Address
Form of workPosition Details
Position Information
Department
Univ Info & Tech Admin (JIS)
Position Title
Analyst-IT Systems
Job Title
Vulnerability and Configuration Analyst
Appointment Type
Professional Faculty
Job Location
Corvallis
Benefits Eligible
Full-Time, benefits eligible
Job Summary
University Information and Technology is seeking a Vulnerability and Configuration Analyst. This is a full-time (1.00 FTE), 12-month, professional faculty position.
As a division within the Office of Information Security, Governance, Risk, and Compliance (GRC) provides services to ensure the confidentiality, integrity and availability of Oregon State University IT systems, data and information. The Vulnerability and Configuration Analyst reports to the OSU GRC Manager and coordinates the Vulnerability and Configuration Management program(s) for University Information and Technology (UIT) and the Distributed IT units.
The Vulnerability and Configuration Analyst performs a key function for the institution and must exercise judgement and discretion in fulling the role. The Analyst performs the role under the guidance of the GRC Manager and must be able to organize and orchestrate Vulnerability and Configuration data, records, and documentation while working with organizational stakeholders to ensure the timely remediation and proper configuration of organizational information systems. The incumbent will inherit an active vulnerability management portfolio in need of regularization in order to ensure the remediation of vulnerabilities impacting servers, workstations, appliance, and infrastructure equipment. The incumbent will be expected to expand this program to establish standardized organizational configuration baselines for the same range of information systems, while documenting exceptions to approved benchmarks. The Analyst must develop effective relationships with UIT and Distributed IT administrators in order to ensure the success of these two critical programs.
The Analyst's duties will consist of collecting, analyzing, and disseminating vulnerability data; disseminating and reviewing security configuration plans; developing recommendations for remediation or mitigation of unfulfilled security controls relating to vulnerability or configuration; processing requests for exceptions to policy or delays in implementation; and maintaining accurate records of each of these initiatives. This will necessarily involve the development of a strong working knowledge of vulnerabilities impacting OSU information systems, and their recommended remediation.
UIT has a commitment to deliver data as a strategic working asset and to enable data informed decision making across OSU. UIT leaders and staff will lead by example and use data to inform decision making at all levels in the organization. Persons in technology roles are also expected to design systems with data portability in mind and work within enterprise architecture and privacy guidelines to deliver data as a strategic asset to fulfill OSU's missions.
Proactively securing and protecting OSU's digital assets and information systems is crucial to our missions of teaching and learning, research, and outreach and engagement. All OSU IT professionals have a direct responsibility to provision high quality and secure IT systems and services. Persons in technology roles are expected to be responsive to security related actions and requirements, and to collaborate to find secure ways to support the OSU community.
UIT has a deep commitment to and belief in the strength and value of diversity, equity, and inclusion (DEI) both throughout our team and as an intentional and active practice to advance the vision, mission, and strategic efforts of the entire university. As a member of the UIT community, the person in this position is expected to foster and promote the values of DEI and demonstrate a commitment to inclusive excellence in their work.
Why OSU?
Working for Oregon State University is so much more than a job!
Oregon State University is a dynamic community of dreamers, doers, problem-solvers and change-makers. We don't wait for challenges to present themselves - we seek them out and take them on. We welcome students, faculty and staff from every background and perspective into a community where everyone feels seen and heard. We have deep-rooted mindfulness for the natural world and all who depend on it, and together, we apply knowledge, tools and skills to build a better future for all.
FACTS:
• Top 1.4% university in the world
• More research funding than all public universities in Oregon combined
• 1 of 3 land, sea, space and sun grant universities in the U.S.
• 2 campuses, 11 colleges, 12 experiment stations, and Extension programs in all 36 counties
• 7 cultural resource centers that offer education, celebration and belonging for everyone
• 100+ undergraduate degree programs, 80+ graduate degrees plus hundreds of minor options and certificates
• 35k+ students including more than 2.3k international students and 10k students of color
• 217k+ alumni worldwide
• For more interesting facts about OSU visit: https://oregonstate.edu/about
Locations:
Oregon State has a statewide presence with campuses in Corvallis and Bend, the OSU Portland Center and the Hatfield Marine Science Center on the Pacific Coast in Newport.
