At UPMC, we are committed to keeping our community safe and healthy as the COVID-19 pandemic unfolds. As our team continues to provide Life Changing Medicine to our patients, our recruiters will continue to fill positions throughout this time. Interviews and other processes may be modified to protect the safety of our candidates and employees. Thank you for your patience.

For more information about UPMC's response to COVID-19, please visit

Job Description

Job Title: Information Security Analyst - Intermediate (SOC Analyst)
Job ID: 789967832
Status: Full-Time
Regular/Temporary: Regular
Shift: Day Job
Facility: Corporate Information Services
Department: ISD System Security
Location: 2000 Mary St, Pittsburgh PA 15203




Under the general direction of the management team and senior staff, the Information Security Analyst - Intermediate supports the UPMC ISD System Security teams efforts to develop secure systems and networks through the use of automated tools, execution of security processes and procedures, and reporting.  This position will be focused on Security Operations and investigating alerts daily.

Lastly, this Info Security Analyst must have familiarity with security principles. If you are interested in a career with the quickly growing UPMC System Security team, we invite you to apply today!


  • Develop and maintain security incident handling processes.
  • Review and revise security policies as identified through technology and risk analysis reviews.
  • Problem Resolution Resolves most common and many moderately complex to complex problems/issues/ opportunities. Responds to unfamiliar, undefined, unexpected or unstable situations with the professionally-prescribed standard response.
  • Disaster Recovery Follow defined standard designs, and develop backup/restore, server and network technologies and protocols with in accepted standards. Collaborates with IS colleagues to share information and set new DR infrastructure & processing standards. Communicates and trains security and disaster recovery procedures to the IT staff Develops recovery procedure models. Tests contingency capabilities; responsible for recovery exercise preparation.
  • Highly motivated to apply process improvement (CMMI) to increase product and service quality to achieve business objectives.
  • Security Technology Design, Development Develop security requirements for hardware, software, and services acquisitions specific to the IT security program (e.g., purchase of virus-scanning software or security reviews) and for inclusion in general IT acquisition guidance. Install and operate the IT systems in a test configuration in a manner that does not alter the program code or compromise security safeguards.
  • Develop and deliver Security Awareness Training Programs to all affiliated entities.
  • Assist Application and System Support representatives in the development and accreditation of Security Plans to ensure policy and best practice compliance of controls in place.
  • Fulfill departmental requirements in terms of providing work coverage and administrative notification during periods of personal illness, vacation, or education.
  • Resolve security issues in complex multi-disciplined environments.
  • Provide on-call support at designated times in accordance with the policies and procedures of the Health System.
  • Ability to establish priorities and delegate tasks to the appropriate personnel or work independently as necessary.
  • Project Management Works with project manager to define tasks and create team work plans with moderate supervision. Delegates work to others and monitors progress. Identifies issues affecting work progress and recommends solutions. Communicates schedule variances and potential scope changes in status reports. Controls project costs, communicating any project-related expenses and recommends ways to control costs.
  • Business Partnership Interfaces with business partners to help identify issues and resolve problems. Analyzes business requests for feasibility review, including initial cost/benefit analysis; prioritizes requests and conducts capacity planning.
  • Develop and implement intrusion detection processes and procedures for both host and network based solutions
  • Provide service to ISD client community, patients, families and visitors, while protecting the integrity and confidentiality of all data and information through physical and electronic measures.
  • Develop automated routines for account administration and security measure deployment efficiencies.
  • Develop and implement security policy enforcement technologies.
  • Perform high risk and sensitive security strength testing and analysis.
  • Business Continuance Reviews and evaluates IT system development documents to ensure that system safeguards, as a whole, results in an acceptable level of risk. Evaluates configuration controls, reviews security test plans and procedures, ensures that documented security requirements are tested and comply with formal design specifications. Identifies areas where specific IT security countermeasures are required and independently contributes to design and development of those countermeasures. Identifies security requirements to be included in statements of work and other procurement documents (e.g., procurement requests, purchase orders, task orders, and proposal evaluation summaries) as required by CHI IT and Financial policies. Identifies alternative functional IT security strategies to address specific system security issues or situations.
  • In the course of professional activities, conducts themselves in accordance with the highest standards of moral, ethical and legal behavior
  • Develop and maintain service levels with the various user departments and Heath System business units, and creates reports on the attainment of those levels.



  • Typically has a 4-year academic degree and 2+ years of information security or equivalent practical work experience.
  • Demonstrates and applies thorough understanding of information technology tools, best practices, and concepts.
  • Completes on-going training on-the-job, through courses, self-study, certifications and/or advanced degrees to maintain and enhance technical and business capabilities.
  • Maintains current knowledge of security techniques and technologies and applies that knowledge to mitigate risk.
  • Participates in an On-Call Team rotation.


  • Information security certifications preferred but not required (SSCP, Security+, etc.)
  • Experience with SIEM technology to review and monitor logs and alerts daily.
  • Experience using Python to solve day to day issues through automation.

Licensure, Certifications, and Clearances:
CompTIA Network+ and Security+ certifications are preferred

UPMC is an Equal Opportunity Employer/Disability/Veteran



Salary Range: $33.13 to $50.42 / hour

Union Position: No

Apply Current Employee?


At UPMC, our shared goal is to create a cohesive, positive, experience for our employees, patients, health plan members, and community. If you too are driven by these values, you may be a great fit at UPMC!


UPMC provides a total rewards package that can help you achieve the goals you have for your career and your personal life. Whether you want to learn a new skill through a training course, reach personal health and wellness targets, become more involved in your community, or follow a career path that provides you with the right experience to be successful, UPMC can help you get to where you want to be.


Now more than ever, YOU can help us shape our communities and UPMC into a better place for everyone to work, study, play, and thrive.

Learn more about working here and check out our policies and recent updates.

UPMC Health Plan Named Best Places to Work for LGBTQ Equality in 2020

UPMC Ranked #1 Best Places for Women and Diverse Managers in 2019

Talent Network