Whatsapp
Posted : Friday, October 27, 2023 06:19 PM
Vulnerability and Configuration Analyst
Bookmark this Posting | Print Preview | Apply for this Job
Please see Special Instructions for more details.
When applying you will be required to attach the following electronic documents: 1) A resume/CV; and 2) A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses and telephone numbers as part of the application process.
For additional information please contact: Tom Ordeman at tom.
ordeman@oregonstate.
edu OSU commits to inclusive excellence by advancing equity and diversity in all that we do.
We are an Affirmative Action/Equal Opportunity employer, and particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive community.
Starting salary within the salary range will be commensurate with skills, education, and experience.
OSU will conduct a review of the National Sex Offender Public website prior to hire.
OSU is a fair chance employer committed to inclusive hiring.
We encourage applications from candidates who bring a wide range of lived experience including involvement with the justice system.
This job has “critical or security-sensitive” responsibilities.
If you are selected as a finalist, your initial job offer will be contingent upon the results of a job-related pre-employment check (such as a background check, motor vehicle history check, sexual misconduct reference check, etc.
).
Background check results do not automatically disqualify a candidate.
Take a look at our Background Checks website including the for candidates section for more details.
If you have questions or concerns about the pre-employment check, please contact OSU’s Employee and Labor Relations team at employee.
relations@oregonstate.
edu.
Position Details Position Information Department Univ Info & Tech Admin (JIS) Position Title Analyst-IT Systems Job Title Vulnerability and Configuration Analyst Appointment Type Professional Faculty Job Location Corvallis Benefits Eligible Full-Time, benefits eligible Job Summary University Information and Technology is seeking a Vulnerability and Configuration Analyst.
This is a full-time (1.
00 FTE), 12-month, professional faculty position.
As a division within the Office of Information Security, Governance, Risk, and Compliance (GRC) provides services to ensure the confidentiality, integrity and availability of Oregon State University IT systems, data and information.
The Vulnerability and Configuration Analyst reports to the OSU GRC Manager and coordinates the Vulnerability and Configuration Management program(s) for University Information and Technology (UIT) and the Distributed IT units.
The Vulnerability and Configuration Analyst performs a key function for the institution and must exercise judgement and discretion in fulling the role.
The Analyst performs the role under the guidance of the GRC Manager and must be able to organize and orchestrate vulnerability and configuration data, records, and documentation while working with organizational stakeholders to ensure the timely remediation and proper configuration of organizational information systems.
The incumbent will inherit an active vulnerability management portfolio in need of regularization in order to ensure the remediation of vulnerabilities impacting servers, workstations, appliance, and infrastructure equipment.
The incumbent will be expected to expand this program to establish standardized organizational configuration baselines for the same range of information systems, while documenting exceptions to approved benchmarks.
The Analyst must develop effective relationships with UIT and Distributed IT administrators in order to ensure the success of these two critical programs.
The Analyst’s duties will consist of collecting, analyzing, and disseminating vulnerability data; disseminating and reviewing security configuration plans; developing recommendations for remediation or mitigation of unfulfilled security controls relating to vulnerability or configuration; processing requests for exceptions to policy or delays in implementation; and maintaining accurate records of each of these initiatives.
This will necessarily involve the development of a strong working knowledge of vulnerabilities impacting OSU information systems, and their recommended remediation.
UIT has a commitment to deliver data as a strategic working asset and to enable data informed decision making across OSU.
UIT leaders and staff will lead by example and use data to inform decision making at all levels in the organization.
Persons in technology roles are also expected to design systems with data portability in mind and work within enterprise architecture and privacy guidelines to deliver data as a strategic asset to fulfill OSU’s missions.
Proactively securing and protecting OSU’s digital assets and information systems is crucial to our missions of teaching and learning, research, and outreach and engagement.
All OSU IT professionals have a direct responsibility to provision high quality and secure IT systems and services.
Persons in technology roles are expected to be responsive to security related actions and requirements, and to collaborate to find secure ways to support the OSU community.
