Cybersecurity Analyst II, Applications

Job Category

Job Profile

Job Title

Department

Compensation Range

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date

Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.

Job End Date

At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.

Job Summary

The Cybersecurity Analyst II, Applications is responsible for the design, implementation, configuration, automation, and ongoing management of application security solutions based on business, security, and privacy needs. The Incumbent monitors and responds to threats and vulnerabilities by implementing protective measures using existing solutions, and making recommendations on new application protection solutions.

A fixed schedule is set for this role but flexibility is required as some work must be performed outside of regular business operating hours. The Incumbent may be required to participate in an on-call rotation schedule. While this position is eligible for remote work, on-campus attendance is required on a weekly basis.

Organizational Status
Reports to the Senior Manager, Solutions Security and Architecture. Works independently and jointly within the Solutions Security and Architecture team. Collaborates with management and staff from all areas of the Chief Information Security Officer portfolio, UBC Information Technology, other administrative and academic offices, and faculties to coordinate application security activities. Interacts directly with other University technology professionals.

Work Performed

Consequence of Error/Judgement

Effective application security is essential for UBC to deliver secure services to the broad UBC community. Decisions and actions taken by the incumbent will have a direct impact on how quickly the Cybersecurity team can respond to a rapidly changing application threat landscape, how secure UBC systems are from attackers, how available they are to the community, and a secondary impact on how UBC systems perform and function. Errors in judgment, poor analysis, or failure to act decisively could have a detrimental effect on the security and availability of these systems. Insecure systems could lead to system downtime or a data breach. In addition to damaging the reputation of Information Technology and UBC, a breach could also adversely impact the University community, including students, faculty, researchers and staff, and could have a significant impact on funding and revenue.

Supervision Received
Works under the general direction of the Senior Manager, Solutions Security and Architecture and may receive direction from senior technical staff as assigned. The Cybersecurity Analyst II must be able to work independently as well as contribute actively and collaborate openly as a team member

Supervision Given
Acts as a mentor to other less experienced members of the team and may oversee day-to-day work of other cybersecurity or IT professionals on a project basis.

Qualifications

Undergraduate degree in a relevant discipline. In-depth knowledge of applications and the business requirements supporting them. Minimum of five years of related experience, or the equivalent combination of education and experience. Preference will be given to candidates with cybersecurity experience in a large, research-focused, higher-education institution. Candidates must have advanced experience implementing, supporting, automating, and securing web applications and web application firewalls in an enterprise multi-cloud environment. Candidates should possess cybersecurity industry certifications from recognized bodies such as ISC2, ISACA, GIAC, or EC-Council.

Advanced expertise with some or all of the following technologies is required: BIG-IP LTM/AWAF/APM, DNS, linux command line and shell scripting, HTTP, TLS, TCP/IP, JSON, APIs, version control, CI/CD, and x509 certificates. Experience working with LDAP, OAUTH, SAML, SQL, PHP, Python, network firewall management, NGINX, Apache HTTP Server, and ServiceNow is an asset. Candidates must have advanced knowledge of web application security standards, such as OWASP ASVS, and know how to identify and mitigate web application vulnerabilities. A thorough understanding of cybersecurity fundamentals is required.

Knowledge of web and mobile development technologies, frameworks, and application architectures is required. Knowledge of past and current desktop and mobile browser standards and cross-platform compatibility, common plugins/helper applications, and related development issues are also required.

Experience with incident, request, and change management in a large, complex environment is required. The Incumbent is accountable for raising security concerns regardless of ownership or potential impact.

The Incumbent will demonstrate an ability to manage multiple tasks and priorities effectively, particularly under pressure to meet time-sensitive and mission-critical deadlines. Initiative-taking is valued but should be balanced with judgement about seeking input, advice from others. The Incumbent will display aptitude in seeking out new challenges, taking calculated risks, and persisting in the face of obstacles, as well as in managing resources, team support, and technical requirements to ensure success.

The ability to work independently, as part of a team, cross-functionally, collaboratively with staff at all organizational levels is crucial.

COMPETENCY PROFICIENCY

Collaboration - Actively solicits ideas and opinions from others to efficiently and effectively accomplish specific objectives targeted at defined business outcomes. Openly encourages other team members to voice their ideas and concerns. Shows respect for differences and diversity, and disagrees without personalizing issues. Utilizes strengths of team members to achieve optimal performance.

Communication for Results - Conducts discussions with and writes memoranda to all levels of colleagues and peer groups in ways that support troubleshooting and problem solving. Seeks and shares relevant information, opinions, and judgments. Handles conflict empathetically. Explains the context of interrelated situations, asks probing questions, and solicits multiple sources of advice prior to taking action when appropriate.

Problem Solving - Applies problem-solving methodologies and tools to diagnose and solve operational and interpersonal problems. Determines the potential causes of the problem and devises testing methodologies for validation. Shows empathy and objectivity toward individuals involved in the issue. Analyzes multiple alternatives, risks, and benefits for a range of potential solutions. Recommends resource requirements and collaborates with impacted stakeholders.

Accountability - Sets objectives that meet organizational needs. Provides recommendations to individuals and teams on ways to improve performance and meet defined objectives. Monitors and provides feedback on individual and team performance against defined standards.

Business Process Knowledge - Defines routine, integrated processes. Documents processes using basic formal process charting techniques. Applies process definitions and flows to work performed. Identifies process bottlenecks and contributes suggestions for process improvement.

Information Systems Knowledge - Resolves escalated problems of technical support. Identifies root causes. Sets up and integrates new and enhanced information systems. Identifies customer needs and determines the appropriate approach to apply and ensure resolution. Solicits the input of appropriate technical experts and managers as required.