Staff - Non Union
Job Category
M&P - AAPS
Job Profile
AAPS Salaried - Information Systems and Technology, Level C
Job Title
Cybersecurity Support Analyst
Department
OCIO | Security Operations Centre
Compensation Range
$6,747.50 - $9,701.42 CAD Monthly
The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.
Posting End Date
March 22, 2025
Note: Applications will be accepted until 11:59 PM on the Posting End Date.
Job End Date
At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.
Job Summary
The (Cybersecurity) Support Analyst consults with user groups to determine business needs and to identify the appropriate technology solution.
The Cybersecurity Advanced Tactical and Response Team (CATR Team) is an ongoing team, tasked with targeting vulnerable systems in the UBC ecosystem and providing expert ‘hands-on’ support to local IT admins in faculties, research, and administrative units and resources to ensure these systems are appropriately protected. The CATR Team will provide the University a central, highly skills resource to support adaption and protection to the highest risk areas and quickly bring critical vulnerabilities into compliance and safety in a proactive manner. The team will also work to assist local IT admins with long-term remediation and recovery after incidents occur. Objectively these activities will collectively work towards reducing cybersecurity related risk for the university in a rapidly changing and diverse heterogeneous environment.
Each member of this team is responsible for creating processes and an environment, through individual action as a change advocate and creativity that supports a fundamental shift to proactive cybersecurity practices.
May be required to work night shifts and/or shift rotations, provide after regular business hours support as necessary as well as respond to pager and/or cellular phone during regular business hours.
Organizational Status
The Cybersecurity Incident Response Desk is a Tier 1/Tier2 support group, handling all requests and incidents for user-related issues within Cybersecurity by providing advice, guidance and the rapid remediation of incidents such as phishing or system attacks.
Reports directly to the Manager, Cybersecurity Incident Management within the Cybersecurity team and receives day-to-day direction from the CATR Team Lead.
Works independently and jointly within the CATR Team. Collaborates with staff from all sections of the Cybersecurity team, Information Technology, other administrative and academic offices, and faculty to coordinate support. The Incumbent will create and maintain collaborative working relationships with technology professionals across the UBC community with a particular emphasis on those in the Cybersecurity community of practice.
Work Performed
Specific Duties:
Acts as the primary point of contact for day-to-day customer support and responsible for triaging incident/support tickets.
Provides Cybersecurity support to the UBC community for staff, faculty, researchers, etc. by analyzing, developing, testing and applying appropriate solutions to restore end-users and customer issues as related to Cybersecurity.
Within the context of Cybersecurity incidents,
-
Performs digital forensic analysis of systems
-
Engages in attack analysis to extract indicators of compromise and build rules to allow for detection / protection for the institution
-
Works with others to create and enhance reports of attacks
-
Develops solutions to problems detected within the incident
-
Coordinates Incident Response issues, this includes initiating meetings, documenting and distributing meeting materials, setting up private incident channels for file share, and monitoring Incident progress through the lifecycle until closure.
Engages in threat hunting activities, analysing collected logs and forensics data to identify risk within or attacks against the University and develop appropriate responses.
Tracks metrics, as required for reporting.
Provides assistance to customers/end-users requesting Cybersecurity products and services including network access, authentication systems, as defined by the UBC IT Service Catalogue and the CISO's Team.
Monitors networks and infrastructure systems and evaluate Cybersecurity incidents, resolving or escalating where appropriate.
Answers user inquiries with regards to Cybersecurity matters, routes and escalates to various areas within the CISO's Team.
Provide technical/administrative support for the rest of the team as required.
Develops, discovers, and documents potential methods and precautions to best protect Systems and practices to remediate issues effectively before a warning becomes an incident.
Works within the broader team on the identification of vulnerabilities, development / testing of solutions, and provision of recommendations on remedial action.
Produces technical documentation for the Confidential Communications site and other repositories.
Within BCNET's Distributed Cybersecurity Incident Response Team (DCSIRT), works with BCNET member institutions to triage, develop and test solutions, and coordinate responses for Cybersecurity incidents that affect BCNET member institutions.
Works with department IT teams and in conjunction with others within Cybersecurity, to develop detailed technical recommendations to departmental processes and procedures to facilitate alignment with UBC Policy, Information Security Standards and Cybersecurity best practices. This work involves active engagement with technical SMEs, business leaders, and Cybersecurity SMEs.
Core Duties:
Consults with user groups to ensure a thorough understanding of software, hardware, information systems and procedural requirements in order to determine their business needs and to identify the appropriate technology solution.