UIT has a deep commitment to and belief in the strength and value of diversity, equity, and inclusion (DEI) both throughout our team and as an intentional and active practice to advance the vision, mission, and strategic efforts of the entire university.
As a member of the UIT community, the person in this position is expected to foster and promote the values of DEI and demonstrate a commitment to inclusive excellence in their work.
Why OSU? Working for Oregon State University is so much more than a job! Oregon State University is a dynamic community of dreamers, doers, problem-solvers and change-makers.
We don’t wait for challenges to present themselves — we seek them out and take them on.
We welcome students, faculty and staff from every background and perspective into a community where everyone feels seen and heard.
We have deep-rooted mindfulness for the natural world and all who depend on it, and together, we apply knowledge, tools and skills to build a better future for all.
FACTS: • Top 1.
4% university in the world • More research funding than all public universities in Oregon combined • 1 of 3 land, sea, space and sun grant universities in the U.
S.
• 2 campuses, 11 colleges, 12 experiment stations, and Extension programs in all 36 counties • 7 cultural resource centers that offer education, celebration and belonging for everyone • 100+ undergraduate degree programs, 80+ graduate degrees plus hundreds of minor options and certificates • 35k+ students including more than 2.
3k international students and 10k students of color • 217k+ alumni worldwide • For more interesting facts about OSU visit: https://oregonstate.
edu/about Locations: Oregon State has a statewide presence with campuses in Corvallis and Bend, the OSU Portland Center and the Hatfield Marine Science Center on the Pacific Coast in Newport.
Oregon State’s beautiful, historic and state-of-the-art main campus is located in one of America’s best college towns.
Corvallis is located close to the Pacific Ocean, the Cascade mountains and Oregon wine country.
Nestled in the heart of the Willamette Valley, this beautiful city offers miles of mountain biking and hiking trails, a river perfect for boating or kayaking and an eclectic downtown featuring local cuisine, popular events and performances.
Total Rewards Package: Oregon State University offers a comprehensive benefits package with benefits eligible positions that is designed to meet the needs of employees and their families including: • Medical, Dental, Vision and Basic Life.
OSU pays 95% of premiums for you and your eligible dependents.
• Free confidential mental health and emotional support services, and counseling resources.
• Retirement savings paid by the university.
• A generous paid leave package, including holidays, vacation and sick leave.
• Tuition reduction benefits for you or your qualifying dependents at OSU or the additional six Oregon Public Universities.
• Robust Work Life programs including Dual Career assistance resources, flexible work arrangements, a Family Resource Center, Affinity Groups and an Employee Assistance Program.
Future and current OSU employees can use the Benefits Calculator to learn more about the full value of the benefits provided at OSU.
Key Responsibilities 40%—VULNERABILITY MANAGEMENT The Vulnerability and Configuration Analyst will contribute to the University’s Protect and Detect functions.
Specific tasks include but are not limited to: Reporting to the Governance, Risk, and Compliance (GRC) Manager, support research and administration by orchestrating an existing enterprise vulnerability management program, and building a configuration management program that adheres to federal, state, and industry benchmarks for the protection of highly sensitive research and administrative data Utilizing a portfolio of internal and external tools, perform weekly administration of OSU’s vulnerability management program by tracking new and existing vulnerabilities, tracking remediation efforts by system owner teams, and developing periodic tracking tools for the benefit of senior leaders Develop and maintain long-term vulnerability reporting to demonstrate effectiveness.
Maintain accurate records pertaining to the state of OSU’s vulnerability management program, to include: critical, high, and moderate vulnerabilities; remediation plans; and approved exceptions to security policies 40%—CONFIGURATION MANAGEMENT The Vulnerability and Configuration Analyst will assist the GRC Manager in the development, documentation, and implementation of the University’s configuration management program: Assist the GRC Manager in the development, documentation, and implementation of a formal configuration management program, utilizing CIS benchmarks, DISA STIGs, and other industry leading guidance on the secure configuration of information systems Maintain accurate records pertaining to the state of OSU’s configuration management program, to include: critical, configuration checklists; approved exceptions to security policies; and security control baselines 15%—ORGANIZATIONAL COORDINATION The Vulnerability and Configuration Analyst will perform coordinating and administrative activities in support of the University.
