Data Security Analyst Intermediate/Associate
Ann Arbor, MI
Applications have closed
University of Michigan - ITS
How to Apply
To be considered, a cover letter and resume are required. The cover letter must be the leading page of your resume and should:
- Specifically outline the reasons for your interest in the position and
- Outline your particular skills and experience that directly relate to this position.
Starting salaries will vary depending upon the qualifications and experience of the selected candidate.
Summary
The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Data Security Analyst Intermediate to join the Responsible Information Security of Campus (RISC) Team within Information Assurance (IA). As part of a growing, high performance team with expanding responsibilities, you will have the opportunity to work in a very collaborative and dynamic environment to assess and improve the security posture of the University’s most sensitive and critical assets and provide security services for university systems.
For more information about ITS, please visit our website: http://its.umich.edu/
Who We Are
ITS supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and enabling university wide innovations by:
- Elevating the customer experience by providing proactive, laser focused customer service
- Providing appropriate IT security and privacy in an open university society, while enabling innovation
- Supporting data-informed decision making
- Delivering intuitive research computing solutions
- Building a world-class, transformational network and reliable administrative systems
In addition, we value those that proactively solve challenges, work with a sense of urgency, and seek a collaborative and inclusive work environment.
ITS’s mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. To learn more, visit: https://its.umich.edu.
The Information Assurance (IA) Office:
- Directs IT security, policy, compliance, privacy, enterprise continuity, and identity and access management (IAM) strategy across the entire university.
- Proactively mitigates IT security risks in partnership with U-M's campuses—UM-Ann Arbor, UM-Dearborn, UM-Flint, and Michigan Medicine.
- Collaborates with U-M units to:
- Develop university IT security, privacy, and IAM strategy.
- Implement best practice security, privacy, and IAM infrastructure and protocols.
- Takes a risk-based approach to securing the university’s most sensitive information assets that enables teaching, learning, research, and healthcare in a large open environment.
- Provides operational information assurance and IAM services that enable the university to excel in its research, teaching, and patient care missions
- Provides guidance to the entire university community on IT security and privacy compliance best practices to help individuals protect university systems and data, as well as their own personal information.
For more information about Information Assurance, please visit our website: https://safecomputing.umich.edu
Who You Are
You are energized by working with a collaborative team and industry peers to support the university mission through innovative and appropriate use of technology. You seek understanding and to tackle projects and problems with your customers’ needs in mind. You anticipate problems and work proactively to preempt challenges and concerns, delivering increasingly relevant customer experiences over time. You value a culture that is rooted in mutual respect, where you can learn from different perspectives, roles, and identities.
You have at least two (2) years of experience applying security related technologies, practices, or services.
Responsibilities*
Participate in the successful execution of a potentially wide range of security services and activities. Examples include:
- Risk Management – Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range
- Compliance – Determine applicability and scope of various regulations; interpret and implement technical requirements to ensure compliance
- System and Application Hardening – Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws
- Education & Awareness - Support campus units through creation and delivery of education and awareness materials, security orientations and training,
Additional Duties may include the following based on skills and experience of the candidate -
- Security Advising - Provide on-demand and in-depth ongoing security advising to campus units regarding security initiatives, systems procurement and hardening, handling sensitive data, system security plans, research proposals, and other security related topics.
- Subject Matter Expert – Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services; Participate in the design, implementation, and continuous improvement of security service offerings. Provide consulting services to campus units on your subject matter expertise.
Incident Response – In collaboration with the Incident Response team, carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities
Required Qualifications*
- Bachelor’s degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
- Minimum of 4 years information technology experience
- Minimum of 2 years of experience applying security related technologies, practices, or services
- System administration background with Microsoft, Macintosh or *nix environments
- Solid understanding of fundamental Operating System and TCP/IP Networking concepts
- Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
- Solid understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
- Extensive exposure to, experience with, responsibility for, and deep understanding of at least two of the security related technologies or practices listed in the previous two bullets
- A strong commitment to collaboration, teamwork, and continual improvement
- Outstanding verbal, written, and presentation communication skills, including the ability to explain technical concepts to a non-technical audience
- Demonstrated success working independently, and completing tasks within established deadlines
Desired Qualifications*
- Experience performing information security risk assessments using an interview-based approach
- Experience assessing the security architecture of proposed IT solutions
- Experience performing web application security assessments
- Experience with software security assessment (e.g. threat modeling and code review)
- Detailed understanding of security controls for Windows, Macintosh, Linux, and Networking platforms
- Detailed understanding of the assurance implications associated with cloud-based solutions
- Solid understanding of mobile device security issues, strategies, and controls
- Experience securing virtualized environments
- Detailed understanding of the assurance implications of various regulatory and compliance requirements including Export Control, HIPAA, CUI, FISMA, and PCI
- Demonstrated success working across organizational boundaries
- Information Security Certification. For example, CISSP
Work Schedule
May require some after-hours/on-call support based on business needs
Work Locations
Will require travel to various locations on and off university campus
Application Deadline
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
U-M EEO/AA Statement
The University of Michigan is an equal opportunity/affirmative action employer.
U-M COVID-19 Vaccination Policy
COVID-19 vaccinations are now required for all University of Michigan students, faculty and staff across all three campuses, including Michigan Medicine. This includes those working or learning remotely. More information on this policy is available on the Campus Blueprint website or the U-M Dearborn and U-M Flint websites.
Tags: Application security CISSP Cloud Compliance Computer Science Encryption Firewalls FISMA HIPAA IAM IDS Incident response IPS Linux NIST Pentesting Privacy Risk management Security assessment Strategy System Security Plan TCP/IP Vulnerability management Windows
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Product Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Cyber Security Specialist jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open IPS-related jobs