Oregon State's beautiful, historic and state-of-the-art main campus is located in one of America's best college towns. Corvallis is located close to the Pacific Ocean, the Cascade mountains and Oregon wine country. Nestled in the heart of the Willamette Valley, this beautiful city offers miles of mountain biking and hiking trails, a river perfect for boating or kayaking and an eclectic downtown featuring local cuisine, popular events and performances.
Total Rewards Package:
Oregon State University offers a comprehensive benefits package with benefits eligible positions that is designed to meet the needs of employees and their families including:
• Medical, Dental, Vision and Basic Life. OSU pays 95% of premiums for you and your eligible dependents.
• Free confidential mental health and emotional support services, and counseling resources.
• Retirement savings paid by the university.
• A generous paid leave package, including holidays, vacation and sick leave.
• Tuition reduction benefits for you or your qualifying dependents at OSU or the additional six Oregon Public Universities.
• Robust Work Life programs including Dual Career assistance resources, flexible work arrangements, a Family Resource Center, Affinity Groups and an Employee Assistance Program.
Future and current OSU employees can use the Benefits Calculator to learn more about the full value of the benefits provided at OSU.
Key Responsibilities
40%-VULNERABILITY MANAGEMENT
The Vulnerability and Configuration Analyst will contribute to the University's Protect and Detect functions. Specific tasks include but are not limited to:
40%-CONFIGURATION MANAGEMENT
The Vulnerability and Configuration Analyst will assist the GRC Manager in the development, documentation, and implementation of the University's configuration management program:
15%-ORGANIZATIONAL COORDINATION
The Vulnerability and Configuration Analyst will perform coordinating and administrative activities in support of the University. These activities include but are not limited to:
5%-OTHER DUTIES AS ASSIGNED
What You Will Need
This position is designated as a critical or security-sensitive position; therefore, the incumbent must successfully complete a criminal history check and be determined to be position qualified as per OSU Standard 576-055-0000 et seq. Incumbents are required to self-report convictions and those in youth programs may have additional criminal history checks every 24 months.
What We Would Like You to Have
Working Conditions / Work Schedule
Working conditions are typically performed in an office space. Occasional evening and weekend work may be required. The ability to lift items of up to 25 pounds may be required.
Pay Method
Salary
Pay Period
1st through the last day of the month
Pay Date
Last working day of the month
Recommended Full-Time Salary Range
$60,288-$105,420
Link to Position Description
https://jobs.oregonstate.edu/position_descriptions/146736
Posting Detail Information
Posting Number
P07631UF
Number of Vacancies
1
Anticipated Appointment Begin Date
02/12/2024
Anticipated Appointment End Date
Posting Date
12/21/2023
Full Consideration Date
Closing Date
01/12/2024
Indicate how you intend to recruit for this search
Competitive / External - open to ALL qualified applicants
Special Instructions to Applicants
When applying you will be required to attach the following electronic documents:
1) A resume/CV; and
2) A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses and telephone numbers as part of the application process.
For additional information please contact: Tom Ordeman at tom.ordeman@oregonstate.edu
OSU commits to inclusive excellence by advancing equity and diversity in all that we do. We are an Affirmative Action/Equal Opportunity employer, and particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive com...
Position Information
Department
Univ Info & Tech Admin (JIS)
Position Title
Analyst-IT Systems
Job Title
Vulnerability and Configuration Analyst
Appointment Type
Professional Faculty
Job Location
Corvallis
Benefits Eligible
Full-Time, benefits eligible
Job Summary
University Information and Technology is seeking a Vulnerability and Configuration Analyst. This is a full-time (1.00 FTE), 12-month, professional faculty position.
As a division within the Office of Information Security, Governance, Risk, and Compliance (GRC) provides services to ensure the confidentiality, integrity and availability of Oregon State University IT systems, data and information. The Vulnerability and Configuration Analyst reports to the OSU GRC Manager and coordinates the Vulnerability and Configuration Management program(s) for University Information and Technology (UIT) and the Distributed IT units.
The Vulnerability and Configuration Analyst performs a key function for the institution and must exercise judgement and discretion in fulling the role. The Analyst performs the role under the guidance of the GRC Manager and must be able to organize and orchestrate Vulnerability and Configuration data, records, and documentation while working with organizational stakeholders to ensure the timely remediation and proper configuration of organizational information systems. The incumbent will inherit an active vulnerability management portfolio in need of regularization in order to ensure the remediation of vulnerabilities impacting servers, workstations, appliance, and infrastructure equipment. The incumbent will be expected to expand this program to establish standardized organizational configuration baselines for the same range of information systems, while documenting exceptions to approved benchmarks. The Analyst must develop effective relationships with UIT and Distributed IT administrators in order to ensure the success of these two critical programs.
