FERPA, and DMCA.
• Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISSP, SSCP, CSA+, CASP, GESC, GCIA, CEH).

FLSA Exempt: Yes