Career Center

Reporting to the organization's Chief Information Security Officer, the Sr. Information Security Operations Engineer supports the overall vision of the Keck Medicine's Information Security Program. The Sr. Information Security Operations Engineer is a skilled IT professional who uses his/her deep knowledge of information security and a risk-based approach to identify vulnerabilities within Keck Medicine's IT environments and to recommend improvement opportunities. The Sr. Information Security Operations Engineer conducts independent comprehensive assessments of the physical, administrative, and technical security controls employed within Keck Medicine's IT systems to determine their overall effectiveness. She/he develops detailed plans for conducting penetration tests (red/blue/purple team) and exercises through collaboration with other engineers, operators, and analysts. She/he participates in targeting selection, validation, synchronization, and execution of cyber operation activities. The Sr. Information Security Operations Engineer serves as the primary liaison between the enterprise IT engineering teams and the systems security engineering teams to coordinate security control improvements based on assessed vulnerabilities. She/he works in close coordination with the CISO on security-related issues, including assessing the severity of weaknesses and deficiencies in IT systems, creating and tracking plans of action and milestones, designing risk mitigation approaches, and advising on potential adverse effects of identified vulnerabilities. NICE Specialty Areas: SP-RSK-002, PR-VAM-001, AN-EXP-001, CO-OPS-001

Essential Duties:•Knowledge of IT concepts and protocols such as physical computing components, operating systems, administration, and networking.•Knowledge of security controls related to the use, processing, storage, and transmission of data.•Knowledge of cyber threats and vulnerabilities.•Knowledge of cryptography and cryptographic key management concepts.•Knowledge of penetration testing principles, tools, and techniques.•Knowledge of application security risk assessments (e.g. Open Web Application Security Project Top 10 list).•Skill in generating and execution of penetration test operation plans in support of task objectives.•Skill in auditing network security devices, such as firewalls, routers, and intrusion detection systems.•Skill in conducting vulnerability scans, assessing vulnerability results, and recognizing vulnerabilities in IT or security systems.•Skill in reading, interpreting, writing, modifying, and executing scripts (e.g., Python, PERL, PS) on Windows and Linux systems used to aid in penetration testing or to analyze resulting data.•Skill in the use of penetration testing tools, techniques, and procedures to exploit and establish persistence on a target.•Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).•Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.•Ability to identify/describe techniques/methods for conducting technical exploitation of targets.•Ability to perform security operations tactics, techniques, and procedures for exploitation purposes.•Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.•Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.•Strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision.Minimum Education:•High school or equivalentMinimum Experience/Knowledge:•Req Bachelor's degree•Pref Master's degree Computer Science, Healthcare or Business•Req 10 years In an IT role, Information Security preferred. Experience leading project teams and driving change within an organization.•Req 7 years In a security operations role with strong emphasis on risk assessment and management (Healthcare and/or Academic industry preferred).•Pref Project Management experienceRequired License/Certification:•Fire Life Safety Training (LA City) If no card upon hire, one must be obtained within 30 days of hire and maintained by renewal before expiration date. (Required within LA City only)Salary Range:The annual base salary range for this position is $110,240.00- $181,896.00. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

Return to Search Results