Announcement

Details

Open Date
06/23/2026

Requisition Number
PRN45436B

Job Title
Information Security Analysts

Working Title
Cybersecurity Analyst Tier 3

Career Progression Track
P00

Track Level
P7 - Senior Principal, P6 - Principal, P5 - Expert, P4 - Advanced

FLSA Code
Computer Employee

Patient Sensitive Job Code?
No

Standard Hours per Week
40

Full Time or Part Time?
Full Time

Shift
Day

Work Schedule Summary

Monday - Friday, 9 a.m. - 5 p.m. with on call responsibilities for after hours, weekend, holidays, etc.

VP Area
President

Department
00954 - UIT Systems & Security

Location
Campus

City
Salt Lake City, UT

Type of Recruitment
External Posting

Pay Rate Range
$100,000 to $195,795

Close Date
07/06/2026

Priority Review Date (Note - Posting may close at any time)

Job Summary

Information Security Analysts

The University of Utah has an opportunity for a Cybersecurity Analyst Tier 3 (Security Operations Center) to help support our Information Security and Compliance goals. The Tier 3 SOC analyst is the senior escalation point within the Security Operations Center, responsible for leading complex investigations while driving detection engineering, automation, and continuous improvement initiatives. The role blends investigative expertise with technical capabilities to improve detection fidelity, reduce response times, and strengthen organizational security.

The department may choose to hire at any of the below job levels and associated pay rates based on their business need and budget.

Responsibilities

Incident Response
- Lead the end-to-end incident response lifecycle, including triage, investigation, containment, eradication, and post-incident analysis across endpoint, network, cloud, and identity domains.
- Serve as the senior escalation point for Tier 2 analysts, providing technical direction and oversight for complex investigations.
- Perform digital forensics to support root cause analysis, adjust security detections to address identified gaps, and develop post-incident plans of action.

Detection Engineering
- Own detection strategy and coverage across key threat domains.
- Define telemetry requirements in partnership with security engineering and platform owners.
- Lead development of detection standards and quality metrics
- Design and maintain detection logic across SIEM, EDR, and cloud platforms, ensuring high-fidelity alerting through tuning, enrichment, and correlation of multi-source telemetry.
- Identify detection gaps based on relevant cybersecurity threat intelligence and as a function of the incident response lifecycle.
- Design, build, and maintain automation (SOAR) to improve triage, data enrichment, and response efficiency.
- Operationalize threat hunting and incident findings into scalable detection use cases and playbooks.

Threat Analysis
- Lead hypothesis-driven threat hunting campaigns informed by threat intelligence, transforming findings into durable detections and response playbooks.
- Conduct proactive threat hunting to detect advanced adversarial activity not detected by existing controls.
- Analyze attacker behavior and map to known tactics, techniques, and procedures (TTP)
- Continuously evaluate detection coverage, proactively reducing false positives while increasing detection quality.

Leadership
- Assist in mentoring and developing Tier 1/2 SOC analysts; conducting periodic investigation reviews to ensure quality
- Drive improvement in SOC processes, workflows, and incident response playbooks.
- Produce clear, actionable after-action reports and executive-ready summaries for findings.
- Partner with internal IT teams to improve logging, telemetry, and observability across the environment.

Minimum Qualifications

EQUIVALENCY STATEMENT: 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor's degree = 4 years of directly related work experience).

Department may hire employee at one of the following job levels:

Information Security Analyst, IV: Requires a bachelor's (or equivalency) + 8 years or a master's (or equivalency) + 6 years of directly related work experience.

Information Security Analyst, V: Requires a bachelor's (or equivalency) + 10 years or a master's (or equivalency) + 8 years of directly related work experience.

Information Security Analyst, VI: Requires a bachelor's (or equivalency) + 12 years or a master's (or equivalency) + 10 years of directly related work experience.

Information Security Analyst, VII: Requires a bachelor's (or equivalency) + 14 years or a master's (or equivalency) + 12 years of directly related work experience.

Preferences
• Strong operational security background
* Experience conducting hands-on analysis of large volumes of logs, network data, and other attack artifacts during incident investigations
* Extensive experience leveraging SIEM and SOAR platforms to analyze diverse log types and events across multiple data sources, applying behavioral, statistical, and machine learning techniques to detect and respond to advanced threats
* Strong understanding of the network threat lifecycle, attack vectors, and exploitation methods, including attacker tactics, techniques, and procedures (TTPs)
* Experience monitoring, defending, and administering cloud environments (e.g., AWS, Azure, GCP), including the use of cloud-native security tools and strategies to protect data, as well as identifying and mitigating cloud-specific threats
* Proficiency in scripting and programming

Type
Benefited Staff

Special Instructions Summary

Additional Information

The University is a participating employer with Utah Retirement Systems ("URS"). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at (801) 581-7447 for information. Individuals who previously retired and are receiving monthly retirement benefits from URS are subject to URS' post-retirement rules and restrictions. Please contact Utah Retirement Systems at (801) 366-7770 or (800) 695-4877 or University Human Resource Management at (801) 581-7447 if you have questions regarding the post-retirement rules.

This position may require the successful completion of a criminal background check and/or drug screen.

As per University of Utah policy 5-108: Transfer of Benefits Eligible Staff Members, a new hire to the University of Utah who is still serving a 12 month probationary period will not be hired into another University of Utah job (a transfer) until the successful completion of the probationary period.