Security Operations Engineer / Senior Security Operations Engineer

Department Marketing Statement:

There is a reason UCSB has been named the Best Place to Work by our local media for several years running. Whether our employees are on our stunning campus, or working remotely or hybrid, they tell us they value the flexibility, stability and rich benefits we offer. Come join us as we support the mission of one of the finest public institutions in the nation. UC Santa Barbara is consistently recognized for excellence across broad fields of study. Set alongside the glorious California coast, our dynamic environment inspires scholarly ambition and creativity.

Information Technology Services (ITS), the Campus' central IT unit, contributes to UC Santa Barbara's mission of research, teaching, and community service by partnering with the Campus community to efficiently deliver IT infrastructure and enterprise application services to faculty, students, staff, and affiliates. Join us in supporting the technology making world class research possible!

Benefits of Belonging:

Working at UC means being part of this vibrant institution that shines a light on what is possible. People make UC great, and UC recognizes your contributions by making this a great place to work. Excellent retirement and health are just one of the rewards. Learn more about the benefits of working at UC and why You Belong at UC.

Brief Summary of Job Duties: This position may be filled at the Security Operations Engineer (IT Security Analyst 3) or Senior Security Operations Engineer (IT Security Analyst 4) level. The successful candidate will be hired at the level that is commensurate with their skills, knowledge, and experience.

Security Operations Engineer (IT Security Analyst 3) The Security Operations Engineer works within the Information Technology Services' Office of Information Security unit. This role is a member of the campus Security Operations and Engineering team, responsible for assisting with the administration and operations of core information security systems and tools. The position supports the Security Operations team in vital cybersecurity functions, including identifying network, systems, and applications and responding to compromises and incidents. The Security Operations Engineer assists with the deployment, configuration, operations, and maintenance of the enterprise's information security infrastructure. This includes, but is not limited to, supporting new security tools and technologies such as vulnerability management, intrusion detection and prevention, endpoint detection and response, logging, SIEM (Security Information and Event Management), and ticketing and case management. The Security Operations Engineer may also provide support during cybersecurity investigations or incidents.

Senior Security Operations Engineer (IT Security Analyst 4) The Senior Security Operations Engineer serves in the Information Technology Services' Office of Information Security unit and is a senior member of the campus Security Operations and Engineering team. Primary responsibility involves overseeing system engineering and administration of core information security systems and tools. The Senior Security Operations Engineer is responsible for the deployment, configuration, operations and maintenance of the enterprise's complex information security infrastructure. This role is also responsible for the continued deployment of new information security tools and technologies throughout the enterprise, including, but not limited to: asset discovery, vulnerability management, cloud security, code security, intrusion detection & prevention, network detection and response, endpoint detection and response, logging, SIEM (Security Information and Event Management), orchestration and automation, and ticketing and case management. The Senior Security Operations Engineer may also provide incident response support to security staff during complex cybersecurity investigations, breaches, or other important incidents.

Required Qualifications:

Security Operations Engineer (IT Security Analyst 3)

Required Qualifications:

• A Bachelor's degree in a related area and/or equivalent experience/training.
• 5-7 years of Information Technology experience.
• 2-4 years of experience using IT security systems and tools.
• 2-4 years of experience analyzing and interpreting security event logs.
• Some experience with cloud security tools and techniques.

Preferred Qualifications:

• Knowledge of information security principles and technology.
• Knowledge of vulnerability management systems and endpoint detection and response systems.
• Experience in systems administration and infrastructure.
• Understanding of network traffic analysis, endpoint log analysis, remote access methods and systems, firewalls, encryption, authentication and authorization technology.
• Experience in incident response and digital forensics.
• Understanding of cloud computing (AWS, GCP, and/or Azure) security concepts.
• Understanding of the OSI networking model.
• Understanding of cybersecurity models like NIST Cyber Security Framework, the Cyber Kill Chain, and MITRE ATT&CK Framework.

Senior Security Operations Engineer (IT Security Analyst 4)

Required Qualifications:

• Bachelor's degree in related area and / or equivalent experience / training.
• 7-9 years Information Technology experience.
• 7-9 years Advanced skills in systems administration and infrastructure support.
• 4-6 years Advanced experience using IT security systems and tools.
• 4-6 years Advanced skill analyzing and interpreting security event logs.
• 1-3 years Experience with cloud security tools and techniques.

Preferred Qualifications:

• Advanced knowledge of information security principles and technology
• Advanced knowledge of vulnerability management systems, intrusion detection/prevention systems, and endpoint detection and response systems
• Experience in systems administration and infrastructure, containers
• Experience with DevSecOps and security automation tools
• Understanding of network traffic analysis, endpoint log analysis, remote access methods and systems, stateful inspection firewalls, encryption, authentication and authorization technology
• Advanced experience in incident response and digital forensics including data collection, examination, and analysis.
• Applied knowledge of cloud computing (AWS, GCP, and/or Azure) security concepts
• Ability to quickly learn new or unfamiliar technologies and products, independently using documentation and online resources
• Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies
• Applied understanding of OSI networking model
• Applied knowledge of cybersecurity models- NIST Cyber Security Framework, NIST 800-171, the Cyber Kill Chain and MITRE ATT&CK Framework
• Demonstrated skills applying security controls to computer software and hardware.
• Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel across multiple distributed departments and IT organizations across campus

Special Conditions of Employment:

• Satisfactory conviction history background check
• UCSB is a Tobacco-Free environment

Misconduct Disclosure Requirement:

As a condition of employment, the final candidate who accepts a conditional offer of employment will be required to disclose if they have been subject to any final administrative or judicial decisions within the last seven years determining that they committed any misconduct; received notice of any allegation or are currently the subject of any administrative or disciplinary proceedings involving misconduct; have left a position after receiving notice of allegations or while under investigation in an administrative or disciplinary proceeding involving misconduct; or have filed an appeal of a finding of misconduct with a previous employer.

