To be considered, a cover letter and resume are required. The cover letter must be the leading page of your resume and should:
Specifically outline the reasons for your interest in the position and
Outline your particular skills and experience that directly relate to this position.
Starting salaries will vary depending upon the qualifications and experience of the selected candidate.
The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Data Security Analyst Intermediate to join the Responsible Information Security of Campus (RISC) Team within Information Assurance (IA). As part of a growing, high performance team with expanding responsibilities, you will have the opportunity to work in a very collaborative and dynamic environment to assess and improve the security posture of the University’s most sensitive and critical assets and provide security services for university systems.
Participate in the successful execution of a potentially wide range of security services and activities. Examples include:
Risk Management – Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range
Compliance – Determine applicability and scope of various regulations; interpret and implement technical requirements to ensure compliance
System and Application Hardening – Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws
Education & Awareness - Support campus units through creation and delivery of education and awareness materials, security orientations and training,
Additional Duties may include the following based on skills and experience of the candidate -
Security Advising - Provide on-demand and in-depth ongoing security advising to campus units regarding security initiatives, systems procurement and hardening, handling sensitive data, system security plans, research proposals, and other security related topics.
Subject Matter Expert – Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services; Participate in the design, implementation, and continuous improvement of security service offerings. Provide consulting services to campus units on your subject matter expertise.
Incident Response – In collaboration with the Incident Response team, carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities
Bachelor’s degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
Minimum of 4 years information technology experience
Minimum of 2 years of experience applying security related technologies, practices, or services
System administration background with Microsoft, Macintosh or *nix environments
Solid understanding of fundamental Operating System and TCP/IP Networking concepts
Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
Solid understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
Extensive exposure to, experience with, responsibility for, and deep understanding of at least two of the security related technologies or practices listed in the previous two bullets
A strong commitment to collaboration, teamwork, and continual improvement
Outstanding verbal, written, and presentation communication skills, including the ability to explain technical concepts to a non-technical audience
Demonstrated success working independently, and completing tasks within established deadlines
Experience performing information security risk assessments using an interview-based approach
Experience assessing the security architecture of proposed IT solutions
Experience performing web application security assessments
Experience with software security assessment (e.g. threat modeling and code review)
Detailed understanding of security controls for Windows, Macintosh, Linux, and Networking platforms
Detailed understanding of the assurance implications associated with cloud-based solutions
Solid understanding of mobile device security issues, strategies, and controls
Experience securing virtualized environments
Detailed understanding of the assurance implications of various regulatory and compliance requirements including Export Control, HIPAA, CUI, FISMA, and PCI
Demonstrated success working across organizational boundaries
Information Security Certification. For example, CISSP
May require some after-hours/on-call support based on business needs
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
The University of Michigan is an equal opportunity/affirmative action employer.
U-M COVID-19 Vaccination Policy
COVID-19 vaccinations are now required for all University of Michigan students, faculty and staff across all three campuses, including Michigan Medicine. This includes those working or learning remotely. More information on this policy is available on the Campus Blueprint website or the U-M Dearborn and U-M Flint websites.
A great university is made so by its faculty and staff, and Michigan is recognized as one of the best universities to work for in the country. The Michigan culture is known for engaging faculty and staff in all facets of the university to create a workplace that is vibrant and stimulating.For two consecutive years, the Chronicle of Higher Education has placed U-M in its "Great Colleges to Work For" survey. In particular, the university earns high marks for strong relations between faculty and administrators, a collaborative system of governance, strong pay and benefits, and a healthy work/life balance.