How to Apply

A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

Summary

The Center for Statistical Genetics (CSG) in the Department of Biostatistics at the University of Michigan has an exciting opportunity for a Data Security Analyst. As part of a high performing multi-disciplinary team, you will work in a collaborative environment to document, develop and refine data security plans and practices for cloud handling, processing and sharing some of the world’s largest human genetic datasets. These data and custom applications that we develop are used by teams around the world to advance our understanding of human health and disease.

Who We Are

The Center for Statistical Genetics supports collaborative scientific projects, including some of the world’s largest human genetic studies with detailed genetic information, health data, and additional biologic information on 100,000s of humans, totaling several petabytes. We develop tools that make these data and the insights it supports available to 1000s of researchers. These data and tools are increasingly cloud based and you would be responsible for monitoring, evaluating, refining and documenting our cloud security posture.

Responsibilities*

* Risk Management – Use tools and methodology to assess the information security risks associated with sensitive and important systems based on the NIST 800-53 security control and similar frameworks and develop mitigation strategies. Ensure completion and maintenance of administrative deliverables, including Plans of Action and Milestones (POAM), Contingency Plans, and Policies.

* Compliance – Determine applicability and scope of several regulations; maintain centralized versions of standardized security policies, contingency plans, and audit documentation to ensure regulatory compliance.   Audit - Verify the implementation of security controls and vulnerability mitigations with the use of penetration testing techniques, vulnerability scanners and other assessment tools. Arrange security assessments and proactive penetration testing of CSG cloud resources and SaaS application servers. 

* System and Application Hardening – Develop secure system and application configuration standards observing applicable policies, regulations, and laws. 

* Education & Awareness -  Provide security education and awareness materials, orientations, security credentials and training to Center faculty, staff and students.

* Security Advising - Provide on-demand and in-depth ongoing security advising to campus units regarding security projects, systems procurement and hardening, handling sensitive data, system security plans, research proposals, and other security related topics.

* Subject Matter Expert – Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services. Assist with architecture/source code review of SaaS applications or tracking security vulnerabilities in open-source dependency libraries, and maintain secure configurations for cloud computational resources. 

* Incident Response – Perform activities (e.g. containment, eradication, restoration) in response to reported information security incidents and following established incident response procedures. Participate in lessons learned activities.

Required Qualifications*

* Bachelor's degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience.

* Minimum of 4 years information technology experience.  

* Minimum of 2 years of experience applying security related technologies, practices, or services. 

* Experience with fundamental Operating System and TCP/IP Networking concepts. 

* Experience with fundamental information security concepts including:  Authentication, Authorization, Audit, Encryption, or Firewalls. 

* Experience with fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS A commitment to collaboration, teamwork, and improvement.

For the Senior level, the following are also required:  

* Experience working in a cloud environment such as AWS, GCP, Azure.

* Experience securing virtualized environments.

* Experience with the assurance implications of US Government regulatory and compliance requirements particularly including FISMA.

Desired Qualifications*

* Experience assessing the security architecture of proposed IT solutions Experience performing web application security assessments.

* Experience with network based threat hunting Experience with software security assessment (e.g. threat modeling and code review).

* Experience with security controls with Linux or Networking platforms.

* Experience working across organizational boundaries.

Work Locations

This position may be eligible for remote and/or flexible work opportunities at the discretion of the hiring department.  Flexible work agreements are reviewed annually and are subject to change dependent on the business needs of the hiring department, throughout the course of employment.

Underfill Statement

This position may be underfilled at a lower classification depending on the qualifications of the selected candidate.

Salary range for the Senior level:  $87,038-$107,517

Salary range for the Intermediate level:  $70,697-$87,331

Additional Information

Michigan Public Health is seeking a dynamic staff member with a commitment to contributing to a diverse, equitable and inclusive environment for all members of our community.

Background Screening

The University of Michigan conducts background checks on all job candidates upon acceptance of a contingent offer and may use a third party administrator to conduct background checks.  Background checks are performed in compliance with the Fair Credit Reporting Act.

Application Deadline

Job openings are posted for a minimum of seven calendar days.  The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.

U-M COVID-19 Vaccination Policy

COVID-19 vaccinations, including one booster when eligible, are required for all University of Michigan students, faculty and staff across all campuses, including Michigan Medicine.  This includes those working remotely and temporary workers.   More information on this new policy is available on the U-M Health Response website or the UM-Dearborn and UM-Flint websites.