Information Security Analysts

Announcement

Details

Open Date
06/23/2026

Requisition Number
PRN45436B

Job Title
Information Security Analysts

Working Title
Cybersecurity Analyst Tier 3

Career Progression Track
P00

Track Level
P7 - Senior Principal, P6 - Principal, P5 - Expert, P4 - Advanced

FLSA Code
Computer Employee

Patient Sensitive Job Code?
No

Standard Hours per Week
40

Full Time or Part Time?
Full Time

Shift
Day

Work Schedule Summary

Monday - Friday, 9 a.m. - 5 p.m. with on call responsibilities for after hours, weekend, holidays, etc.

VP Area
President

Department
00954 - UIT Systems & Security

Location
Campus

City
Salt Lake City, UT

Type of Recruitment
External Posting

Pay Rate Range
$100,000 to $195,795

Close Date
07/06/2026

Priority Review Date (Note - Posting may close at any time)

Job Summary

Information Security Analysts

The University of Utah has an opportunity for a Cybersecurity Analyst Tier 3 (Security Operations Center) to help support our Information Security and Compliance goals. The Tier 3 SOC analyst is the senior escalation point within the Security Operations Center, responsible for leading complex investigations while driving detection engineering, automation, and continuous improvement initiatives. The role blends investigative expertise with technical capabilities to improve detection fidelity, reduce response times, and strengthen organizational security.

About UIT: University Information Technology (UIT), the central IT service provider for the University of Utah, reports to the U's Chief Information Officer and is responsible for many of the U's shared IT services including the wired and wireless network; Campus Information Services (CIS) portal; UMail, telephone, and online collaboration; digital learning technologies; information security; software licensing; and a host of other IT systems and services.

About the University of Utah: Located in Salt Lake City, the U is the flagship institution of the State of Utah's system of higher education, home to arts and museum venues and a member of the BIG-12 Conference. Skiing and snowboarding opportunities are a short distance from campus, and opportunities to pursue activities from biking to hiking to fishing abound. Salt Lake City is home to the Utah Symphony and Opera, Ballet West, professional sports teams, and a wide range of other cultural and recreational activities.

The department may choose to hire at any of the below job levels and associated pay rates based on their business need and budget.

Responsibilities

Incident Response
- Lead the end-to-end incident response lifecycle, including triage, investigation, containment, eradication, and post-incident analysis across endpoint, network, cloud, and identity domains.
- Serve as the senior escalation point for Tier 2 analysts, providing technical direction and oversight for complex investigations.
- Perform digital forensics to support root cause analysis, adjust security detections to address identified gaps, and develop post-incident plans of action.

Detection Engineering
- Own detection strategy and coverage across key threat domains.
- Define telemetry requirements in partnership with security engineering and platform owners.
- Lead development of detection standards and quality metrics
- Design and maintain detection logic across SIEM, EDR, and cloud platforms, ensuring high-fidelity alerting through tuning, enrichment, and correlation of multi-source telemetry.
- Identify detection gaps based on relevant cybersecurity threat intelligence and as a function of the incident response lifecycle.
- Design, build, and maintain automation (SOAR) to improve triage, data enrichment, and response efficiency.
- Operationalize threat hunting and incident findings into scalable detection use cases and playbooks.

Threat Analysis
- Lead hypothesis-driven threat hunting campaigns informed by threat intelligence, transforming findings into durable detections and response playbooks.
- Conduct proactive threat hunting to detect advanced adversarial activity not detected by existing controls.
- Analyze attacker behavior and map to known tactics, techniques, and procedures (TTP)
- Continuously evaluate detection coverage, proactively reducing false positives while increasing detection quality.

Leadership
- Assist in mentoring and developing Tier 1/2 SOC analysts; conducting periodic investigation reviews to ensure quality
- Drive improvement in SOC processes, workflows, and incident response playbooks.
- Produce clear, actionable after-action reports and executive-ready summaries for findings.
- Partner with internal IT teams to improve logging, telemetry, and observability across the environment.

Minimum Qualifications

EQUIVALENCY STATEMENT: 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor's degree = 4 years of directly related work experience).

Department may hire employee at one of the following job levels:

Information Security Analyst, IV: Requires a bachelor's (or equivalency) + 8 years or a master's (or equivalency) + 6 years of directly related work experience.

Information Security Analyst, V: Requires a bachelor's (or equivalency) + 10 years or a master's (or equivalency) + 8 years of directly related work experience.

Information Security Analyst, VI: Requires a bachelor's (or equivalency) + 12 years or a master's (or equivalency) + 10 years of directly related work experience.

Information Security Analyst, VII: Requires a bachelor's (or equivalency) + 14 years or a master's (or equivalency) + 12 years of directly related work experience.

Preferences
Strong operational security background
* Experience conducting hands-on analysis of large volumes of logs, network data, and other attack artifacts during incident investigations
* Extensive experience leveraging SIEM and SOAR platforms to analyze diverse log types and events across multiple data sources, applying behavioral, statistical, and machine learning techniques to detect and respond to advanced threats
* Strong understanding of the network threat lifecycle, attack vectors, and exploitation methods, including attacker tactics, techniques, and procedures (TTPs)
* Experience monitoring, defending, and administering cloud environments (e.g., AWS, Azure, Google Cloud Platform), including the use of cloud-native security tools and strategies to protect data, as well as identifying and mitigating cloud-specific threats
* Proficiency in scripting and programming

Type
Benefited Staff

Special Instructions Summary

Additional Information

The University is a participating employer with Utah Retirement Systems ("URS"). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at for information. Individuals who previously retired and are receiving monthly retirement benefits from URS are subject to URS' post-retirement rules and restrictions. Please contact Utah Retirement Systems at or or University Human Resource Management at if you have questions regarding the post-retirement rules.

This position may require the successful completion of a criminal background check and/or drug screen.

The University of Utah values candidates who have experience working in settings with students and possess a strong commitment to improving access to higher education.

Veterans' preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities.

Consistent with state and federal law, the University of Utah does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran's status. The University does not discriminate on the basis of sex in the education program or activity that it operates, as required by Title IX and 34 CFR part 106. The requirement not to discriminate in education programs or activities extends to admission and employment. Inquiries about the application of Title IX and its regulations may be referred to the Title IX Coordinator, to the Department of Education, Office for Civil Rights, or both.

To request a reasonable accommodation for a disability or if you or someone you know has experienced discrimination or sexual misconduct including sexual harassment, you may contact the Director/Title IX Coordinator in the Office of Equal Opportunity and Title IX (OEO). More information, including the Director/Title IX Coordinator's office address, electronic mail address, and telephone number can be located at the: University of Utah Non-Discrimination page.

Online reports may be submitted at ;/strong>

;/strong> This report includes statistics about criminal offenses, hate crimes, arrests and referrals for disciplinary action, and Violence Against Women Act offenses. They also provide information about safety and security-related services offered by the University of Utah. A paper copy can be obtained by request at the Department of Public Safety located at 1658 East 500 South.

As per University of Utah policy 5-108: Transfer of Benefits Eligible Staff Members, a new hire to the University of Utah who is still serving a 12 month probationary period will not be hired into another University of Utah job (a transfer) until the successful completion of the probationary period.