Incident Response Analyst

University of Southern California

The University of Southern California (USC) department of Information Technology Services (ITS) is seeking two (2) Incident Response Analysts with an exceptional commitment to service excellence.

The Incident Response Analyst is the second level of inquiry of security events, communicating directly and escalating throughout incidents. The analyst hunts for suspicious activity, reviews the Security Operations Center team’s work and false positives, and provides feedback to improve alert accuracy. They will also analyze log files and take an active part in containing issues, even after escalating when necessary. Primary work hours Monday through Friday days but that may change in the future, and all analysts participate in an On-Call Rotation.

These are fixed-term position with an anticipated end date of one year from the date of hirePlease note that this full-time role is eligible for all benefits/perks offered by USC to its employees of comparable tenure, including but not limited to medical, dental, vision plans, tuition assistance, and paid sick/vacation/holidays.


The Incident Response Analyst will:

  • Provides second level of investigation of security events, producing vulnerability, configuration, and coverage metrics.
  • Analyzes log files and, working with SOC teams, investigates, compiles relevant technical and background information, and performs forensics and post-mortem analysis of information security and incidents.
  • Communicates directly with data asset owners and business response plan owners throughout incidents and high-security events, per the IR guidelines, escalating issues when necessary and protecting the confidentiality, integrity and information owned or entrusted by the university.
  • Hunts for suspicious, anomalous activity based on data alerts and outputs from various toolsets, and reports and summarizes findings to facilitate remediation tasks.
  • Takes an active part in the containment of events of interest, even after escalations.
  • On-Call – All analysts are subject to an On-Call Rotation. The On-Call job responsibility is to provide support during off hours when incidents occur.
  • Reviews and takes a proactive approach to false positives, and works with the various SOC teams to tune and provide feedback to improve accuracy of the alerts.
  • Prepares reports and conducts briefings on significant investigations.
  • Applies critical thinking and risk analysis methodologies when considering evaluating impact of vulnerabilities, relative risks, and any possible solutions.
  • Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
  • Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time.


Candidates for the position of Incident Response Analyst must meet the following qualifications:

  • Bachelor’s degree or combined experience/education as substitute for minimum education
  • 3 years of experience of relevant experience.
  • Knowledge of network security zones, firewalls, and IDS. Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event.
  • Knowledge of packet capture and analysis. Experience with log management or security information management tools. Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat). Ability to make information security risk determinations.
  • Effective verbal and written communication skills.


The ideal candidate for the position of Incident Response Analyst will have the following qualifications:

  • Associate degree or higher with focus in Cybersecurity or equivalent experience.
  • 5 years of experience including 3 or more years of Information Security experience and 2 or more years’ experience as an SOC analyst, including a year or more as a level-two investigation analyst.
  • Certifications such as CCNA certification or Security Essentials – SEC401 (optional GSEC certification).
  • Experience within higher education is preferred.


The ITS vision aligns strategy, business, and services; affirms ITS cultural values; empowers cross-functional teamwork; embraces world-class best practices; and promotes innovation, excellence, agility, and efficiency. To achieve this vision, ITS is committed to providing a modern technology infrastructure that is resilient and delivers the performance necessary to meet the demands of a growing customer base, training in the latest technologies for its highly productive and motivated workforce, outstanding customer experience, and technology services that are aligned with the university’s mission to provide exceptional learning opportunities for students. ITS is creating a workplace where employees can develop cutting-edge skills, take pride in the services they provide, and have access to the roles and career paths that align to their abilities and potential. We are looking for top talent to join us on our journey.


USC’s ITS organization represents a diverse and talented team, committed to supporting a collaborative culture and delivering secure and innovative IT services that are core to the mission of the university. We are also committed to creating and maintaining meaningful partnerships across the university. At ITS, we act with integrity in the pursuit of excellence; embrace diversity, equity and inclusion; promote well-being; engage in open two-way communication and are accountable for living our values. ITS strives for a supportive and inclusive culture that encourages employees to do their best work every day and where individuals are recognized and celebrated for their contributions.


USC is the leading private research university in Los Angeles-a global center for arts, technology, and international business. With more than 47,500 students, we are located primarily in Los Angeles but also in various US and global satellite locations. As the largest private employer in Los Angeles, responsible for $8 billion annually in economic activity in the region, we offer the opportunity to work in a dynamic and diverse environment, in careers that span a broad spectrum of talents and skills across a variety of academic and professional schools and administrative units. As a USC employee and member of the Trojan Family-the faculty, staff, students, and alumni who make USC a great place to work-you will enjoy excellent benefits, including a variety of well-being programs designed to help individuals achieve work-life balance. USC values diversity and is committed to equal opportunity in employment.

Come join the USC ITS team and work as a trusted partner in shaping an environment of innovation and excellence. Apply today!

The annual base salary for this position is $70,000 to $90,000. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

Minimum Education:
Bachelor’s degree

Additional Education Requirements
Combined experience/education as substitute for minimum education

Minimum Experience:
3 years

Minimum Skills:
Knowledge of network security zones, firewalls, and IDS.
Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event.
Knowledge of packet capture and analysis. Experience with log management or security information management tools.
Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat).
Ability to make information security risk determinations. Effective verbal and written communication skills.

Preferred Education:
Associate’s degree Cyber Security

Preferred Experience:
3 years in information security
2 years as an SOC analyst
1 year as a level-two investigation analyst

USC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law or USC policy. USC will consider for employment all qualified applicants with criminal histories in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring ordinance. We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact USC Human Resources by phone at (213) ###-####, or by email at … Inquiries will be treated as confidential to the extent permitted by law.

Read USC’s Clery Act Annual Security Report

Notice on Non-Discrimination

Certain positions are subject to background screening

EEO is the Law

EEO is the Law Supplement

Pay Transparency Non-Discrimination

USC is an E-Verify Employer

If you are a current USC employee, please apply to this USC job posting in Workday by copying and pasting this link into your browser:


To apply, please visit the following URL:→