UTSA

Org Marketing Statement

The University of Texas at San Antonio is a Tier One research university and a Hispanic Serving Institution specializing in cybersecurity, health, fundamental futures, and social-economic transformation. With more than 35,000 students, it is the largest university in the San Antonio region. UTSA advances knowledge through research and discovery, teaching and learning, community engagement and public service, and with an intentional focus on career readiness the university produces more graduates for the workforce than any other institution in the region. It is a catalyst for socioeconomic development and the commercialization of intellectual property — for Texas, the nation and the world. UTSA has been recognized as a Top Employer in Texas by Forbes Magazine. Learn more online, on UTSA Today or on X (formerly Twitter), Instagram, Facebook, YouTube or LinkedIn.

In 2024, the UT System Board of Regents authorized UT System to begin integrating UTSA and UT Health San Antonio into one unified institution, establishing a world-class university that integrates academic, research, and clinical excellence to build a profoundly impactful university of the future. Driven by a vision for growth and impact, this merger will expand capacity to offer robust undergraduate and graduate programs, attract top-tier faculty and staff, develop innovative initiatives, and elevate transdisciplinary research to address the evolving needs of the region.

Posting End Date: Applications will be accepted through 11:59 PM CDT on 5/22/2025. At the discretion of the hiring department, this position posting may close once a sufficient number of qualified applications have been received.

Salary Range: Up to $88,500 annualized, commensurate with education, experience and qualifications.

Hours: 40 hours per week, exempt.

Required Application Materials:

• Resume is required.
• Cover letter is preferred.

Essential Functions

Job Summary

Responsible for executing comprehensive cybersecurity operations functions including advanced alert triage, threat intelligence analysis, and incident response activities. This role contributes directly to threat hunting, purple teaming, and automation of detection content across SIEM and SOAR platforms. The analyst leads technical investigations, develops response artifacts, and refines operational playbooks in alignment with the MITRE ATT&CK framework and NIST 800-53. Working in close coordination with DevOps, digital forensics, and the broader IT organization, the analyst ensures cross-team visibility, contributes to strategic detection use cases, and advances the university’s ability to detect, respond to, and learn from real-world threats.

This advanced cybersecurity position within UTSA’s Cybersecurity Operations team is responsible for threat detection, analysis, and response across the university’s digital ecosystem. Operating as a Tier 3 analyst, this role integrates SOC monitoring, threat intelligence, and incident response to ensure early detection, rapid containment, and continuous visibility into emerging threats. The position requires a strong understanding of adversary TTPs, automation pipelines, and detection engineering practices to support proactive defense strategies. The analyst collaborates closely with cybersecurity engineering, DevOps, and compliance teams to enhance detection capabilities and reduce mean time to respond.

Core Responsibilities

1. Monitor and analyze security alerts from a variety of sources including SIEM, EDR, threat intelligence platforms, and anomaly detection tools.
2. Conduct Tier 3 triage of potential incidents, correlating data across endpoints, network, identity, and cloud sources to validate and assess threat impact.
3. Lead and document technical investigations of security events, coordinating with DevOps, system owners, and engineering teams as needed.
4. Develop and tune detection rules, correlation logic, and content packs in platforms such as Splunk and SOAR tools, ensuring alignment with evolving TTPs.
5. Perform threat intelligence analysis including IOC enrichment, TTP tracking, and campaign analysis using frameworks such as MITRE ATT&CK.
6. Maintain and improve incident response playbooks, including root cause analysis, incident timelines, and post-incident reviews.
7. Collaborate with Cybersecurity DevOps engineers to automate telemetry ingestion, event enrichment, and response actions across security platforms.
8. Participate in purple team exercises, detection use case validation, and threat simulations to assess and improve detection and response capabilities.
9. Assist in vulnerability triage and threat contextualization, working closely with vulnerability management and compliance stakeholders.
10. Partner with the Office of Information Security to contextualize threats, inform phishing campaigns, and contribute to awareness efforts when applicable.
11. Provide clear and timely documentation, incident reports, and communications for internal stakeholders and external compliance/audit needs.
12. Deliver operational metrics and participate in reporting on detection effectiveness, incident trends, and playbook usage.
13. Maintain awareness of the threat landscape and recommend improvements to tools, methods, and workflows to keep pace with evolving adversaries.
14. Participate in security exercises, professional development, and collaborative team initiatives across IT, academic, and research units.
15. Performs other duties as assigned.

Required Qualifications

• Bachelor’s degree from an accredited institution in Cybersecurity, Computer Science, Information Systems or a closely related technical field.
• At the department’s discretion, experience may substitute for education on a year-for-year basis.
• Security certification (e.g., GCIA, GCIH, GCFA, CySA+, CEH, or equivalent) or ability to obtain within 180 days of hire.
• Three (3) years of experience in cybersecurity operations, including security monitoring, alert triage, threat analysis, or incident response to include:
  • Experience scripting/programming to enhance cybersecurity operations.
  • Experience in cybersecurity investigations, threat hunting, detection and remediation.
• This position requires the ability to maintain the security and integrity of UTSA and its infrastructure.

Preferred Qualifications

• Graduate-level coursework or specialized training in cybersecurity operations, threat intelligence, incident response, or security automation. Participation in cyber labs, competitions, or academic research involving security operations or adversary emulation.
• Experience working with SIEM platforms (e.g., Splunk), security telemetry, detection rules, and security automation tools. Demonstrated ability to conduct investigations, correlate multi-source alerts, and contribute to security documentation and reporting.
• Experience with scripting or automation (e.g., Python, PowerShell, REST APIs) to enrich SOC workflows or improve detection capabilities. Familiarity with threat intelligence platforms, MITRE ATT&CK, and purple team or threat simulation tools. Prior involvement in content development, log source onboarding, or detection-as-code workflows.
• Familiarity with higher education environments or research-focused security challenges.

Knowledge Skills & Abilities

• Strong understanding of core networking protocols (e.g., TCP/IP, DNS, HTTP, SMB) and endpoint security fundamentals.
• Excellent verbal and written communication skills, ability to communicate technical concepts to a non-technical audience.
• Excellent organization, problem resolution and teamwork skills.
• Strong customer service orientation.
• Thorough high-level understanding of IT services and technologies in use.

Additional Information

• UTSA is a tobacco free campus.
• This is a security sensitive position. Employment is contingent upon a successful background check.
• Applicants selected must be able to show proof of eligibility to work in the United States by time of hire.
• Valid driver’s license and Motor Vehicle Record (MVR) as applicable.

Working Conditions

Working Environment:

• Office environment.
• Ability to travel to and from meetings, training sessions or other business-related events.
• Workdays, areas, and work hours may vary based on the needs of the department.

Physical Demands:

• Sedentary work; sitting most of the time. Jobs are sedentary, if walking and standing are required, only occasionally.
• Sedentary: Up to 10lbs - Ability to exert up to 10 pounds of force to lift, carry, push, pull or otherwise move objects.

This position primarily works remotely in Texas but may work on campus on an infrequent basis (approximately four days or less per month). When an employee is required to work on campus, travel and parking expenses are the employee’s responsibility. Applicants must be adaptable and open to working in both environments.

Equal Employment Opportunity

As an equal employment opportunity and affirmative action employer, it is the policy of The University of Texas at San Antonio to promote and ensure equal employment opportunity for all individuals regardless of race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability or genetic information, and veteran status. The University is committed to the Affirmative Action Program in compliance with all government requirements to ensure nondiscrimination. Women, minorities, people with disabilities and veterans are encouraged to apply. UTSA campuses are accessible to persons with disabilities.