These activities include but are not limited to: Disseminate status updates, requests for the remediation of specific vulnerabilities, requests for documentation, and directives for remediation or other applicable action, to system administrators, network engineers, and other stakeholders throughout OSU’s information technology enterprise Work with system owner teams in UIT and Distributed IT to develop remediation plans; support researchers and administrators by ensuring accountability for the maintenance, configuration, and monitoring of key information systems Participate in applicable meetings, to include the OSU Vulnerability Management Committee 5%—OTHER DUTIES AS ASSIGNED Support additional OIS programs, such as vendor management, outreach and awareness, identity and access management, endpoint management, and continuous monitoring Collaborate with internal and external stakeholders to assess needs for data and system administration What You Will Need Bachelor’s degree; OR Associate’s degree AND two years of verified job experience; OR four years of verified job experience Ability to complete Security+ or equivalent industry security certification within 12 months of hire Experience maintaining and managing records; utilizing raw data produce quick notice and periodic analytical products; and working with diverse stakeholder groups, such as IT professionals, network engineers, and university administrative staff A demonstrated commitment to promoting and enhancing diversity This position is designated as a critical or security-sensitive position; therefore, the incumbent must successfully complete a criminal history check and be determined to be position qualified as per OSU Standard 576-055-0000 et seq.
Incumbents are required to self-report convictions and those in youth programs may have additional criminal history checks every 24 months.
What We Would Like You to Have Bachelor’s degree in Computer Science or Business Information Systems Familiarity with vulnerability management, the Common Vulnerability Scoring System (CVSS), Center for Internet Security (CIS) benchmarks, DISA Security Technical Implementation Guides (STIGs) Familiarity with categories of regulated data, such as Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), Personal Health Information (PHI), and data governed by the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) Experience working in an academic environment supporting research and facilitating the functions of research personnel Demonstrated experience organizing and presenting data to meet specific objectives.
Experience creating data driven reports including visuals using Tableau, PowerBi, or similar tools.
Working Conditions / Work Schedule Working conditions are typically performed in an office space.
Occasional evening and weekend work may be required.
The ability to lift items of up to 25 pounds may be required.
Pay Method Salary Pay Period 1st through the last day of the month Pay Date Last working day of the month Recommended Full-Time Salary Range $60,288-$105,420 Link to Position Description https://jobs.
oregonstate.
edu/position_descriptions/146736 Posting Detail Information Posting Number P07631UF Number of Vacancies 1 Anticipated Appointment Begin Date 02/12/2024 Anticipated Appointment End Date Posting Date 12/21/2023 Full Consideration Date Closing Date 01/12/2024 Indicate how you intend to recruit for this search Competitive / External - open to ALL qualified applicants Special Instructions to Applicants When applying you will be required to attach the following electronic documents: 1) A resume/CV; and 2) A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses and telephone numbers as part of the application process.
For additional information please contact: Tom Ordeman at tom.
ordeman@oregonstate.
edu OSU commits to inclusive excellence by advancing equity and diversity in all that we do.
We are an Affirmative Action/Equal Opportunity employer, and particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive community.
Starting salary within the salary range will be commensurate with skills, education, and experience.
OSU will conduct a review of the National Sex Offender Public website prior to hire.
OSU is a fair chance employer committed to inclusive hiring.
We encourage applications from candidates who bring a wide range of lived experience including involvement with the justice system.
This job has “critical or security-sensitive” responsibilities.
If you are selected as a finalist, your initial job offer will be contingent upon the results of a job-related pre-employment check (such as a background check, motor vehicle history check, sexual misconduct reference check, etc.
).
Background check results do not automatically disqualify a candidate.
Take a look at our Background Checks website including the for candidates section for more details.
If you have questions or concerns about the pre-employment check, please contact OSU’s Employee and Labor Relations team at employee.
relations@oregonstate.
edu.
