IT Security Analyst

About The Position

Requirements

• Bachelor's degree in a related area and/or equivalent experience/training.
• 5+ years of relevant progressive experience
• 1 or more years of experience in a dedicated eDiscovery role where the candidate is searching, collecting, and producing data for eDiscovery and investigation purposes or similar/related experience.
• Enterprise IT: Distributed system technologies, load balancers, storage systems, enterprise email systems, web applications, cloud services, virtualization technologies, enterprise networking systems, enterprise firewalls
• Substantial experience with eDiscovery data collections, searching, exporting, tracking, quality assurance, and presentation
• Substantial experience in creating productions and exports for delivery to clients
• Substantial experience with performing or coordinating electronic and forensic collections and internal investigations.
• Substantial experience with tracking and maintaining legal preservation, including the custodians, physical/electronic preservation collections, legal holds, and associated processes.
• Skilled at reading and interpreting security logs as well as analyzing and correlating logs for evidence of security breaches.
• Knowledge of the Cyber Kill Chain and the ability to recognize mitigations and containment steps at each stage of an attack
• Experience using IT security systems and tools such as SIEM, syslog, network threat detection, and malware analysis.
• Demonstrated skills applying security controls to computer software and hardware.
• Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.
• Knowledge of computer enterprise hardware, software, cloud, and network security issues, architectures, and approaches.
• Ability to clearly and completely summarize a security event, directed investigation steps, and potential risk to the organization
• Ability to follow department processes and procedures.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
• Detail-oriented recording of investigation notes, correlation logic, and determination of compromise
• Knowledge of other areas of IT, department processes, and procedures.
• Understanding of privacy and legal issues in a regulated higher-education healthcare environment
• Understanding of industry trends and threats
• Strong interpersonal communication to work with colleagues and customers who have a wide range of technical skills and knowledge
• OS: Windows, Unix, OSX, VMWare
• Office: MS Suite
• Security Tools: enterprise scale signature based host security suites, network vulnerability scanning, web application vulnerability scanning, host intrusion detection systems, system monitoring, system information and event management logging, network based malware sandbox threat detection, IDS/IPS, enterprise firewalling
• Forensic Tools: Forensic Case Management, eDiscovery Tools, Disk Forensic Tools, Memory Forensic Tools, Forensic Image Mounting, Forensic Imaging Tools

Nice To Haves

• Certifications: CEDS - Certified eDiscovery Specialist
• EnCE - EnCase Certified Examiner
• Relevant security certifications (GCIH, GCIA, GCED, CISSP, OSCP, CCSP, CCSK, or other GIAC)

Responsibilities

• Perform and monitor standard electronic discovery (eDiscovery) processing and litigation functions, including data import/ingestion, export, job quality control, and case database administration.
• Track eDiscovery data and electronically stored information (ESI) workflows and quality control according to standard operating procedures.
• Consult with UCSF Legal Affairs and UC Legal to evaluate and recommend standardized procedures relating to the Electronic Discovery Reference Model (EDRM): identifying, preserving, collecting, processing, analyzing, reviewing, producing, and presenting ESI and paper documents.
• Incident response activities such as event and incident monitoring, threat detection and data correlation, and incident response actions using a wide range of security monitoring tools.
• Collecting potential breach evidence, participating in network and host forensic analysis, and following up with incident remediation activities.
• Maintain eDiscovery processes and templates, coordinate with other process owners across the organization, and create or update documentation, and provide training.
• Work with client law firms and their clients to obtain data for ingestion, including through the use of SFTP, Box, Dropbox, etc., that can be ingested and processed while maintaining chain of custody.
• Perform or coordinate electronic and forensic collections and internal investigations.
• Track data acquisition from internal and external resources and verify data integrity.
• Track and manage eDiscovery requests by outside counsel law firms to completion.
• Create productions and exports for delivery to clients.
• Identifying abnormal network traffic and system activities.
• Correlating data across multiple systems and tools in order to identify the likelihood of compromise.
• Presenting to non-IT UCSF departments including Privacy, Legal, and Risk.
• Author incident summaries, provide remediation recommendations, and have the ability to state a probability of compromise risk level to these non-IT teams.
• Monitor, detect, report, and remediate threats to the UCSF infrastructure, its assets, and its data.
• Detailed analysis of alerts and potential threats as well as data correlation and corroboration across a variety of network and host monitoring and threat detection tools.
• Clearly documenting the event, threat, and IR actions taken and/or recommended.
• Leading security incident investigations requiring task delegation and follow-up with junior team members.