Job Description

Job Summary:

The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Data Security Analyst Intermediate to join the Security Operations Center (SOC) within Information Assurance (IA). As part of a high performance team with expanding responsibilities, you will have the opportunity to work in a very collaborative and dynamic environment to identify, triage, and respond to threats and reports, including phishing, abuse reports, alerts from security systems, logging, and end user requests. In addition, qualified candidates will help support our incident response team, responsible for coordinating and managing serious IT security incidents per university policy.

This is a hybrid position based in Ann Arbor, MI. You will need to occasionally attend meetings on campus and be within a reasonably commutable distance. Details can be worked out with the hiring manager. May also require on-call availability and working during non-business hours.

Who we are:

Information and Technology Services (ITS) supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and promoting university wide innovations. ITS's mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. For more information about ITS, visit: https://its.umich.edu/about

Responsibilities:

Participate in the successful execution of a potentially wide range of security services and activities. Primary responsibilities include:

Monitoring Security Alerts - Learn to perform analysis of logs and alerts. Keep a constant eye on security alerts generated by various security tools and systems. Analyze these alerts to identify potential security incidents. Utilize security information and event management (SIEM) tools to monitor and analyze network traffic, logs, and other security-related data for unusual or suspicious activities.
Triage and Escalation - Escalate security incidents to incident response teams for investigation / remediation
Scripting - Develop and maintain automation via scripting for data collection and management for SOC/Incident Response tools and processes.
User Support - Respond to inquiries and requests from end users in a timely supportive manner, especially in stressful situations.
Documentation - Ensure the SOC team documentation is up to date, including Investigation Playbooks and Standard Operating Procedures. Maintain detailed records of security incidents, investigations, and actions taken. Document findings and share lessons learned to improve future incident response.
Collaboration with other teams - Collaborate with and support other areas of the Information Assurance team including Identity and Access Management, Risk Management, Vulnerability Management, Data Loss Prevention, System and Applications Hardening, Security Consulting, Network Monitoring and Protection, and Compliance.
Continuous Education & Awareness - Stay current with information security best practices and supporting technologies, as well as maintain awareness of the threat environment and relevant advances in technologies.
Additional Duties may include the following based on skills and experience of the candidate -

Participate in incident response activities
Manage and configure alerts, detections, allow listing, and other security tooling for incident response and SOC
Required Qualifications:

Bachelor's degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
Minimum of 4 years information technology experience
Minimum of 2 years of experience with security related technologies, practices, or services
Familiarity with Microsoft, Macintosh or *nix environments
Familiarity with fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
Practical exposure to, experience with, responsibility for, or deep understanding of at least two security related technologies or practices including Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, and Firewall management.
A strong commitment to collaboration, teamwork, and continual improvement
Outstanding verbal, written, and presentation communication skills, including the ability to explain technical concepts to a non-technical audience
Demonstrated success working independently, and completing tasks within established deadlines
Desired Qualifications:

Experience providing customer service in a technical environment, such as Help Desk Support, Security Operations Center, or other customer facing role.
Experience with automation and scripting using tools and technologies such as Python, REST API, Perl, PowerShell, shell scripting, etc.
Experience using command line tools for Windows and Linux.
Experience with log review or analysis involving applications (web, email, etc.), infrastructure (network, etc.), and operating systems (Windows, Linux, etc.)
Experience with phishing-related or malware-related analysis of email headers and URLs