Information Security Incident Response Analyst (IT SCRTY ANL 4)

Under the general direction of the Associate Chief Information Security Officer (ACISO), the Information Security Incident Response Analyst serves as a technical lead and subject matter expert responsible for managing advanced security operations and incident response efforts that support the mission of the university and protect the confidentiality, integrity, and availability of information assets owned or entrusted to UC Davis.

This position is vital to the Security Operations Center's (SOC) ability to conduct complex security incident investigations, gather and preserve digital evidence, and respond to advanced threats. This role central to our incident response lifecycle and also instrumental in threat hunting, post incident analysis, and improving security posture through investigative insights.

The Analyst leads the detection, analysis, and response to complex and high impact security incidents and threats against university assets and work closely with campus stakeholders and partners to ensure that incidents are resolved quickly and effectively.

The Analyst must stay abreast of evolving campus needs, technology capabilities, and threat intelligence from various sources to optimize data protection measures.

The Analyst tracks and reports on security risks and control effectiveness to the CISO and other campus stakeholders such as the Chief Information Officer, and security and IT professionals located at the Davis, Sacramento campuses, and other UC campuses.

The Analyst operates with a high degree of autonomy, exercises independent thinking to creatively solve problems and issues, makes independent decisions, and must maintain or preserve confidentiality when required to do so.

Candidates must already possess authorization to work in the United States to be considered.

To see IET job postings, please visit https://iet.ucdavis.edu/jobs

Apply By Date

By Friday, September 26, 2025 at 11:50p Pacific; screening and selection actions can begin any time.

Minimum Qualifications

• Bachelor's degree in a related area and/or equivalent experience/training.
• Three or more years of experience in incident response or related, focusing on cyber-security threat detection, vulnerability analysis, and incident response using forensic analysis techniques such as file carving, timeline creation and memory capture.
• Experience in performing cyber threat hunting, including log analysis, and digital forensics using XDR and SEIM tools.
• Experience communicating and documenting complex technical subjects to both technical and non-technical audiences.
• Proficiency in conducting incident after-action reviews and recommending mitigation strategies to avoid recurrence.
• Strong collaboration skills, with the ability to work with technical and non-technical stakeholders and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.
• Work effectively under pressure and within time constraints to solve problems and complete deliverables.

Preferred Qualifications

• CISSP, CISM, CISA, or GIAC certifications.
• Experience in complex higher education environments, serving academic and administrative functions of a large public university.
• Experience with common security assessment and analysis tools such as Nmap, Tenable, Burp Suite, and FireEye.
• Experience with security technologies such as SIEM, web application firewalls, VPN infrastructure, Intrusion Detection and Prevention Systems, multi-factor authentication, DNS, SMTP, DHCP, 802.1x access control, Anti-malware, Data Leakage/Loss Prevention.
• Experience with Microsoft platforms, including Windows Event Log analysis, Active Directory and Group Policy.
• Experience with project management.
• Knowledge of mainstream Linux forensic investigation methods including system logs, file system formats and memory analysis.
• Knowledge of cloud security and zero-trust architectures.
• Demonstrated knowledge of incident response methodologies, techniques, and frameworks, including NIST and ISO 27001.
• Knowledge of the MITRE ATT&CK framework.

Key Responsibilities

65% - Incident Response

• Serve as lead responder and technical resource on the incident response team.
• Respond to incidents and critical situations in a problem-solving manner and conduct an in-depth investigation of alerts. Provide advanced security analysis, technical security support and operational support using security systems and technologies, including, but not limited to:
  • Monitor external data sources (e.g., computer network defense vendor sites, Computer Emergency Response Teams, SANS) to maintain awareness of network defense threat conditions and determine which security issues may impact the enterprise. Upon becoming aware of information security threats, assess and ensure departmental system administrators are aware manner of relevant threats to the associated systems they administer.
  • Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods effects on system and information
  • Perform and support forensic data collection and analysis.
  • Conduct thorough incident investigations, lead post incident reviews and provide recommendations for improving the incident response process to strengthen security posture.
  • Draft detailed incident reports and contribute to executive summaries and briefings.
  • Provide insights into the effectiveness of the incident response and recovery process through regular reports.
  • Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, & processes) by evaluating and recommending technical controls to mitigate risk to systems, data and operations.
  • Identify trends and patterns in events to identify opportunities for process improvement and optimization and support proactive threat hunting activities.

20% - Security Governance, Standards Development, and Strategic Support

• Contribute to the development of UCD incident response policies, standards, guidelines, and communication materials and strategies.
• Develop and maintain playbooks and documentation for incident response processes and technical procedures, and provide direction and support to incident response teams on using these processes and procedures.
• Assist in the review of various UCD, UC, Federal, and State security standards, guidelines, and policies.
• Prepare and maintain measurement and reporting documentation, including incident and status reports, dashboards, and other security-related metrics or documents.
• Prepare corrective action responses to technology audit findings.
• Participate in research of IT security tools, techniques, methodologies, technologies, and architectures.
• Serve on committees and work groups related to security and technology operations, planning and strategy.
• Work on special projects.

15% - Information Security Consulting & Reporting

• Provide high level consulting and information security subject matter expertise on information security risks and best practices.
• Collaborate with internal and external partners to detect threats, analyze vulnerabilities, and respond to attacks.
• Review Unit incident response plans and provide guidance to ensure alignment with institutional frameworks.
• Conduct training and awareness programs for incident response teams on incident response best practices and tools.

Department Overview

The Information Security Office (ISO) helps protect UC Davis' information assets' confidentiality, availability, and integrity through consultation, services, and programs. The ISO offers support, assistance, education, and advice, manages specific security processes, and helps individuals and departments understand how they are responsible for information security at UC Davis and how to meet that responsibility.