The Analyst's duties will consist of collecting, analyzing, and disseminating vulnerability data; disseminating and reviewing security configuration plans; developing recommendations for remediation or mitigation of unfulfilled security controls relating to vulnerability or configuration; processing requests for exceptions to policy or delays in implementation; and maintaining accurate records of each of these initiatives. This will necessarily involve the development of a strong working knowledge of vulnerabilities impacting OSU information systems, and their recommended remediation.
UIT has a commitment to deliver data as a strategic working asset and to enable data informed decision making across OSU. UIT leaders and staff will lead by example and use data to inform decision making at all levels in the organization. Persons in technology roles are also expected to design systems with data portability in mind and work within enterprise architecture and privacy guidelines to deliver data as a strategic asset to fulfill OSU's missions.
Proactively securing and protecting OSU's digital assets and information systems is crucial to our missions of teaching and learning, research, and outreach and engagement. All OSU IT professionals have a direct responsibility to provision high quality and secure IT systems and services. Persons in technology roles are expected to be responsive to security related actions and requirements, and to collaborate to find secure ways to support the OSU community.
UIT has a deep commitment to and belief in the strength and value of diversity, equity, and inclusion (DEI) both throughout our team and as an intentional and active practice to advance the vision, mission, and strategic efforts of the entire university. As a member of the UIT community, the person in this position is expected to foster and promote the values of DEI and demonstrate a commitment to inclusive excellence in their work.
Why OSU?
Working for Oregon State University is so much more than a job!
Oregon State University is a dynamic community of dreamers, doers, problem-solvers and change-makers. We don't wait for challenges to present themselves - we seek them out and take them on. We welcome students, faculty and staff from every background and perspective into a community where everyone feels seen and heard. We have deep-rooted mindfulness for the natural world and all who depend on it, and together, we apply knowledge, tools and skills to build a better future for all.
FACTS:
• Top 1.4% university in the world
• More research funding than all public universities in Oregon combined
• 1 of 3 land, sea, space and sun grant universities in the U.S.
• 2 campuses, 11 colleges, 12 experiment stations, and Extension programs in all 36 counties
• 7 cultural resource centers that offer education, celebration and belonging for everyone
• 100+ undergraduate degree programs, 80+ graduate degrees plus hundreds of minor options and certificates
• 35k+ students including more than 2.3k international students and 10k students of color
• 217k+ alumni worldwide
• For more interesting facts about OSU visit: https://oregonstate.edu/about
Locations:
Oregon State has a statewide presence with campuses in Corvallis and Bend, the OSU Portland Center and the Hatfield Marine Science Center on the Pacific Coast in Newport.
Oregon State's beautiful, historic and state-of-the-art main campus is located in one of America's best college towns. Corvallis is located close to the Pacific Ocean, the Cascade mountains and Oregon wine country. Nestled in the heart of the Willamette Valley, this beautiful city offers miles of mountain biking and hiking trails, a river perfect for boating or kayaking and an eclectic downtown featuring local cuisine, popular events and performances.
Total Rewards Package:
Oregon State University offers a comprehensive benefits package with benefits eligible positions that is designed to meet the needs of employees and their families including:
• Medical, Dental, Vision and Basic Life. OSU pays 95% of premiums for you and your eligible dependents.
• Free confidential mental health and emotional support services, and counseling resources.
• Retirement savings paid by the university.
• A generous paid leave package, including holidays, vacation and sick leave.
• Tuition reduction benefits for you or your qualifying dependents at OSU or the additional six Oregon Public Universities.
• Robust Work Life programs including Dual Career assistance resources, flexible work arrangements, a Family Resource Center, Affinity Groups and an Employee Assistance Program.
Future and current OSU employees can use the Benefits Calculator to learn more about the full value of the benefits provided at OSU.
Key Responsibilities
40%-VULNERABILITY MANAGEMENT
The Vulnerability and Configuration Analyst will contribute to the University's Protect and Detect functions. Specific tasks include but are not limited to:
- Reporting to the Governance, Risk, and Compliance (GRC) Manager, support research and administration by orchestrating an existing enterprise vulnerability management program, and building a configuration management program that adheres to federal, state, and industry benchmarks for the protection of highly sensitive research and administrative data
- Utilizing a portfolio of internal and external tools, perform weekly administration of OSU's vulnerability management program by tracking new and existing vulnerabilities, tracking remediation efforts by system owner teams, and developing periodic tracking tools for the benefit of senior leaders
- Develop and maintain long-term vulnerability reporting to demonstrate effectiveness.
