[Hiring] Senior IT Security Analyst @United Biosource Corporation

Role Description

A hands-on position that helps maintain and improve UBC's Cybersecurity program. Perform Threat Intelligence analysis, assist the incident response team with investigations, ensure the security and compliance of information system assets, while maturing the overall Cybersecurity program. Ensure the security of information system assets and protect them from intentional or inadvertent access, disclosure, or destruction in accordance with company policies and industry standards such as ISO 27000, HIPAA, GDPR, and CCPA. Ensure employees understand and adhere to necessary procedures to maintain security. Must be able to weigh business needs against security concerns and articulate issues and options to management. Performs risk assessments for sensitive internal and external systems and perform threat modelling.

Job Responsibilities

• Ensure security controls are deployed, operating effectively, and aligned with organizational security policies and standards.
• Monitor, review, analyze, and respond to security alerts generated from various security platforms.
• Tune and optimize security alerts to reduce false positives and improve detection effectiveness.
• Ensure assets are properly onboarded and reporting into required security monitoring and vulnerability management tools.
• Lead and support the vulnerability management lifecycle, including:
  • Conducting regular vulnerability scans using automated tools,
  • Analyzing scan results and prioritizing findings based on risk,
  • Working closely with infrastructure, application, and development teams to remediate vulnerabilities and validating fixes,
  • Perform and manage web application security scans, interpret findings, and provide clear remediation guidance to development teams.
• Monitor threat intelligence feeds and external advisories to identify emerging threats, vulnerabilities, or risks relevant to the organization.
• Participate in incident response activities, including identification, containment, eradication, and recovery efforts.
• Assess, develop, and apply updated or strengthened security measures to respond to changing threats, regulatory and business requirements, enhancing both cloud and on-premises security posture.
• Work with IT, engineering, and business teams to develop, review, and implement secure configurations, standards, and policies.
• Assist project teams in the implementation of security measures to meet UBC cybersecurity policies and external governances, e.g., HIPAA, GDPR, CCPA.
• Maintain accurate and up-to-date security documentation for systems, applications, and processes.
• Collaborate with other security team members on security initiatives and best practices.
• Support annual security initiatives and defined deliverables aligned with the organization’s security roadmap.
• Participate in special projects and perform additional duties as assigned.

Qualifications

• Bachelor’s degree in computer related field, or 4 – 6 years equivalent experience.
• 3 – 5 years of relevant working experience, preferably in IT Security.
• Certification in Information Security (GIAC - GSEC, Security+, CISSP, CompTIA CySA+ or equivalent) preferred.
• Familiarity with external regulations, e.g., GDPR, 21CFR part 11, HIPAA, Sarbanes-Oxley.
• Strong understanding of information security principles and frameworks.
• Strong experience in vulnerability management, including scanning, remediation coordination, and verification.
• Hands-on experience with automated vulnerability scanning tools, including web application scanning solutions.
• Understanding of web application security concepts (i.e., OWASP Top 10) and common attack techniques.
• Familiarity with domain structures, user authentication, and digital signatures.
• Experience with various on-premises and cloud security controls and systems (i.e., MS Intune, MS ATP, MS Purview, Active Directory, IAM).
• Strong documentation and communications skills.
• Experience in research and analysing findings.
• Experience as part of an incident response team.
• Digital Forensics experience is a plus.
• Programming and scripting experience is a plus.
• Experience with cloud architecture is a plus.
• Experience or comprehension of AI tools and various uses is a plus.
• Demonstrated ability to coordinate with various teams for project/activity completion, work in a team environment, sharing workloads and responsibilities.
• Ability to work in a flexible environment where requirements and procedures continuously evolve.
• Ability to multi-task and manage time effectively.
• Flexible hours, with availability for after-hours support as needed.
• Participate in on-call rotation to respond to security alerts as needed.

Benefits

• Competitive salaries
• Growth opportunities for promotion
• 401K with company match*
• Tuition reimbursement
• Flexible work environment
• Discretionary PTO (Paid Time Off)
• Paid Holidays
• Employee assistance programs
• Medical, Dental, and vision coverage
• HSA/FSA
• Telemedicine (Virtual doctor appointments)
• Wellness program
• Adoption assistance
• Short term disability
• Long term disability
• Life insurance
• Discount programs