A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

The University of Michigan's Information Assurance team at Michigan Medicine (IA:MM) is seeking a candidate to fulfill the role of Security Analyst Intermediate. This role will join the Cybersecurity Operations Team within IA:MM. The team is responsible for security incident response services for servers, end user computers, and mobile devices within Michigan Medicine related to areas such as malware infections and network intrusions. Our team provides security consultation on a variety of subject areas and partners with the appropriate data stewards to safeguard sensitive data.

A successful candidate will be creative, adaptable, data driven, and proactive as a part of our team helping to protect Michigan Medicine.

This position will also work with our third-party Managed Security Service Provider at their remote site with rotation to the onsite team.

• Build good relationships with teams, and stakeholders at all levels (e.g. management, colleagues, and employees) using strong competencies to build trust, change perceptions, effectively communicate, influence, and adapt
• Carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities
• Detect and prevent intrusions using IDS/IPS, SIEM, and other tools
• Monitor and provide support Michigan Medicine around security policy and security standards
• Identify sensitive data and provide input for proper storage and protection; assist with remediation efforts as required
• Provide information security consulting for various Michigan Medicine groups and units requesting information assurance assistance on a project or long-term consulting basis
• Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services
• Collaborate with the Compliance Office to determine applicability and scope of various regulations; assist in interpreting and/or implementing technical requirements to ensure compliance
• Participate in the design, implementation, and continuous improvement of security service offerings
• Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing

• Bachelor’s degree or an equivalent combination of education and experience
• Minimum of 2 years of information technology experience
• Minimum of 2 years of experience applying security related technologies, practices, or services
• Minimum of 1 year of experience of direct security incident response
• Solid understanding of fundamental Operating System and TCP/IP Networking concepts
• Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
• Solid understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS

• Extensive exposure to, experience with, responsibility for, and a deep understanding of at least four of the security related concepts or practices listed above
• Experience performing information security risk assessments using an interview-based approach
• Experience with Ansible and other automation tools
• Experience with Docker
• Experience assessing the security architecture of proposed IT solutions
• Detailed understanding of security controls for Windows, Macintosh, Linux, and Networking platforms
• Detailed understanding of the assurance implications associated with cloud-based solutions
• Solid understanding of mobile device security issues, strategies, and controls
• Possess Splunk Certified Power User or higher for the Intermediate and Splunk Certified User or higher
• Experience securing virtualized environments
• Extensive system administration background with Microsoft, Macintosh and *nix environments
• Detailed understanding of the assurance implications of various regulatory and compliance requirements including PCI and HIPAA
• Demonstrated success working across organizational boundaries

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.

Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally.  Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.

Job openings are posted for a minimum of seven calendar days.  The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

The University of Michigan is an equal opportunity/affirmative action employer.

U-M COVID-19 Vaccination Policy

COVID-19 vaccinations, including boosters when eligible, are required for all University of Michigan students, faculty and staff across all campuses, including Michigan Medicine.  This includes those working remotely.   More information on this new policy is available on the Campus Blueprint website or the UM-Dearborn and UM-Flint websites.