Information Security Analyst

Company: University of Washington
Location: Seattle
Posted on: June 12, 2021

Job Description:

As a UW employee, you will enjoy generous benefits and work/life programs. For detailed information on Benefits for this position, click here.

If you would like to find out more about what it is like to work for UW-IT, as well as to get a feel for our culture and our people, visit us at our employment website.

As a UW employee, you have a unique opportunity to change lives on our campuses, in our state and around the world. UW employees offer their boundless energy, creative problem solving skills and dedication to build stronger minds and a healthier world. UW is Committed to attracting and retaining a diverse staff, your experiences, perspectives and unique identities will be honored at the University of Washington. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable, and welcoming.

UW faculty and staff also enjoy outstanding benefits, professional growth opportunities and unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits and natural beauty. All of which has allowed the UW to be nationally recognized as a "Great College to Work For" for six consecutive years.

UW-IT is the central IT organization for the University of Washington, providing critical technology support to all three campuses, UW medical centers and global research operations. UW-IT collaborates with University partners to advance teaching, learning, innovation and discovery at the UW. Office of the Chief Information Security Officer (CISO) services are designed to help UW units understand risks by analyzing and forecasting threats to information security, researching applicable information security laws, providing education on safeguarding institutional information, consulting on incident management, and managing policies and strategic solutions for UW's institutional information.

UW-IT has an outstanding opportunity for an Information Security Analyst.

The Information Security Analyst in the Office of the Chief Information Security Officer (CISO) at the University of Washington (UW) tracks known and emergent threats and vulnerabilities to University information assets, and communicates those threats and vulnerabilities to campus departments. With a strong understanding of information security risk management practices, the analyst will integrate asset, threat and vulnerability information into intelligence reports, risk assessments, and mitigation activities. This position supports institutional threat and vulnerability awareness, threat detection and analysis, vulnerability assessment, incident response, cyber security operations, and security education and awareness.

RELEVANT TECHNOLOGIES:

The person in this position is expected to demonstrate detailed knowledge and experience with:

Information security issues in an open networked environment

Facilitating consulting engagements and interactions with technical and non-technical customers

Effectively communicating information security risks to decision makers and advising them on how to align business and technical requirements to protect their critical assets

Understanding complex systems involving a variety of technologies such as multi-tiered architecture, databases, directory services, application servers, network infrastructure, and end-user devices

Secure system administration of operating systems such as Unix/Linux, Mac, and Windows

Proposing information security solutions based on thorough analysis of systems, data flows, technical security controls, vulnerabilities, and threats

Performing information security vulnerability and risk assessments

Performing information security incident response, analysis, and remediation

Networking protocols and architectures such as TCP/IP, 802.11, LAN, WAN, and VoIP

The person in this position is expected to have a broad technology background and a general understanding of:

Firewalls and Intrusion Prevention Systems

Risk management and regulatory frameworks such as HIPAA, FERPA, the federal risk management framework

Security methodologies such as OWASP, OSSTMM, and OCTAVE

Security tools such as Netcat, Nmap, Nessus, Wireshark, Metasploit, and Burp Suite

Internet protocols and formats such as HTTP, TLS, SSL, HTML, and XML

Database technologies such as MySQL, SQL Server, and Oracle

Identification and authentication technologies

Cloud and virtualization architectures

Encryption techniques, algorithms and approaches

The Information Security Analyst must have a solid understanding of the issues and processes involved with information assets and information security in an academic, scholarly enterprise. Familiarity with and sensitivity to the information technology needs of educational, research, scientific, and cultural institutions are key assets.

REQUIREMENTS:

Bachelor's Degree in Computer Science or related field or related experience

Four years' experience in information security

Experience working with Windows, Mac, and Unix/Linux operating systems for desktops and servers

Experience performing progressively more complex and responsible tasks within a technical environment, including maintenance and support of networked computer systems, applications, and operations

Experience consulting on information security threats and vulnerabilities

Demonstrated understanding of and experience with security-related technologies, systems and tools, including

Intrusion Prevention/Detection Systems, firewalls, etc.

Demonstrated understanding of and experience using scripting and programming languages such as Python, Perl, PowerShell, Java and C

Experience with security incident response, analysis, remediation and prevention

Experience advising stakeholders, at all levels in an organization, on information security related risks

Strong deductive reasoning, critical thinking, problem solving, and prioritization skills

Strong communication skills (i.e., written, verbal, listening), technical documentation skills, user liaison skills, and personal interaction abilities

Ability to work within large collaborative organizations, building consensus and fostering ongoing relationships

Ability to work independently with minimal supervision

Knowledge of internet protocols (HTTP, DNS, etc.)

Demonstrated written/oral communication skills, user liaison skills and personal interaction abilities.

Equivalent education/experience will substitute for all minimum qualifications except when there are legal requirements, such as a license/certification/registration.

DESIRED:

Information security experience working in an educational, research, scientific, cultural institution or government agency

Experience handling and protecting information at a variety of sensitivity levels

Experience in intelligence analysis

Understanding of laws and standards such as FISMA, HIPAA, FERPA, PCI DSS, and NIST

Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc.

Knowledge of cloud and virtualization architectures

Knowledge of Internet of Things and related cyber security implications of use

Creative thinker who can add mindset diversity to the existing team

Ability to obtain and maintain a DoD security clearance

CONDITIONS OF EMPLOYMENT:

Must be able to respond to security incidents during off-hours. This essential position is required to work remotely when UW suspends operations.

Work is mainly sedentary and performed in a typical campus or home office.

Application Process:

The application process for UW positions may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process. These assessments may include Work Authorization, Cover Letter and/or others. Any assessments that you need to complete will appear on your screen as soon as you select "Apply to this position". Once you begin an assessment, it must be completed at that time; if you do not complete the assessment you will be prompted to do so the next time you access your "My Jobs" page. If you select to take it later, it will appear on your "My Jobs" page to take when you are ready. Please note that your application will not be reviewed, and you will not be considered for this position until all required assessments have been completed.

Applicants considered for this position will be required to disclose if they are the subject of any substantiated findings or current investigations related to sexual misconduct at their current employment and past employment. Disclosure is required under Washington state law.

Committed to attracting and retaining a diverse staff, the University of Washington will honor your experiences, perspectives and unique identity. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable and welcoming.

Keywords: University of Washington, Seattle , Information Security Analyst, Other , Seattle, Washington