Apply Now Clicking "Apply Now" opens the link in a new window.

How to Apply

A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

Job Summary

The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Data Security Analyst Intermediate. As part of a growing, high performance team with expanding responsibilities, you will have the opportunity to work in a very collaborative and dynamic environment to assess and improve the security posture of the University’s most sensitive and critical assets and provide security services for university systems.


ITS supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and enabling university wide innovations by:

  • Elevating the customer experience by providing proactive, laser focused customer service
  • Providing appropriate IT security and privacy in an open university society, while enabling innovation
  • Supporting data-informed decision making
  • Delivering intuitive research computing solutions
  • Building a world-class, transformational network and reliable administrative systems

In addition, we value those that proactively solve challenges, work with a sense of urgency, and seek a collaborative and inclusive work environment.

 ITS’s mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. To learn more, visit:

What You'll Do

You are energized by working with a collaborative team and industry peers to support the university mission through innovative and appropriate use of technology. You seek understanding and to tackle projects and problems with your customers’ needs in mind. You anticipate problems and work proactively to preempt challenges and concerns, delivering increasingly relevant customer experiences over time. You value a culture that is rooted in mutual respect, where you can learn from different perspectives, roles, and identities.


Assurance Team members facilitate a broad range of responsibilities related to Information and Infrastructure Assurance’s (IIA) services including, but not limited to, Risk Management, Vulnerability Management, Data Loss Prevention, Hardening, Unit Security Services, Security Consulting, and Incident Response.  Designated roles are coordinated by management based on demand and prioritization.

  • Risk Management – Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework, HIPAA, and PCI and develop mitigation strategies to bring risk levels into an acceptable range.
  • Vulnerability Management – Detect and/or assess the impact of reported vulnerabilities; implement mitigation strategies based on severity.
  • Data Loss Prevention – Identify sensitive data and provide input for proper storage and protection; assist with remediation efforts as required.
  • System and Application Hardening – Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws.
  • Unit Security Services – Provide information security consulting for units utilizing ITS shared service offerings.
  • Security Consulting – Provide information security consulting for units requesting information assurance assistance on a project or long-term consulting basis.
  • Incident Response – Carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities.
  • Network Monitoring and Protection – Detect and prevent intrusions using IDS/IPS tools; Implement firewall policies and monitor effectiveness.
  • Compliance – Determine applicability and scope of various regulations; assist in interpreting and/or implementing technical requirements to ensure compliance.
  • Subject Matter Expert – Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services; Participate in the design, implementation, and continuous improvement of security service offerings.


Stay current with information security best practices and supporting technologies, as well as the threat environment and relevant advances in technologies.  This can include on-the-job training, attending technical courses or conferences, reading, research, and testing.  Develops and follows best practices, procedures, and share knowledge with team members.  Mentors less experienced staff.

  • Demonstrate skill development by actively participating in growth opportunities for continuous development and improvement and applying new skills/knowledge to the job as evident by the ability to efficiently and effectively perform assigned duties, resulting in meeting or exceeding customer expectations and performance metrics.
  • Demonstrate effective communication skills when providing training and mentoring to less experienced staff, resulting in the use and implementing the latest policies, procedures, and best practices to accomplish tasks.

Required Qualifications*


  • Bachelor’s degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
  • Minimum of 2 years information technology experience
  • Minimum of  2 years of experience applying security related technologies, practices, or services
  • System administration background with Microsoft, Macintosh or *nix environments
  • Solid understanding of fundamental Operating System and TCP/IP Networking concepts
  • Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
  • Solid understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
  • Extensive exposure to, experience with, responsibility for, and deep understanding of at least two of the security related technologies or practices listed in the previous two bullets
  • Outstanding verbal and written communication skills
  • Demonstrated success completing tasks within established deadlines

Desired Qualifications*

  • Extensive exposure to, experience with, responsibility for, and deep understanding of at least four of the security related concepts or practices listed above
  • Experience performing information security risk assessments using an interview-based approach
  • Experience assessing the security architecture of proposed IT solutions
  • Experience performing web application security assessments
  • Experience with software security assessment (e.g. threat modeling and code review)
  • Detailed understanding of security controls for Windows, Macintosh, Linux, and Networking platforms
  • Detailed understanding of the assurance implications associated with cloud-based solutions
  • Solid understanding of mobile device security issues, strategies, and controls
  • Experience securing virtualized environments
  • Extensive system administration background with Microsoft, Macintosh and *nix environments
  • Detailed understanding of the assurance implications of various regulatory and compliance requirements including PCI and HIPAA
  • Demonstrated success working across organizational boundaries

Advancing the Mission

  • Demonstrates knowledge of the primary mission of the University and Health Systems.
  • Accomplishes tasks through the formal and informal structures and hierarchies in the University.
  • Demonstrates complex understanding of the multiple constituency groups with ability to describe expectations and purpose and issues of the constituency groups primarily served. 