Supplemental Questions
When applying you will be required to attach the following electronic documents: 1) A resume/CV; and 2) A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses and telephone numbers as part of the application process.
For additional information please contact: Tom Ordeman at tom.
ordeman@oregonstate.
edu OSU commits to inclusive excellence by advancing equity and diversity in all that we do.
We are an Affirmative Action/Equal Opportunity employer, and particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive community.
Starting salary within the salary range will be commensurate with skills, education, and experience.
OSU will conduct a review of the National Sex Offender Public website prior to hire.
OSU is a fair chance employer committed to inclusive hiring.
We encourage applications from candidates who bring a wide range of lived experience including involvement with the justice system.
This job has “critical or security-sensitive” responsibilities.
If you are selected as a finalist, your initial job offer will be contingent upon the results of a job-related pre-employment check (such as a background check, motor vehicle history check, sexual misconduct reference check, etc.
).
Background check results do not automatically disqualify a candidate.
Take a look at our Background Checks website including the for candidates section for more details.
If you have questions or concerns about the pre-employment check, please contact OSU’s Employee and Labor Relations team at employee.
relations@oregonstate.
edu.
Position Details Position Information Department Univ Info & Tech Admin (JIS) Position Title Analyst-IT Systems Job Title Vulnerability and Configuration Analyst Appointment Type Professional Faculty Job Location Corvallis Benefits Eligible Full-Time, benefits eligible Job Summary University Information and Technology is seeking a Vulnerability and Configuration Analyst.
This is a full-time (1.
00 FTE), 12-month, professional faculty position.
As a division within the Office of Information Security, Governance, Risk, and Compliance (GRC) provides services to ensure the confidentiality, integrity and availability of Oregon State University IT systems, data and information.
The Vulnerability and Configuration Analyst reports to the OSU GRC Manager and coordinates the Vulnerability and Configuration Management program(s) for University Information and Technology (UIT) and the Distributed IT units.
The Vulnerability and Configuration Analyst performs a key function for the institution and must exercise judgement and discretion in fulling the role.
The Analyst performs the role under the guidance of the GRC Manager and must be able to organize and orchestrate vulnerability and configuration data, records, and documentation while working with organizational stakeholders to ensure the timely remediation and proper configuration of organizational information systems.
The incumbent will inherit an active vulnerability management portfolio in need of regularization in order to ensure the remediation of vulnerabilities impacting servers, workstations, appliance, and infrastructure equipment.
The incumbent will be expected to expand this program to establish standardized organizational configuration baselines for the same range of information systems, while documenting exceptions to approved benchmarks.
The Analyst must develop effective relationships with UIT and Distributed IT administrators in order to ensure the success of these two critical programs.
The Analyst’s duties will consist of collecting, analyzing, and disseminating vulnerability data; disseminating and reviewing security configuration plans; developing recommendations for remediation or mitigation of unfulfilled security controls relating to vulnerability or configuration; processing requests for exceptions to policy or delays in implementation; and maintaining accurate records of each of these initiatives.
This will necessarily involve the development of a strong working knowledge of vulnerabilities impacting OSU information systems, and their recommended remediation.
UIT has a commitment to deliver data as a strategic working asset and to enable data informed decision making across OSU.
UIT leaders and staff will lead by example and use data to inform decision making at all levels in the organization.
Persons in technology roles are also expected to design systems with data portability in mind and work within enterprise architecture and privacy guidelines to deliver data as a strategic asset to fulfill OSU’s missions.
Proactively securing and protecting OSU’s digital assets and information systems is crucial to our missions of teaching and learning, research, and outreach and engagement.
All OSU IT professionals have a direct responsibility to provision high quality and secure IT systems and services.
Persons in technology roles are expected to be responsive to security related actions and requirements, and to collaborate to find secure ways to support the OSU community.
UIT has a deep commitment to and belief in the strength and value of diversity, equity, and inclusion (DEI) both throughout our team and as an intentional and active practice to advance the vision, mission, and strategic efforts of the entire university.
As a member of the UIT community, the person in this position is expected to foster and promote the values of DEI and demonstrate a commitment to inclusive excellence in their work.
