Cybersecurity Analyst Tier 3
Not SpecifiedBookmark Details
Job Summary
Information Security Analysts
The University of Utah has an opportunity for a Cybersecurity Analyst Tier 3 (Security Operations Center) to help support our
Information Security and Compliance goals. The Tier 3 SOC analyst is the senior escalation point within the
Security Operations Center, responsible for leading complex investigations while driving detection engineering, automation, and continuous
improvement initiatives. The role blends investigative expertise with technical capabilities to improve detection fidelity, reduce response
times, and strengthen organizational security.
About UIT: University Information Technology (UIT), the central IT service provider for the University of Utah, reports to the U’s Chief Information Officer and
is responsible for many of the U’s shared IT services including the wired and wireless network; Campus Information Services (CIS) portal; UMail, telephone, and online collaboration; digital learning technologies; information security; software
licensing; and a host of other IT systems and services.
About the University of Utah: Located in Salt Lake City,
the U is the flagship institution of the State of Utah’s system of higher education, home to arts and museum venues and
a member of the BIG-12 Conference. Skiing and
snowboarding opportunities are a short distance from campus, and opportunities to pursue activities from biki
ng to hiking to fishing abound. Salt Lake City is home to the Utah Symphony and Opera, Ballet West, professional sports teams, and a wide range of other cultural and recreational activities.
The department may
choose to hire at any of the below job levels and associated pay rates based on their business need and
budget.
Responsibilities
Incident Response
- Lead the end-to-end incident response
lifecycle, including triage, investigation, containment, eradication, and post-incident analysis across endpoint, network, cloud, and
identity domains. - Serve as the senior escalation point for Tier 2 analysts, providing technical direction and oversight for
complex investigations. - Perform digital forensics to support root cause analysis, adjust security detections to address
identified gaps, and develop post-incident plans of action.
Detection Engineering
- Own detection strategy
and coverage across key threat domains. - Define telemetry requirements in partnership with security engineering and platform
owners. - Lead development of detection standards and quality metrics
- Design and maintain detection logic across SIEM,
EDR, and cloud platforms, ensuring high-fidelity alerting through tuning, enrichment, and correlation of multi-source telemetry. - Identify detection gaps based on relevant cybersecurity threat intelligence and as a function of the incident response lifecycle.
- Design, build, and maintain automation (SOAR) to improve triage, data enrichment, and response efficiency.
- Operationalize threat
hunting and incident findings into scalable detection use cases and playbooks.
Threat Analysis
- Lead
hypothesis-driven threat hunting campaigns informed by threat intelligence, transforming findings into durable detections and response
playbooks. - Conduct proactive threat hunting to detect advanced adversarial activity not detected by existing controls.
- Analyze attacker behavior and map to known tactics, techniques, and procedures (TTP)
- Continuously evaluate detection coverage,
proactively reducing false positives while increasing detection quality.
Leadership
- Assist in mentoring
and developing Tier 1/2 SOC analysts; conducting periodic investigation reviews to ensure quality - Drive improvement in SOC
processes, workflows, and incident response playbooks. - Produce clear, actionable after-action reports and executive-ready
summaries for findings. - Partner with internal IT teams to improve logging, telemetry, and observability across the environment.
Minimum Qualifications
EQUIVALENCY STATEMENT: 1 year of higher education can be substituted for 1 year
of directly related work experience (Example: bachelor’s degree = 4 years of directly related work experience).
Department may
hire employee at one of the following job levels:
Information Security Analyst, IV: Requires a bachelor’s (or
equivalency) + 8 years or a master’s (or equivalency) + 6 years of directly related work experience.
Information Security
Analyst, V: Requires a bachelor’s (or equivalency) + 10 years or a master’s (or equivalency) + 8 years of directly related work
experience.
Information Security Analyst, VI: Requires a bachelor’s (or equivalency) + 12 years or a master’s (or
equivalency) + 10 years of directly related work experience.
Information Security Analyst, VII: Requires a bachelor’s
(or equivalency) + 14 years or a master’s (or equivalency) + 12 years of directly related work experience.
Preferences
Strong operational security background
- Experience conducting hands-on analysis of large volumes of logs, network data, and other
attack artifacts during incident investigations - Extensive experience leveraging SIEM and SOAR platforms to analyze diverse log
types and events across multiple data sources, applying behavioral, statistical, and machine learning techniques to detect and respond to
advanced threats - Strong understanding of the network threat lifecycle, attack vectors, and exploitation methods, including
attacker tactics, techniques, and procedures (TTPs) - Experience monitoring, defending, and administering cloud environments (e.g.,
AWS, Azure, GCP), including the use of cloud-native security tools and strategies to protect data, as well as identifying and mitigating
cloud-specific threats - Proficiency in scripting and programming
Special Instructions
Requisition
Number: PRN45436B
Full Time or Part Time? Full Time
Work Schedule Summary: Monday – Friday, 9 a.m. – 5 p.m. with on
call responsibilities for after hours, weekend, holidays, etc.
Department: 00954 – UIT Systems & Security
Location:
Campus
Pay Rate Range: $100,000 to $195,795
Close Date: 7/6/2026
Open Until Filled:
To apply, visit
https://utah.peopleadmin.com/postings/204073
jeid-6a2166fded5b434d8427b7f8c44af209
Share
Facebook
X
LinkedIn
Telegram
Tumblr
Whatsapp
VK
Bluesky
Threads
Mail