Information Security Operations Engineer, Senior - IS Security - Full Time 8 Hour Days (Exempt) (Non-Union)
University of Southern California (USC)
Location: Los Angeles, California
Internal Number: REQ20133138
Reporting to the organization's Chief Information Security Officer, the Sr. Information Security Operations Engineer supports the overall vision of the Keck Medicine's Information Security Program. The Sr. Information Security Operations Engineer is a skilled IT professional who uses his/her deep knowledge of information security and a risk-based approach to identify vulnerabilities within Keck Medicine's IT environments and to recommend improvement opportunities. The Sr. Information Security Operations Engineer conducts independent comprehensive assessments of the physical, administrative, and technical security controls employed within Keck Medicine's IT systems to determine their overall effectiveness. She/he develops detailed plans for conducting penetration tests (red/blue/purple team) and exercises through collaboration with other engineers, operators, and analysts. She/he participates in targeting selection, validation, synchronization, and execution of cyber operation activities. The Sr. Information Security Operations Engineer serves as the primary liaison between the enterprise IT engineering teams and the systems security engineering teams to coordinate security control improvements based on assessed vulnerabilities. She/he works in close coordination with the CISO on security-related issues, including assessing the severity of weaknesses and deficiencies in IT systems, creating and tracking plans of action and milestones, designing risk mitigation approaches, and advising on potential adverse effects of identified vulnerabilities. NICE Specialty Areas: SP-RSK-002, PR-VAM-001, AN-EXP-001, CO-OPS-001
Essential Duties:â¢Knowledge of IT concepts and protocols such as physical computing components, operating systems, administration, and networking.â¢Knowledge of security controls related to the use, processing, storage, and transmission of data.â¢Knowledge of cyber threats and vulnerabilities.â¢Knowledge of cryptography and cryptographic key management concepts.â¢Knowledge of penetration testing principles, tools, and techniques.â¢Knowledge of application security risk assessments (e.g. Open Web Application Security Project Top 10 list).â¢Skill in generating and execution of penetration test operation plans in support of task objectives.â¢Skill in auditing network security devices, such as firewalls, routers, and intrusion detection systems.â¢Skill in conducting vulnerability scans, assessing vulnerability results, and recognizing vulnerabilities in IT or security systems.â¢Skill in reading, interpreting, writing, modifying, and executing scripts (e.g., Python, PERL, PS) on Windows and Linux systems used to aid in penetration testing or to analyze resulting data.â¢Skill in the use of penetration testing tools, techniques, and procedures to exploit and establish persistence on a target.â¢Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).â¢Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.â¢Ability to identify/describe techniques/methods for conducting technical exploitation of targets.â¢Ability to perform security operations tactics, techniques, and procedures for exploitation purposes.â¢Ability to share meaningful insights about the context of an organizationâs threat environment that improve its risk management posture.â¢Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.â¢Strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision.Minimum Education:â¢High school or equivalentMinimum Experience/Knowledge:â¢Req Bachelor's degreeâ¢Pref Master's degree Computer Science, Healthcare or Businessâ¢Req 10 years In an IT role, Information Security preferred. Experience leading project teams and driving change within an organization.â¢Req 7 years In a security operations role with strong emphasis on risk assessment and management (Healthcare and/or Academic industry preferred).â¢Pref Project Management experienceRequired License/Certification:â¢Fire Life Safety Training (LA City) If no card upon hire, one must be obtained within 30 days of hire and maintained by renewal before expiration date. (Required within LA City only)Salary Range:The annual base salary range for this position is $110,240.00- $181,896.00. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidateâs work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.
USC is the leading private research university in Los Angeles—a global center for arts, technology and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations.
As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.