Why OSU? Working for Oregon State University is so much more than a job! Oregon State University is a dynamic community of dreamers, doers, problem-solvers and change-makers.
We don’t wait for challenges to present themselves — we seek them out and take them on.
We welcome students, faculty and staff from every background and perspective into a community where everyone feels seen and heard.
We have deep-rooted mindfulness for the natural world and all who depend on it, and together, we apply knowledge, tools and skills to build a better future for all.
FACTS: • Top 1.
4% university in the world • More research funding than all public universities in Oregon combined • 1 of 3 land, sea, space and sun grant universities in the U.
S.
• 2 campuses, 11 colleges, 12 experiment stations, and Extension programs in all 36 counties • 7 cultural resource centers that offer education, celebration and belonging for everyone • 100+ undergraduate degree programs, 80+ graduate degrees plus hundreds of minor options and certificates • 35k+ students including more than 2.
3k international students and 10k students of color • 217k+ alumni worldwide • For more interesting facts about OSU visit: https://oregonstate.
edu/about Locations: Oregon State has a statewide presence with campuses in Corvallis and Bend, the OSU Portland Center and the Hatfield Marine Science Center on the Pacific Coast in Newport.
Oregon State’s beautiful, historic and state-of-the-art main campus is located in one of America’s best college towns.
Corvallis is located close to the Pacific Ocean, the Cascade mountains and Oregon wine country.
Nestled in the heart of the Willamette Valley, this beautiful city offers miles of mountain biking and hiking trails, a river perfect for boating or kayaking and an eclectic downtown featuring local cuisine, popular events and performances.
Total Rewards Package: Oregon State University offers a comprehensive benefits package with benefits eligible positions that is designed to meet the needs of employees and their families including: • Medical, Dental, Vision and Basic Life.
OSU pays 95% of premiums for you and your eligible dependents.
• Free confidential mental health and emotional support services, and counseling resources.
• Retirement savings paid by the university.
• A generous paid leave package, including holidays, vacation and sick leave.
• Tuition reduction benefits for you or your qualifying dependents at OSU or the additional six Oregon Public Universities.
• Robust Work Life programs including Dual Career assistance resources, flexible work arrangements, a Family Resource Center, Affinity Groups and an Employee Assistance Program.
Future and current OSU employees can use the Benefits Calculator to learn more about the full value of the benefits provided at OSU.
Key Responsibilities 40%—VULNERABILITY MANAGEMENT The Vulnerability and Configuration Analyst will contribute to the University’s Protect and Detect functions.
Specific tasks include but are not limited to: Reporting to the Governance, Risk, and Compliance (GRC) Manager, support research and administration by orchestrating an existing enterprise vulnerability management program, and building a configuration management program that adheres to federal, state, and industry benchmarks for the protection of highly sensitive research and administrative data Utilizing a portfolio of internal and external tools, perform weekly administration of OSU’s vulnerability management program by tracking new and existing vulnerabilities, tracking remediation efforts by system owner teams, and developing periodic tracking tools for the benefit of senior leaders Develop and maintain long-term vulnerability reporting to demonstrate effectiveness.
Maintain accurate records pertaining to the state of OSU’s vulnerability management program, to include: critical, high, and moderate vulnerabilities; remediation plans; and approved exceptions to security policies 40%—CONFIGURATION MANAGEMENT The Vulnerability and Configuration Analyst will assist the GRC Manager in the development, documentation, and implementation of the University’s configuration management program: Assist the GRC Manager in the development, documentation, and implementation of a formal configuration management program, utilizing CIS benchmarks, DISA STIGs, and other industry leading guidance on the secure configuration of information systems Maintain accurate records pertaining to the state of OSU’s configuration management program, to include: critical, configuration checklists; approved exceptions to security policies; and security control baselines 15%—ORGANIZATIONAL COORDINATION The Vulnerability and Configuration Analyst will perform coordinating and administrative activities in support of the University.