"Misconduct" means any violation of the policies or laws governing conduct at the applicant's previous place of employment, including, but not limited to, violations of policies or laws prohibiting sexual harassment, sexual assault, or other forms of harassment, discrimination, dishonesty, or unethical conduct, as defined by the employer. For reference, below are UC's policies addressing some forms of misconduct:

• UC Sexual Violence and Sexual Harassment Policy
• UC Anti-Discrimination Policy
• Abusive Conduct in the Workplace

Job Functions and Percentages of Time:

Security Operations Engineer (IT Security Analyst 3)

• 60%: Deployment and Operations of Security Systems and Tools.
  • Responsible for the deployment, configuration, operations, and maintenance of the enterprise's information security infrastructure.
  • Includes supporting the deployment of security systems, tools, and technologies.
• 20%: Vulnerability Management and Incident Response Support.
  • Provides support to security staff during cybersecurity investigations, breaches, and other important incidents.
• 10%: Communications and Leadership.
  • Participates as an active member of the campus IT community. Assists on project teams and committees.
• 10%: Continuing Education / Professional Development.
  • Keeps up-to-date on information security tools, systems, and techniques. Takes courses for professional development and additional certifications as appropriate.

Senior Security Operations Engineer (IT Security Analyst 4)

• 50%: Deployment and Operations of Security Systems and Tools.
  • Responsible for the deployment, configuration, operations and maintenance of the enterprise's complex information security infrastructure.
  • Responsible for the continued deployment of new information security systems, tools and technologies throughout the enterprise, including, but not limited to: asset discovery, vulnerability management, cloud security, code security, intrusion detection & prevention, network detection and response, endpoint detection and response, logging, SIEM (Security Information and Event Management), orchestration and automation, and ticketing and case management.
• 25%: Vulnerability Management and Incident Response Support.
  • May provide incident response support to security staff during complex cybersecurity investigations, breaches, zero-day vulnerability response, or other important incidents.
• 15%: Communications and Leadership.
  • Be an active and contributing member of the campus IT community.
  • Be an enthusiastic advocate of information security.
  • Participate in project teams, committees, and policy development.
  • Lead committees appropriate to area of expertise.
• 10%: Continuing Education / Professional Development.
  • Keep up-to-date on information security tools, systems and techniques.
  • Take courses for professional development and additional certifications as appropriate.

UC Vaccination Programs Policy:

As a condition of employment, you will be required to comply with the University of California Policy on Vaccinations Programs.

As a condition of Physical Presence at a Location or in a University Program, all Covered Individuals* must participate in any applicable Vaccination Program by providing proof that they are Up-to-Date with any required Vaccines or submitting a request for Exception in a Mandate Program or properly declining vaccination in an Opt-Out Program no later than the Compliance Date (Capitalized terms in this paragraph are defined in the policy.). Federal, state, or local public health directives may impose additional requirements.

For more information, please visit University of California Policy on Vaccinations - https://policy.ucop.edu/doc/5000695/VaccinationProgramsPolicy

*Covered Individuals: A Covered Individual includes anyone designated as Personnel or Students under this Policy who physically access a University Facility or Program in connection with their employment, appointment, or education/training. A person accessing a Healthcare Location as a patient, or an art, athletics, entertainment, or other publicly accessible venue at a Location as a member of the public, is not a Covered Individual.

Equal Employment Opportunity:

UC Santa Barbara is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status or other protected status under state or federal law.

Reasonable Accommodations:

The University of California endeavors to make the UCSB Job site (https://jobs.ucsb.edu) accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Katherine Abad in Human Resources at 805-893-4664 or email katherine.abad@hr.ucsb.edu. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Privacy Notification Statement:

Privacy Notification Statement and Notice of Availability of the UCSB Annual Security Report Disclosures

Payroll Title: IT SCRTY ANL 3 (007338) or IT SCRTY ANL 4 (000661)

Job Code: 007338 or 000661

Job Open Date: 10/17/25

Application Review Begins: 11/3/25; open until filled

Department Code (Name): ISEC (ENTERPRISE SECURITY SERVICES)

Percentage of Time: 100%

Union Code (Name): 99 - Non-Represented (PPSM)

Employee Class (Appointment Type): Staff: Career

FLSA Status: Exempt

Classified Indicator Description (Personnel Program): PSS (IT SCRTY ANL 3) or MSP (IT SCRTY ANL 4)

Salary Grade: Grade 23 (ITS SCRTY ANL 3) or Grade 25 (IT SCRTY ANL 4)

Pay Rate / Range: The budgeted salary range that the University reasonably expects to pay for this position is $99,070-$124,800/yr for the Analyst 3 level and $122,620-$156,500/yr for the Analyst 4 level. Salary offers are determined based on final candidate qualifications and experience; the budget for the position; and the application of fair, equitable, and consistent pay practices at the University. The full salary range for this position is $88,000-$161,800/yr for the Analyst 3 level and $108,100-$204,900/yr for the Analyst 4 level.

Work Location: Onsite, Hybrid (SAASB, 4th Floor) or Remote

Working Days and Hours: M-F, 8-5

Benefits Eligibility: Full Benefits

Type of Remote or Hybrid Work Arrangement, if applicable: Onsite, Hybrid or Remote

Special Instructions: For full consideration, please include a resume and a cover letter as part of your application.

Application Status: If you would like to check the status of your application, please log into the Candidate Gateway where you applied and click on 'my activities'.