- Maintain accurate records pertaining to the state of OSU's vulnerability management program, to include: critical, high, and moderate vulnerabilities; remediation plans; and approved exceptions to security policies
40%-CONFIGURATION MANAGEMENT
The Vulnerability and Configuration Analyst will assist the GRC Manager in the development, documentation, and implementation of the University's configuration management program:
- Assist the GRC Manager in the development, documentation, and implementation of a formal configuration management program, utilizing CIS benchmarks, DISA STIGs, and other industry leading guidance on the secure configuration of information systems
- Maintain accurate records pertaining to the state of OSU's configuration management program, to include: critical, configuration checklists; approved exceptions to security policies; and security control baselines
15%-ORGANIZATIONAL COORDINATION
The Vulnerability and Configuration Analyst will perform coordinating and administrative activities in support of the University. These activities include but are not limited to:
- Disseminate status updates, requests for the remediation of specific vulnerabilities, requests for documentation, and directives for remediation or other applicable action, to system administrators, network engineers, and other stakeholders throughout OSU's information technology enterprise
- Work with system owner teams in UIT and Distributed IT to develop remediation plans; support researchers and administrators by ensuring accountability for the maintenance, configuration, and monitoring of key information systems
- Participate in applicable meetings, to include the OSU Vulnerability Management Committee
5%-OTHER DUTIES AS ASSIGNED
- Support additional OIS programs, such as vendor management, outreach and awareness, identity and access management, endpoint management, and continuous monitoring
- Collaborate with internal and external stakeholders to assess needs for data and system administration
What You Will Need
- Bachelor's degree; OR Associate's degree AND two years of verified job experience; OR four years of verified job experience
- Ability to complete Security+ or equivalent industry security certification within 12 months of hire
- Experience maintaining and managing records; utilizing raw data produce quick notice and periodic analytical products; and working with diverse stakeholder groups, such as IT professionals, network engineers, and university administrative staff
- A demonstrated commitment to promoting and enhancing diversity
This position is designated as a critical or security-sensitive position; therefore, the incumbent must successfully complete a criminal history check and be determined to be position qualified as per OSU Standard 576-055-0000 et seq. Incumbents are required to self-report convictions and those in youth programs may have additional criminal history checks every 24 months.
What We Would Like You to Have
- Bachelor's degree in Computer Science or Business Information Systems
- Familiarity with vulnerability management, the Common Vulnerability Scoring System (CVSS), Center for Internet Security (CIS) benchmarks, DISA Security Technical Implementation Guides (STIGs)
- Familiarity with categories of regulated data, such as Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), Personal Health Information (PHI), and data governed by the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA)
- Experience working in an academic environment supporting research and facilitating the functions of research personnel
- Demonstrated experience organizing and presenting data to meet specific objectives.
- Experience creating data driven reports including visuals using Tableau, PowerBi, or similar tools.
Working Conditions / Work Schedule
Working conditions are typically performed in an office space. Occasional evening and weekend work may be required. The ability to lift items of up to 25 pounds may be required.
Pay Method
Salary
Pay Period
1st through the last day of the month
Pay Date
Last working day of the month
Recommended Full-Time Salary Range
$60,288-$105,420
Link to Position Description
https://jobs.oregonstate.edu/position_descriptions/146736
Posting Detail Information
Posting Number
P07631UF
Number of Vacancies
1
Anticipated Appointment Begin Date
02/12/2024
Anticipated Appointment End Date
Posting Date
12/21/2023
Full Consideration Date
Closing Date
01/12/2024
Indicate how you intend to recruit for this search
Competitive / External - open to ALL qualified applicants
Special Instructions to Applicants
When applying you will be required to attach the following electronic documents:
1) A resume/CV; and
2) A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses and telephone numbers as part of the application process.
For additional information please contact: Tom Ordeman at tom.ordeman@oregonstate.edu
OSU commits to inclusive excellence by advancing equity and diversity in all that we do. We are an Affirmative Action/Equal Opportunity employer, and particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive com...
