Information Security Analyst Jobs

As a UW employee, the incumbent has a unique opportunity to change lives on UW campuses, in the State of Washington, and around the world. UW employees offer their boundless energy, creative problem-solving skills and dedication to build stronger minds and a healthier world. UW is committed to attracting and retaining a diverse staff; every employee’s experiences, perspectives and unique identities will be honored at the University of Washington. Together, the UW community strives to create and maintain working and learning environments that are inclusive, equitable, and welcoming.
The Information Security Analyst supports the mission of the Office of the Chief Information Security Officer (CISO) by contributing to, advising on, and advocating for risk-based information security practices. The Analyst is part of a multi-disciplined team that works to: understand the information security risks associated with complex environments and information systems; effectively communicate those risks to both technical and non-technical audiences to add value and inform decision-making; research cyber threats and provide relevant briefings; and create tools to promote information security best practices. The incumbent works cross-functionally within the Office of the CISO as well as with various business partners throughout the organization, collaborates with management on their respective teams, and fosters relationships to help drive sound information security practices.
Relevant Technologies:
The person in this position is expected to demonstrate knowledge and experience with:

Information security issues in an open networked environment

Understanding complex systems involving a variety of technologies such as multi-tiered architecture, databases, directory services, application servers, network infrastructure, and end-user devices

Effectively communicating information security risks to decision makers and advising them on how to align business and technical requirements to protect their critical assets

Proposing information security solutions based on thorough analysis of systems, data flows, technical security controls, vulnerabilities, and threats

Identifying, analyzing, developing and demonstrating, documenting and recommending information security threat detection practices

Performing information security vulnerability and risk assessments

Performing information security incident response, analysis, and remediation

Facilitating consulting engagements and interactions with technical and non-technical customers

Secure system administration of operating systems such as Unix/Linux, Mac, and Windows

Networking protocols and architectures such as TCP/IP, 802.11, LAN, WAN, and VoIP

The person in this position is expected to have a broad technology background and a general understanding of:

Firewalls and Intrusion Prevention Systems

Security methodologies such as OWASP, OSSTMM, and OCTAVE

Security tools such as Netcat, Nmap, Nessus, Wireshark, Metasploit, and Burp Suite

Internet protocols and formats such as HTTP, TLS, SSL, HTML, and XML

Database technologies such as MySQL, SQL Server, and Oracle

Identification and authentication technologies

Cloud and virtualization architectures

Encryption techniques, algorithms and approaches

REQUIREMENTS:

Bachelor’s Degree in Computer Science, Engineering or related field or experience

Minimum Three (3) years’ experience in information security in an educational, research, scientific, or cultural institution.

Experience working with Windows, Mac, and Linux operating systems.

Experience performing progressively more complex and responsible tasks within a technical environment.

Experience consulting on information security threats and vulnerabilities.

Understanding of and experience with security-related technologies, systems and tools, including Intrusion Prevention/Detection Systems, firewalls, etc.

Understanding of and experience using computer programming techniques and languages (Python, Perl, PowerShell, etc.).

Experience with security incident response, analysis, remediation and prevention.

Experience advising stakeholders, at all levels in an organization, on information security related risks.

Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.

Excellent communication skills (i.e., written, verbal, listening), interaction skills with the ability to work with and advise cross functional groups to understand requirements.

Ability to work within large collaborative organizations, building consensus and fostering ongoing relationships.

Ability to work independently with minimal supervision.

Knowledge of internet protocols (HTTP, DNS, etc.)
DESIRED:

Higher education or government agency information security experience.

Experience handling and protecting information at a variety of sensitivity levels.

Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, and NIST.

Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc.

Experience gathering and analyzing Business Intelligence.

Ability to obtain and maintain a DoD Secret security clearance.

Knowledge of secure coding practices and secure web service configuration are a plus.

Knowledge of cloud and virtualization architectures.
Must be able to respond to security incidents during off-hours.
Must be willing to be on-call on a rotating basis.
Hybrid open office environment
Application Process:The application process may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process.These assessments may include Work Authorization, Cover Letter and/or others. Any assessments that you need to complete will appear on your screen as soon as you select “Apply to this position”. Once you begin an assessment, it must be completed at that time; if you do not complete the assessment, you will be prompted to do so the next time you access your “My Jobs” page. If you select to take it later, it will appear on your "My Jobs" page to take when you are ready. Please note that your application will not be reviewed, and you will not be considered for this position until all required assessments have been completed.