Building Relationship / Interpersonal Skills

  • Respects diversity; demonstrates respect for the opinion of others; values each person's contribution to the team.
  • Demonstrated ability to develop and maintain positive and cooperative relationships, inside and outside of work group, interacting in a friendly, open, honest, and accepting manner.
  • Maintains agreed upon levels of confidentiality.
  • Demonstrated ability to use formal/informal networks to accomplish tasks and objectives, developing and maintaining smooth, cooperative working relationships.
  • Demonstrated ability to address and manage conflict and offer constructive criticism and feedback in a positive manner.

Creative Problem Solving / Strategic Thinking

  • Demonstrated ability to provide necessary attention to solve different level problems, often multitasking to solve moderate level problems.  
  • Defines problems, analyzes causes, identifies possible solutions, selects the best solution, and develops action plans.  Generates new ideas and goes beyond the status quo.  
  • Demonstrated ability to use creative thinking to improve processes and solve complex problems.


  • Demonstrated ability to communicate clearly, correctly, knowledgeably, and effectively both verbally and in writing.
  • Uses appropriate methods of communication (face-to-face, etc.) to achieve desired results.
  • Demonstrated ability to communicate about complex topics effectively to groups, using visual aids as needed, varying style to fit the audience, and actively communicating with those with differing opinions and differing levels of understanding.

Development of Self and Others

  • Demonstrated initiative in participating in growth opportunities for continuous development and improvement.  
  • Demonstrated ability to apply new skills/knowledge to the job and provide training and mentoring opportunities to others.
  • Challenges self and others to critically evaluate strengths and weaknesses.

Flexibility / Adaptability to Change

  • Understanding and accepting the need for change, cooperating in implementation, and constructively voicing concerns and proposing alternatives.
  • Demonstrated ability to plan, implement, and communicate effective change approaches within established and changing deadlines.

Leadership / Achievement Orientation

  • Demonstrated behavior aligned with the values and ethics of the organization and profession.
  • Demonstrated initiative in setting and measuring performance against goals and evaluating results.
  • Demonstrated ability to work independently.
  • Demonstrated ability to understand what is expected to do the job well, function effectively in a team, reprioritize work, remain calm and deliberate, achieve deadlines or milestones, accept accountability for mistakes, and take corrective action.
  • Demonstrated ability to develop specific action plans, exercise positive influence, and respond quickly and effectively in a crisis.
  • Demonstrated ability to assume a broad range of responsibility.

Quality Service

  • Demonstrated ability to establish and maintain effective relationships with internal and external customers in a manner that consistently meets the organization’s expectations for exemplary customer service.
  • Demonstrated unwavering focus on aligning all activities to produce maximum value for the customer.
  • Demonstrated focus on fulfilling expectations by seeking insight into customer needs and developing solutions that provide value for the customer.
  • Demonstrated stewardship in understanding and helping others to understand the impact of those recommendations to both short-term and long-term needs of the organization.

Additional Information


  • Punctual, regular, and consistent attendance is required
  • Average mobility to move around an office environment
  • Able to conduct normal amount of work at a computer
  • May require to travel to various locations on and off campus
  • Requires on-call availability and rotation outside of normal working hours
  • Requires working during non-business hours and on weekends
  • May require to maintain own high-speed residential connectivity service
  • Responsible for protecting data and information from unauthorized release or from loss, alteration, or unauthorized deletion; and, following applicable regulations and instructions regarding access to computerized files, release of data, etc. as stated in a computer access agreement which the incumbent signs.

The statements included in this description are intended to reflect the general nature and level of work assigned to this classification and should not be interpreted as all-inclusive.

Application Deadline

Job openings are posted for a minimum of seven calendar days.  The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.