Position Information

• Salary Range: $99,400.00 - $196,400.00
• Salary Frequency: Annual
• Salary Grade: Grade 25
• UC Job Title: IT SCRTY ANL 4
• UC Job Code: 000661
• Number of Positions: 1
• Appointment Type: Staff: Career
• Percentage of Time: 100
• Shift Hours: M-F, 8-5pm. Other hours may be required.
• Location: Davis, CA - local, commutable residency required
• Union Representation: 99 - Non-Represented (PPSM)
• Benefits Eligible: Yes
• Hybrid/Remote/Onsite: Hybrid (mix of on-site and remote work from home office within commutable distance.)

Benefits

Outstanding benefits and perks are among the many rewards of working for the University of California. UC Davis offers a full range of benefits, resources and programs to help you bring your best self to work, as well as to help you and your family achieve your health, wellness, financial and career goals. Learn more about the benefits below and eligibility rules by visiting either our handy Benefits Summary for UC Davis Health Employees or Benefits Summary for UC Davis Employees and our Benefits Page.

• High quality and low-cost medical plans to choose from to fit your family's needs
• UC pays for Dental and Vision insurance premiums for you and your family
• Extensive leave benefits including Pregnancy and Parental Leave, Family & Medical Leave
• Paid Holidays annually as stipulated in the UC Davis Health Policies or Collective Bargaining Agreement
• Paid Time Off/Vacation/Sick Time as stipulated in the UC Davis Health Policies or Collective Bargaining Agreement
• Continuing Education (CE) allowance and Education Reimbursement Program as stipulated in the UC Davis Health Policies or Collective Bargaining Agreement
• Access to free professional development courses and learning opportunities for personal and professional growth
• WorkLife and Wellness programs and resources
• On-site Employee Assistance Program including access to free mental health services
• Supplemental insurance offered including additional life, short/long term disability, pet insurance and legal coverage
• Public Service Loan Forgiveness (PSFL) Qualified Employer & Student Loan Repayment Assistance Program for qualified roles
• Retirement benefit options for eligible roles including Pension and other Retirement Saving Plans. More information on our retirement benefits can be found here.

Physical Demands

• Standing - Occasional Up to 3 Hours
• Walking - Occasional Up to 3 Hours
• Sitting - Frequent 3 to 6 Hours
• Lifting/Carrying 0-25 Lbs - Occasional Up to 3 Hours
• Bending/Stooping - Occasional Up to 3 Hours
• Squatting/Kneeling - Occasional Up to 3 Hours
• Climbing (e.g., stairs or ladders) - Occasional Up to 3 Hours
• Keyboard use/repetitive motion - Continuous 6 to 8+ Hours

Mental Demands

• Sustained attention and concentration - Continuous 6 to 8+ Hours
• Complex problem solving/reasoning - Continuous 6 to 8+ Hours
• Ability to organize & prioritize - Continuous 6 to 8+ Hours
• Communication skills - Frequent 3 to 6 Hours
• Numerical skills - Occasional Up to 3 Hours
• Constant Interaction - Frequent 3 to 6 Hours
• Customer/Patient Contact - Occasional Up to 3 Hours
• Multiple Concurrent Tasks - Frequent 3 to 6 Hours

Work Environment

This position is Hybrid (required to be on-site 4 days each week, 1 day remote). Hire MUST reside within local proximity to Davis, CA (Out of state applicants will be considered but must relocate locally if hired).

UC Davis is a smoke and tobacco free campus effective January 1, 2014. Smoking, the use of smokeless tobacco products, and the use of unregulated nicotine products (e-cigarettes) will be strictly prohibited on any UC Davis owned or leased property, indoors and outdoors, including parking lots and residential space.

Due to the mission-critical services provided by this department, this position may work hours other than M-F 8-5. Occasionally work flexible, alternate, and/or extended hours including nights and weekends to address specific operational needs. Occasional travel to locations on and off campus. Vacation is restricted during peak periods. Adhere to workplace safety practices, read information communicated about workplace safety, complete required safety training on time, and report any workplace safety issues promptly to their supervisor or the designated safety coordinator.

Special Requirements

• This is a critical position, as defined by UC Policy and local procedures, and as such, employment is contingent upon clearing a criminal background check(s) and may include drug screening, medical evaluation clearance and functional capacity assessment

Misconduct Disclosure Requirement: As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegations or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

A Culture of Opportunity and Belonging

At UC Davis, we're committed to solving life's most urgent challenges and building a healthier, more resilient world. We believe in growing through every challenge, continually striving to improve, and welcoming new perspectives that strengthen our community. We recognize that a vibrant and innovative organization values both individual strengths and shared purpose. The best ideas often emerge when people with different experiences come together.

As you consider joining UC Davis, we invite you to explore our Principles of Community, our Clinical Strategic Plan and strategic vision for research and education. We believe you belong here. The University of California, Davis is an Equal Opportunity Employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age or protected veteran status.

To view the University of California's Anti-Discrimination Policy, please visit: https://policy.ucop.edu/doc/1001004/Anti-Discrimination

Because we want you to feel seen and valued, our recruitment process at UC Davis supports openness and authenticity. Research shows that some individuals hesitate to apply unless they meet every qualification. You may be an excellent fit for this role-or the next one. We encourage you to apply even if your experience doesn't match every listed requirement. #YouBelongHere

To learn more about our background check program, please visit: https://hr.ucdavis.edu/departments/recruitment/ucd/selection/background-checks