Data Security Analyst
Ann Arbor, MI
Full Time Mid-level / Intermediate USD 68K - 89K
How to Apply
Submit both a cover letter and resume to provide the hiring team with a sense of your experience. In the cover letter, please let us know how this role aligns with your career aspirations and skills. Combine your cover letter and resume into a single file before uploading it into the system.
The starting salary will vary depending upon the qualifications and experience of the selected candidate.
Summary
The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Data Security Analyst Intermediate to join the Responsible Information Security of Campus (RISC) Team within Information Assurance (IA). As part of a growing, high performance team with expanding responsibilities, you will work in a very collaborative environment to improve the security posture of the University's most sensitive and important assets and provide security services for university systems.
Who We Are
Information and Technology Services (ITS) supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and promoting university wide innovations. ITS's mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. For more information about ITS, visit: https://its.umich.edu/about
For more information about Information Assurance, please visit our website: https://safecomputing.umich.edu
Why Work at Michigan?
In addition to a career filled with purpose and opportunity, The University of Michigan offers a comprehensive benefits package to help you stay well, protect yourself and your family and plan for a secure future. Benefits include:
- Generous time off
- A retirement plan that provides two-for-one matching contributions with immediate vesting
- Many choices for comprehensive health insurance
- Life insurance
- Long-term disability coverage
- Flexible spending accounts for healthcare and dependent care expenses
- Dental and Vision Insurance
- Parental and Maternity Leave
Responsibilities*
- Risk Management – Use tools and methodology to assess the information security risks associated with sensitive and important systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range
- Compliance – Determine applicability and scope of several regulations; interpret and implement technical requirements to ensure compliance
- System and Application Hardening – Develop secure system and application configuration standards observing applicable policies, regulations, and laws
- Education & Awareness - Support campus units through delivery of education and awareness materials, security orientations and training,
Additional Duties may include the following based on your experience:
- Security Advising - Provide on-demand and in-depth ongoing security advising to campus units regarding security projects, systems procurement and hardening, handling sensitive data, system security plans, research proposals, and other security related topics.
- Subject Matter Expert – Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services; Participate in the design, implementation, and continuous improvement of security service offerings. Provide consulting services to campus units on your subject matter expertise.
- Incident Response – In collaboration with the Incident Response team, perform activities (e.g. containment, eradication, restoration) in response to reported information security incidents and following established incident response procedures. Participate in lessons learned activities
Required Qualifications*
- Bachelor's degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
- Minimum of 4 years information technology experience
- Minimum of 2 years of experience applying security related technologies, practices, or services
- System administration background with Microsoft, Macintosh or *nix environments
- Experience with fundamental Operating System and TCP/IP Networking concepts
- Experience with fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, or Firewalls
- Experience with fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
- Experience with, responsibility for, and understanding of at least two of the security related technologies or practices listed in the previous two bullets
- A commitment to collaboration, teamwork, and improvement
Desired Qualifications*
- Experience with network based threat hunting using a SIEM
- Experience performing information security risk assessments using an interview-based approach
- Experience assessing the security architecture of proposed IT solutions
- Experience performing web application security assessments
- Experience with software security assessment (e.g. threat modeling and code review)
- Experience with security controls for Windows, Macintosh, Linux, and Networking platforms
- Experience with the assurance implications associated with cloud-based solutions
- Experience with mobile device security issues, strategies, and controls
- Experience securing virtualized environments
- Experience with the assurance implications of several regulatory and compliance requirements including Export Control, HIPAA, CUI, FISMA, and PCI
- Experience working across organizational boundaries
- Information Security Certification. For example, CISSP
Work Schedule
May require some after-hours/on-call support based on business needs
Underfill Statement
UM-ITS welcomes a healthy applicant pool so we encourage all interested applicants to apply. This position may be underfilled at a lower classification depending on the qualifications of the selected candidate.
Application Deadline
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
U-M EEO/AA Statement
The University of Michigan is an equal opportunity/affirmative action employer.
U-M COVID-19 Vaccination Policy
COVID-19 vaccinations, including boosters when eligible, are required for all University of Michigan students, faculty and staff across all campuses, including Michigan Medicine. This includes those working remotely. More information on this new policy is available on the Campus Blueprint website or the UM-Dearborn and UM-Flint websites.
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Application Security Engineer/Architect jobs
- Open Lead Security Engineer jobs
- Open Head of Information Security jobs
- Open Staff Application Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Operations Engineer jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior DevSecOps Engineer jobs
- Open SOC Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Operations Lead jobs
- Open Security Officer 3 jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Security Researcher jobs
- Open Information Security Officer jobs
- Open Security Officer 2 jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open OWASP-related jobs
- Open Agile-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open CISM-related jobs
- Open Ruby-related jobs
- Open Open Source-related jobs
- Open JavaScript-related jobs
- Open Encryption-related jobs
- Open Splunk-related jobs
- Open CISA-related jobs
- Open Security assessments-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open ISO 27001-related jobs
- Open Docker-related jobs
- Open Governance-related jobs
- Open Threat detection-related jobs