Skip Navigation

Search all jobs

Information Technology Services

At Information Technology Services, our goal is to be the university's trusted business partner by creating a culture of exceptional customer service. Bringing together a team of diverse and talented professionals, we provide the central IT services that support USC's schools, hospitals, research centers, and administrative units. Through our recently launched digital transformation initiatives, we aim to develop an environment of continuous service improvement, founded on cross-functional teamwork, industry best practices, innovation, and commitment to the customer experience.

Vulnerability Assessment Analyst

Information Technology Services ITS Los Angeles, California

The University of Southern California’s (USC’s) Information Technology Services (ITS) is seeking a Vulnerability Assessment Analyst with an exceptional commitment to service excellence to join the team.  As the Vulnerability Assessment Analyst, you will be an integral member of the Security Operations team, collaborating with diverse and talented team members to help solve multidimensional information technology problems, improve customer experience, and generate value for our campus stakeholders across a broad base of departments and constituencies.

JOB SUMMARY

This position provides on-going analysis of scans and maintenance of tools for assessments of the security environment; reviews and mitigates penetration tests, and recommends fixes and security patches required in the event of security breaches. This role is also responsible for security analysis and producing monthly exception and management reports that lead to the implementation and remediation required by audits; The Analyst, Vulnerability Assessment, is responsible for developing program quality metrics, and reviewing findings to eliminate risks. The analyst analyzes and monitors the security practices of vendors and third parties, and provides reporting for governance of vulnerability impact

THE TEAM

The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential. We are looking for top talent to join us on our journey.

ITS CULTURE

USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services, core to the mission of USC. ITS values accountability, excellence, and commitment to exceptional customer experience. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.

ABOUT USC

USC is the leading private research university in Los Angeles—a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family—the faculty, staff, students, and alumni who make USC a great place to work—you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance.

MINIMUM QUALIFICATIONS

  • The candidate for the position of Vulnerability Assessment Analyst must meet the following qualifications:

  • Bachelor’s degree in a relevant field such as computer science, computer information systems, etc., or equivalent combination of education, training, and experience.

  • 2 years of experience in a vulnerability management or endpoint protection role.

  • Ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open-source tools.

  • Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets.

  • Ability to read, write and modify scripts for automation of vulnerability management tasks.

  • Working experience with industry frameworks (CSF, ISO, COBIT, etc.)

  • Experience in deploying and operating vulnerability scanning infrastructure and services.

  • Strong knowledge of industry standards regarding vulnerability management, including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).

  • Strong knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening, security baselines, and web server and database security.

PREFERRED QUALIFICATIONS

The ideal candidate for the position of Vulnerability Assessment Analyst has the following qualifications:

  • Knowledge of computer networking concepts, protocols and network security methodologies.

  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

  • Knowledge of specific operational impacts of cybersecurity lapses.

  • Knowledge of host network access control mechanisms (e.g., access control list, capabilities lists).

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code).

  • Knowledge of systems diagnostic tools and fault identification techniques.

  • Knowledge of system administration, network and operating system hardening techniques. Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of penetration testing principles, tools and techniques. Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

  • Skill in performing impact/risk assessments.

  • Skill in the use of penetration testing tools and techniques.

  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

THE WORK YOU WILL DO

The Vulnerability Assessment Analyst provides on-going analysis of scans and maintenance of tools for assessments of the security environment; reviews and mitigates penetration tests, and recommends fixes and security patches required in the event of security breaches. This role is also responsible for security analysis and producing monthly exception and management reports that lead to the implementation and remediation required by audits; The Analyst, Vulnerability Assessment, is responsible for developing program quality metrics, and reviewing findings to eliminate risks. The analyst analyzes and monitors the security practices of vendors and third parties, and provides reporting for governance of vulnerability impact

Job Accountabilities

The Vulnerability Assessment Analyst

  • Reviews and mitigate penetration tests and vulnerability assessments on information systems and infrastructure.

  • Provides input to assist with the analysis, development and advancement of key risk indicator.

  • Reviews penetration test findings with system owners and works to eliminate or remediate risks associated with the findings.

  • Monitors security vulnerability information from vendors and third parties; incorporates findings and insights of complex issues into objective security intelligence assessments that comply with internal governance practices and requirements.

  • Performs asset and network discovery reviews, helping to ensure full coverage of vulnerability management environment.

  • Conducts system and application vulnerability testing; analyze and verify information obtained from reviews.

  • Leverages asset inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress.

  • Maintains tools used for conducting vulnerability scanning.

  • Collates and analyzes security incident and event data to produce monthly exception and management reports; prepares audit reports that identify technical and procedural findings, and provide recommended remediation solutions.

  • Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations.

  • Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts.

  • Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.

  • Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time.

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence.


Minimum Education: Bachelor's degree Combined experience/education as substitute for minimum education Minimum Experience: 2 years Minimum Field of Expertise: Ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools. Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets. Ability to read, write and modify scripts for automation of vulnerability management tasks. Working experience with industry frameworks (CSF, ISO, COBIT, etc.) Experience in deploying and operating vulnerability scanning infrastructure and services. Strong knowledge of industry standards regarding vulnerability management, including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP). Strong knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening, security baselines, and web server and database security.


REQ20095758 Posted Date: 01/06/2021

Job matching

With just one click and a connection to LinkedIn, we can connect you with jobs that match your work experience.

Start matchingto jobs with your LinkedIn account

Stay connected with University of Southern California

Sign up to receive job alerts

Select interests

Recently added jobs