Makes recommendations on the use of the appropriate technology services and products and the purchase of related hardware, software and network equipment.
Researches emerging technologies and their potential impact on the enterprise.
Provides technical support and troubleshooting in the use of information technology products and services.
Installs and maintains servers, networks, and related software and hardware.
Creates and maintains documentation in accordance with prescribed standards.
Contributes to the development of best practices, standards, procedures and quality objectives across systems infrastructure or platforms.
Maintains appropriate professional designations and up-to-date knowledge of current information technology techniques and tools.
Performs other related duties as required.
Consequence of Error/Judgement
Cybersecurity plays a key role in enabling the University to achieve its goal of becoming one of the world's leading universities. The services supported by Cybersecurity require reliable application systems in order to provide critical functions that support all students, faculty and staff. These systems must be available on a 7x24 basis.
Decisions and actions taken by the (Cybersecurity) Support Analyst will have a direct impact on how efficiently and effectively the systems will perform and function. Errors in judgment, poor development, or failure to act decisively could have a detrimental effect on these systems. Unreliable systems or failure to meet contractual obligations for performance and availability will damage the reputation of UBC. This could adversely impact the University community, including the large majority of students, faculty and staff, and could cost hundreds of thousands of dollars in lost productivity, funding and revenue.
Supervision Received
Reports directly to the Manager, Cybersecurity Incident Management within the Cybersecurity team and receives day-to-day direction from the CATR Team Lead.
The (Cybersecurity) Support Analyst must be able to work independently as well as contribute actively and collaborate openly as a team member.
Supervision Given
May mentor new or less senior Support Analysts, Temporary or Student employees as well as other resources supporting the cybersecurity function.
Minimum Qualifications
Undergraduate degree in a relevant discipline. Minimum of two years of related experience, or the equivalent combination of education and experience.
-
Willingness to respect diverse perspectives, including perspectives in conflict with one’s own
-
Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion
Preferred Qualifications
Experience working in cybersecurity incident management, systems administration, and / or IT support is preferred.
ITIL certification minimum basic level is an asset.
Core Competencies
Collaboration Advanced – A:
Consistently fosters collaboration and respect among team members by addressing elements of the group process that impedes, or could impede, the group from reaching its goal. Engages the “right people,” within and beyond organizational boundaries, by matching individual capabilities and skills to the team’s goals. Works with a wide range of teams and readily shares lessons learned and credit for team accomplishments.
Communicating for Results Advanced – A:
Converses with, writes reports for, and creates/delivers presentations to all levels of colleagues and peer groups in ways that support problem solving and planning. Seeks a consensus with business partners. Debates opinions, tests understanding, and clarifies judgments. Brings conflict into the open empathetically. Explains the context of multiple interrelated situations, asks searching, probing questions, and solicits expert advice prior to taking action and making recommendations.
Problem Solving Advanced – A:
Diagnoses problems using formal problem-solving tools and techniques from multiple angles and probes underlying issues to generate multiple potential solutions. Proactively anticipates and prevents problems. Devises, facilitates buy-in, makes recommendations, and guides implementation of corrective and/or preventive actions for complex issues that cross organizational boundaries and are unclear in nature. Identifies potential consequences and risk levels. Seeks support and buy-in for problem definition, methods of resolution, and accountability
Role Specific Competencies
Accountability Advanced – A:
Sets enhanced objectives for self and others. Monitors performance trends and identifies opportunities to improve standards. Provides regular feedback and suggests alternative approaches necessary to ensure that organizational objectives and superior standards are achieved. Delegates responsibility and reallocates resources as needed to ensure that priorities are met for initiatives within area of responsibility.
Analytical Thinking Advanced – A:
Determines criteria for assessing issues and opportunities. Establishes clear goals and priorities needed to assess performance. Identifies relationships and linkages between different information sources. Anticipates issues that are not readily apparent on the surface. Identifies root causes and effects. Establishes clear goals and priorities. Anticipates potential problems and develops solutions needed to resolve them. Systemically analyzes relationships between apparently independent problems and issues. Reviews and cross-reviews reports. Identifies trends as well as isolated events. Translates analytical reports into management presentations, and provides guidance to resolve issues. Anticipates the possible outcome of potential solutions. Identifies areas of significant concern or opportunity. Probes and initiates research to identify critical problems.
Information Systems Knowledge Advanced – A:
Identifies means of integrating technical support requirements with enterprise processes and strategies. Identifies technological opportunities to meet client needs. Creates information system solutions to meet the needs of business stakeholders. Partners with appropriate technical consultants, experts, and managers to resolves complex problems across all IT solutions.
