Security Administrator Cyber Defense

The Security Administrator (Cyber Defense) provides hands‑on cybersecurity protection and response capabilities for University Lands. This role safeguards UL’s information assets by managing firewalls and network segmentation, overseeing vulnerability management across all systems, and leading incident response and recovery. Working closely with Client’s central Information Security Office, the Security Administrator enhances and operates a local “branch SOC,” providing dashboards, alerting, and investigative capabilities that integrate with enterprise‑level monitoring.

• Administer and tune next‑generation firewalls, IDS/IPS, and segmentation policies
• Monitor and analyze alerts from SIEM, EDR, and firewall platforms
• Build and maintain dashboards and detection rules for local SOC visibility
• Perform packet‑level and log analysis to identify malicious or anomalous activity
• Coordinate with Client SOC to align alerting, escalation, and detection coverage

• Conduct regular vulnerability scans across servers, endpoints, and network infrastructure
• Interpret results, prioritize risk, and remediate or coordinate remediation
• Track remediation metrics and produce executive summaries of risk posture
• Apply configuration baselines and ensure patch management compliance
• Lead containment, eradication, and recovery during security incidents (e.g., ransomware, intrusion, data breach)
• Maintain and execute incident response runbooks and evidence handling procedures
• Perform root‑cause and post‑incident analysis; recommend improvements
• Coordinate with central ISO and vendors for forensics or law‑enforcement notifications

• Implement and maintain security technologies such as MFA, enterprise EDR/XDR platforms, and vulnerability management systems
• Secure virtualization, network infrastructure, and server/storage systems
• Support zero‑trust and micro‑segmentation initiatives within on‑prem and hybrid environments
• Collaborate on new system deployments to ensure secure design and compliance

• Assist in risk assessments, third‑party security reviews, and audits
• Provide documentation and technical responses to TAC 202, UTS 165, and NIST CSF controls
• Maintain evidence repositories for audit readiness and continuous improvement
• Partner with Infrastructure, Client Services, and Solutions Development teams to ensure consistent security practices
• Provide technical input for user‑awareness initiatives and IT security training
• Participate in after‑hours response during critical incidents or maintenance windows

• Proficient in administering Windows and Linux systems, virtualization platforms, and enterprise network environments
• Experience with vulnerability scanning tools, patch management platforms, and firewall configurations
• Familiarity with cybersecurity frameworks and compliance standards such as NIST CSF
• Ability to translate complex security issues into actionable tasks
• Strong troubleshooting skills across multiple technology layers
• Ability to work independently in a high‑responsibility environment
• Effective communicator with both technical and non‑technical staff
• Ability to maintain the security and integrity of Client's Administration infrastructure

• Bachelor’s degree in Information Technology, Cybersecurity, or related field
• Minimum of 5 years’ experience in IT Operations with a strong security component
• Each additional year of experience over the minimum may substitute for one year of college (30 semester hours)

• Certifications such as Security+, SSCP, CISSP, or equivalent
• Direct experience with firewalls, network segmentation, vulnerability management, and incident response
• Hands‑on experience with next‑generation firewalls, enterprise vulnerability management platforms, and EDR/XDR solutions
• Familiarity with Microsoft Active Directory, Group Policy, and identity/access management best practices
• Experience supporting hybrid infrastructure environments (on‑prem + cloud)
• Background in small team environments requiring multi‑role flexibility

Minimum 5 years of IT Operations with a strong security component