Staff - Non Union

Job Category

M&P - AAPS

Job Profile

AAPS Salaried - Information Systems and Technology, Level C

Job Title

Cybersecurity Analyst I, Applications

Department

OCIO | Solutions Security & Architecture

Compensation Range

$6,747.50 - $9,701.42 CAD Monthly

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date

August 26, 2024

Note: Applications will be accepted until 11:59 PM on the Posting End Date.

Job End Date

Sept 2, 2025

At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.

Job Summary

The Cybersecurity Analyst I, Applications contributes to the design, implementation, configuration and ongoing management of application security solutions based on business, security, and privacy needs. The Incumbent monitors and responds to threats and vulnerabilities by implementing protective measures such as web application firewall rules.

A fixed schedule is set for this role but flexibility is required as some work must be performed outside of regular business operating hours. The Incumbent may be required to participate in an on-call rotation schedule. While this position is eligible for remote work, on-campus attendance is required on a weekly basis.

Organizational Status
Reports to the Senior Manager, Solutions Security and Architecture. Works independently and jointly within the Solutions Security and Architecture team. Collaborates with management and staff from all areas of the Chief Information Security Officer portfolio, UBC Information Technology, other administrative and academic offices, and faculties to coordinate application security activities. Interacts directly with other University technology professionals.

Work Performed

- Consults with system owners to understand their application and underlying technical architectures, performs vulnerability, threat and risk analysis to match application security requirements with existing application security solutions.

- Creates implementation plans for the adoption of existing application security solutions to mitigate identified threats, risks, and vulnerabilities.

- Reviews implementation plans with stakeholders, schedules implementations, and collaborates with other teams to execute implementation plans on schedule.

- Performs testing to validate that deployed implementations have effectively mitigated or eliminated identified vulnerabilities, threats, and risks.

- Administers and supports web application firewalls and other application protection tools.

- Reviews application vulnerability reports to identify vulnerabilities that are mitigable with application protection tools.

- Develops, tests, and deploys signatures and rules for implementation in application protection tools to mitigate identified vulnerabilities and respond to new or observed threats.

- Monitors external threat and vulnerability feeds to identify risks directly applicable to applications and application platforms in use by the University.

- Collaborates with other members of the cybersecurity team to implement alerting and event monitoring for centralized application security logs.

- Reviews logs and alerts to monitor application security, and identifies opportunities to enhance application availability, security, and privacy.

- Provides timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguishes these incidents and events from benign activities.

- Notifies designated managers and cybersecurity incident responders of suspected cyber incidents. Articulates the event's history, status, and potential impact for further action in accordance with established response plans.

- Assists with correlation of events using information gathered from various sources to gain situational awareness and determine the effectiveness of an observed attack.

- Documents and escalates incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

- Manages, develops, maintains, and keeps secure the Cybersecurity internal Confidential Communications web service.

- Collaborates with peers/team members to identify, analyze, recommend and implement changes that will improve the security, privacy, and customer experience of existing information systems and application security solutions.

- May work directly with application owners and developers to patch vulnerabilities in applications and systems.

- Conducts testing to ensure solutions meet specifications.

- Documents functions and changes to new or modified application security solutions, tests activities/results, error handling and backup/recovery procedures.

- Maintains inventory of web applications, supporting systems, and implemented threat and vulnerability mitigation solutions.

- Contributes to the gathering, analysis, and review of functional requirements, system features, integration requirements, security requirements, and scalability and performance requirements. Provides input to senior staff on technology recommendations for new and changing application security requirements.

- Investigates and remains current with industry technology trends in the Web Application Security field such as: web application firewalls, web application vulnerability scanners, web application development, web applications middleware, etc.

- Continually expands a working understanding and expertise in the functionality of vendor product(s). Works directly with the vendor's technical support centre in order to resolve product issues.

- Develops and maintains technical documentation, including operational procedures and guides, architectural diagrams, data flow diagrams and knowledge base articles.

- Contributes content to established cybersecurity communication channels for widespread IT consumption.

- Follows appropriate source control and change management methodologies and best practices.

- Participates in project planning and implementation.

- Builds and maintains good working relationships and collaborates with others to achieve cybersecurity and business objectives.

- Maintains up-to-date knowledge of UBC Information Security Standards and provides advice on them when collaborating with other members of the UBC community.

- Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity techniques and tools.

- Performs other related duties as required.

Consequence of Error/Judgement
Effective application security is essential for UBC to deliver secure services to the broad UBC community. Decisions and actions taken by the incumbent will have a direct impact on how secure UBC systems are from attackers, how available they are to the community, and a secondary impact on how UBC systems perform and function. Errors in judgment, poor analysis, or failure to act decisively could have a detrimental effect on the security and availability of these systems. Insecure systems could lead to system downtime or a data breach. In addition to damaging the reputation of Information Technology and UBC, a breach could also adversely impact the University community, including students, faculty, researchers and staff, and could have a significant impact on funding and revenue.

Supervision Received
Works under the general direction of the Senior Manager, Solutions Security and Architecture and may receive direction from senior technical staff as assigned. The Cybersecurity Analyst must be able to work independently as well as contribute actively and collaborate openly as a team member.

Supervision Given
May oversee day to day work on a project basis of less experienced cybersecurity or IT professionals.

Minimum Qualifications
Undergraduate degree in a relevant discipline. Minimum of three years of related experience, or the equivalent combination of education and experience.

- Willingness to respect diverse perspectives, including perspectives in conflict with one’s own

- Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion

Preferred Qualifications

An undergraduate degree is preferred. A minimum of three years of experience, or the equivalent combination of education and experience, is required. Preference will be given to candidates with experience in a large, research-focused, higher-education institution. Preference will also be given to those with experience implementing, supporting, and securing web applications and web application firewalls in an enterprise multi-cloud environment.

Experience with some or all of the following technologies is required: WAF, DNS, linux command line and shell scripting, PHP, WordPress, HTTP, TLS, TCP/IP, JSON, APIs, version control, CI/CD, and x509 certificates. Experience working with BIG-IP LTM/AWAF/APM, LDAP, OAUTH, SAML, SQL, Python, network firewall management, NGINX, Apache HTTP Server, and ServiceNow is an asset. Candidates should have basic knowledge of web application security standards, such as OWASP ASVS, and know how to identify and mitigate web application vulnerabilities. A thorough understanding of cybersecurity fundamentals is necessary.

Knowledge of web and mobile development technologies, frameworks, and application architectures is an asset. Knowledge of past and current desktop and mobile browser standards and cross-platform compatibility, common plugins/helper applications, and related development issues is beneficial. This role demands experience with incident, request, and change management in a large, complex environment. The candidate should be willing to raise security concerns regardless of ownership or potential impact. Managing multiple tasks and priorities effectively, particularly under pressure to meet time-sensitive and mission-critical deadlines, is essential. Initiative-taking is valued but should be balanced with judgement about seeking input, advice from others. The ability to work independently, as part of a team, cross-functionally, collaboratively with staff at all organizational levels is crucial. The Incumbent will identify problems, act to prevent and solve them, and volunteer to undertake tasks that stretch his or her capability.

Competency Proficiency

Collaboration - Takes initiative to actively participate in team interactions. Without waiting to be asked, constructively expresses own point of view or concerns, even when it may be unpopular. Ensures that the limited time available for collaboration adds significant customer value and business results.

Communication for Results - Converses with, and writes to, peers in ways that support transactional and administrative activities. Seeks and shares information and opinions. Explains the immediate context of the situation, asks questions with follow-ups, and solicits advice prior to taking action.

Problem Solving - Investigates defined issues with uncertain cause. Solicits input in gathering data that help identify and differentiate the symptoms and root causes of defined problems. Suggests alternative approaches that meet the needs of the organization, the situation, and those involved. Resolves problems and escalates issues with suggestions for further investigation and options for consideration as required.

Accountability - Checks assumptions about mutual expectations and clarifies standards of overall performance. Checks the scope of responsibilities of self and others. Monitors day-to-day performance and takes corrective action when needed to ensure desired performance is achieved.

Business Process Knowledge - Defines routine, integrated processes. Documents processes using basic formal process charting techniques. Applies process definitions and flows to work performed. Identifies process bottlenecks and contributes suggestions for process improvement.

Information Systems Knowledge - Possesses a basic understanding of the strategy, structures, processes, and procedures of the enterprise in its relationship with the business and its activities. Troubleshoots in response to requests for technical support. Identifies problems and needs. Escalates problems to appropriate technical experts.