Apply Now Clicking "Apply Now" opens the link in a new window.

How to Apply

A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

Job Summary

The University of Michigan's Information Assurance team at Michigan Medicine (IA:MM) is seeking a candidate to fulfill the role of Security Analyst Intermediate. This role will join the Cybersecurity Operations Team within IA:MM. The team is be responsible for security incident response services for servers, end user computers, and mobile devices within Michigan Medicine related to such areas as malware infections and network intrusions. Also, the team provides security consultation, as required, on a variety of subject areas and works with the appropriate data owners/stewards to safeguard sensitive data.

A successful Security Analyst Intermediate must be a motivated, creative, results-oriented, adaptable, and data driven professional that is willing to be part of the team helping to secure the highly dynamic environment within Michigan Medicine.

Responsibilities*

  • Carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities
  • Detect and prevent intrusions using IDS/IPS, SIEM, and other tools
  • Expose and/or assess the impact of reported vulnerabilities; implement mitigation strategies based on severity
  • Monitor and provide support Michigan Medicine around security policy and security standards
  • Identify sensitive data and provide input for proper storage and protection; assist with remediation efforts as required
  • Provide information security consulting for various Michigan Medicine groups and units requesting information assurance assistance on a project or long-term consulting basis
  • Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services
  • Collaborate with the Compliance Office to determine applicability and scope of various regulations; assist in interpreting and/or implementing technical requirements to ensure compliance
  • Participate in the design, implementation, and continuous improvement of security service offerings
  • Build good relationships with teams, and stakeholders at all levels (e.g. management, colleagues, and employees) using strong competencies to build trust, change perceptions, effectively communicate, influence, and adapt
  • Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing

Required Qualifications*

Intermediate position requirements:

  • Bachelor’s degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
  • Minimum of 2 years information technology experience
  • Minimum of 2 years of experience applying security related technologies, practices, or services
  • Solid understanding of fundamental Operating System and TCP/IP Networking concepts
  • Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
  • Solid understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
  • Outstanding verbal and written communication skills
  • Demonstrated success completing tasks within established deadlines

Associate position requirements: 

  • Associate degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
  • 2 years information technology experience
  • Understanding of fundamental Operating System and TCP/IP Networking concepts
  • Understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
  • Understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
  • Exposure to, experience with, responsibility for, and understanding of at least two of the security related technologies or practices listed in the previous two bullets
  • Outstanding verbal and written communication skills
  • Demonstrated success completing tasks within established deadlines

Desired Qualifications*

  • Extensive exposure to, experience with, responsibility for, and deep understanding of at least four of the security related concepts or practices listed above
  • Experience performing information security risk assessments using an interview-based approach
  • Experience assessing the security architecture of proposed IT solutions
  • Detailed understanding of security controls for Windows, Macintosh, Linux, and Networking platforms
  • Detailed understanding of the assurance implications associated with cloud-based solutions
  • Solid understanding of mobile device security issues, strategies, and controls
  • Experience securing virtualized environments
  • Extensive system administration background with Microsoft, Macintosh and *nix environments
  • Detailed understanding of the assurance implications of various regulatory and compliance requirements including PCI and HIPAA
  • Demonstrated success working across organizational boundaries

Underfill Statement

This position may be underfilled at a lower classification depending on the qualifications of the selected candidate.

Background Screening

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act.

Mission Statement

The mission of UM Information Assurance is to direct university-wide IT security, IT policy, compliance, privacy, and enterprise continuity efforts and provide operation security services that enable the university to excel in its research, teaching, and patient care mission.

This role, as part of the academic medical center’s assurance program, is both part of UM Information Assurance and the Michigan Medicine Chief Information Officer’s program. The goal is to represent and balance the needs of the health system and medical school in the framework and processes of the greater UM Information Assurance effort.

Essential to the success of this position will be the ability to successfully navigate and work collaboratively with the IT organizations, assurance partners, technical security staff, and Michigan Medicine management and external organizations’ roles and priorities. We work in a highly collaborative environment with an extraordinary scope of responsibilities and priorities. A successful candidate will be required to operate with minimal supervision, deliver effective and predictable results, and solve problems creatively, yet practically. A candidate should be comfortable and confident in meeting deadlines and executing timely performance of operations and project work within shared systems of work. This organization changes to suit the needs of the institution. Candidates should understand the dynamic nature of information services within an academic health center, information technology operations, and medical education

Application Deadline

Job openings are posted for a minimum of seven calendar days.  This job may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.