The Senior IT Security Analyst – Cybersecurity Operations is a highly skilled and technically proficient member of the Cybersecurity Operations team within the University of Virginia Health System Health IT (HIT) organization. This role is critical in deploying, configuring, operating, troubleshooting, and evaluating the effectiveness of a wide array of cybersecurity controls and services. The ideal candidate will have deep technical expertise and a passion for defending complex environments against evolving cyber threats.

Key Responsibilities:
•\tMaintain cybersecurity technologies supporting cyber defense and Security Operations Center (SOC) functions.
•\tLead and support cybersecurity incident response, threat hunting, and detection engineering efforts.
•\tManage SIEM and SOAR platforms, including development of detection rules and automation playbooks.
•\t Conduct digital forensics and analyze cyber threat intelligence to inform proactive defense strategies.
•\tImplement and manage technologies that deliver UVA Health’s information protection and insider risk strategy including data loss prevention (DLP), UEBA, CASB, and email protection.
•\tPerform vulnerability and attack surface management and ensure risks are addressed in a timely manner.
•\tEndpoint security engineering to ensure appropriate OS hardening and security configuration of servers and workstations.
•\tSecure Medical IoT and mobile/BYOD devices through policy configuration and enforcement using technical controls and passive vulnerability assessment tools.
•\tReview and approve firewall changes, conduct firewall ruleset reviews, and manage network security configurations.
•\tConduct and facilitate third party offensive security testing and security control validation as needed, including penetration testing, application security testing, and adversary simulation.
•\tValidate the effectiveness of security controls through continuous testing and measurement.
•\tParticipate in purple team and blue team exercises to validate and enhance security posture.
•\tCollaborate with DevOps teams to integrate security into the software development lifecycle and CI/CD pipelines (DevSecOps).
•\tMonitor and manage web application firewalls
•\tImplement cloud security guardrails, security posture management, and security monitoring.

In addition to the minimum requirements the ideal candidate will have:
•\tStrong knowledge of cybersecurity frameworks, tools, and technologies across multiple domains.
•\tExperience with SIEM, SOAR, EDR, DLP, CASB, vulnerability management, and cloud security platforms.
•\tProficiency in scripting and automation (e.g., Python, PowerShell).
•\tOne or more certifications: CISSP, GIAC, OSCP, GCIA, GCIH.

Maintenance of data security tables and files used to manage for access controls and identity management systems.Assists with investigative process during computer security incident responses.Implements and maintains information security infrastructure.Collaborates with other HSCS teams to ensure Information Security Plan and Standards are implemented.Collaborates with other HSCS teams to ensure facility and physical security is implemented. Coordinates Information Security Awareness program and educational activities.

In addition to the above job responsibilities, other duties may be assigned.

MINIMUM REQUIREMENTS

Education: Bachelor’s degree
Experience: 5-7 years relevant experience. Relevant experience may be considered in lieu of a degree.
Licensure: CISSP or HCISPP or similar preferred.

PHYSICAL DEMANDS

This is primarily a sedentary job involving extensive use of desktop computers. The job does occasionally require traveling some distance to attend meetings, and programs.​

Position Compensation Range: $74,922.00 - $149,843.00 Annual

Benefits

Comprehensive Benefits Package: Medical, Dental, and Vision Insurance

Paid Time Off, Long-term and Short-term Disability, Retirement Savings

Health Saving Plans, and Flexible Spending Accounts

Certification and education support

Generous Paid Time Off

UVA Health is a world-class Magnet Recognized academic medical center and health system with a level 1 trauma center. 2023-2024 U.S. News & World Report “Best Hospitals” guide rates UVA Health University Medical Center as “High Performing” in 5 adult specialties and 14 conditions/procedures. We are one of 70 National Cancer Institute designated cancer centers. UVA Health Children’s is named by 2023-2024 U.S. News & World Report as the best children's hospital in Virginia with 9 specialties ranked among the best in the nation. Our footprint also encompasses 3 community hospitals and an integrated network of primary and specialty care clinics throughout Charlottesville, Culpeper, Northern Virginia, and beyond.