These activities include but are not limited to: Disseminate status updates, requests for the remediation of specific vulnerabilities, requests for documentation, and directives for remediation or other applicable action, to system administrators, network engineers, and other stakeholders throughout OSU’s information technology enterprise Work with system owner teams in UIT and Distributed IT to develop remediation plans; support researchers and administrators by ensuring accountability for the maintenance, configuration, and monitoring of key information systems Participate in applicable meetings, to include the OSU Vulnerability Management Committee 5%—OTHER DUTIES AS ASSIGNED Support additional OIS programs, such as vendor management, outreach and awareness, identity and access management, endpoint management, and continuous monitoring Collaborate with internal and external stakeholders to assess needs for data and system administration What You Will Need Bachelor’s degree; OR Associate’s degree AND two years of verified job experience; OR four years of verified job experience Ability to complete Security+ or equivalent industry security certification within 12 months of hire Experience maintaining and managing records; utilizing raw data produce quick notice and periodic analytical products; and working with diverse stakeholder groups, such as IT professionals, network engineers, and university administrative staff A demonstrated commitment to promoting and enhancing diversity This position is designated as a critical or security-sensitive position; therefore, the incumbent must successfully complete a criminal history check and be determined to be position qualified as per OSU Standard 576-055-0000 et seq.
Incumbents are required to self-report convictions and those in youth programs may have additional criminal history checks every 24 months.
What We Would Like You to Have Bachelor’s degree in Computer Science or Business Information Systems Familiarity with vulnerability management, the Common Vulnerability Scoring System (CVSS), Center for Internet Security (CIS) benchmarks, DISA Security Technical Implementation Guides (STIGs) Familiarity with categories of regulated data, such as Personally Identifiable Information (PII), Controlled Unclassified Information (CUI), Personal Health Information (PHI), and data governed by the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) Experience working in an academic environment supporting research and facilitating the functions of research personnel Demonstrated experience organizing and presenting data to meet specific objectives.
Experience creating data driven reports including visuals using Tableau, PowerBi, or similar tools.
Working Conditions / Work Schedule Working conditions are typically performed in an office space.
Occasional evening and weekend work may be required.
The ability to lift items of up to 25 pounds may be required.
Pay Method Salary Pay Period 1st through the last day of the month Pay Date Last working day of the month Recommended Full-Time Salary Range $60,288-$105,420 Link to Position Description https://jobs.
oregonstate.
edu/position_descriptions/146736 Posting Detail Information Posting Number P07631UF Number of Vacancies 1 Anticipated Appointment Begin Date 02/12/2024 Anticipated Appointment End Date Posting Date 12/21/2023 Full Consideration Date Closing Date 01/12/2024 Indicate how you intend to recruit for this search Competitive / External - open to ALL qualified applicants Special Instructions to Applicants When applying you will be required to attach the following electronic documents: 1) A resume/CV; and 2) A cover letter indicating how your qualifications and experience have prepared you for this position.
You will also be required to submit the names of at least three professional references, their e-mail addresses and telephone numbers as part of the application process.
For additional information please contact: Tom Ordeman at tom.
ordeman@oregonstate.
edu OSU commits to inclusive excellence by advancing equity and diversity in all that we do.
We are an Affirmative Action/Equal Opportunity employer, and particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive community.
Starting salary within the salary range will be commensurate with skills, education, and experience.
OSU will conduct a review of the National Sex Offender Public website prior to hire.
OSU is a fair chance employer committed to inclusive hiring.
We encourage applications from candidates who bring a wide range of lived experience including involvement with the justice system.
This job has “critical or security-sensitive” responsibilities.
If you are selected as a finalist, your initial job offer will be contingent upon the results of a job-related pre-employment check (such as a background check, motor vehicle history check, sexual misconduct reference check, etc.
).
Background check results do not automatically disqualify a candidate.
Take a look at our Background Checks website including the for candidates section for more details.
If you have questions or concerns about the pre-employment check, please contact OSU’s Employee and Labor Relations team at employee.
relations@oregonstate.
edu.
Supplemental Questions
• Phone : NA
• Location : 1500 S.W. Jefferson, Corvallis, OR
• Post ID: 9030042861
