As a UW employee, you have a unique opportunity to change lives on our campuses, in our state and around the world. UW employees offer their boundless energy, creative problem solving skills and dedication to build stronger minds and a healthier world.
UW faculty and staff also enjoy outstanding benefits, professional growth opportunities and unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits and natural beauty. All of which has allowed the UW to be nationally recognized as a “Great College to Work For” for six consecutive years.
UW-IT is the central IT organization for the University of Washington, providing critical technology support to all three campuses, UW medical centers and global research operations. UW-IT collaborates with University partners to advance teaching, learning, innovation and discovery at the UW. Office of the Chief Information Security Officer (CISO) services are designed to help UW units understand risks by analyzing and forecasting threats to information security, researching applicable information security laws, providing education on safeguarding institutional information, consulting on incident management, and managing policies and strategic solutions for UW’s institutional information.
UW-IT has an outstanding opportunity for an Information Security Analyst.
The Information Security Analyst in the Office of the Chief Information Security Officer (CISO) at the University of Washington (UW) tracks known and emergent threats and vulnerabilities to University information assets, and communicates those threats and vulnerabilities to campus departments. With a strong understanding of information security risk management practices, the analyst will integrate asset, threat and vulnerability information into intelligence reports, risk assessments, and mitigation activities. This position supports institutional threat and vulnerability awareness, threat detection and analysis, vulnerability assessment, incident response, cyber security operations, and security education and awareness.
The person in this position is expected to demonstrate detailed knowledge and experience with: Information security issues in an open networked environment Facilitating consulting engagements and interactions with technical and non-technical customers Effectively communicating information security risks to decision makers and advising them on how to align business and technical requirements to protect their critical assets Understanding complex systems involving a variety of technologies such as multi-tiered architecture, databases, directory services, application servers, network infrastructure, and end-user devices Secure system administration of operating systems such as Unix/Linux, Mac, and Windows Proposing information security solutions based on thorough analysis of systems, data flows, technical security controls, vulnerabilities, and threats Performing information security vulnerability and risk assessments Performing information security incident response, analysis, and remediation Networking protocols and architectures such as TCP/IP, 802.11, LAN, WAN, and VoIP
The person in this position is expected to have a broad technology background and a general understanding of: Firewalls and Intrusion Prevention Systems Risk management and regulatory frameworks such as HIPAA, FERPA, the federal risk management framework Security methodologies such as OWASP, OSSTMM, and OCTAVE Security tools such as Netcat, Nmap, Nessus, Wireshark, Metasploit, and Burp Suite Internet protocols and formats such as HTTP, TLS, SSL, HTML, and XML Database technologies such as MySQL, SQL Server, and Oracle Identification and authentication technologies Cloud and virtualization architectures Encryption techniques, algorithms and approaches The Information Security Analyst must have a solid understanding of the issues and processes involved with information assets and information security in an academic, scholarly enterprise. Familiarity with and sensitivity to the information technology needs of educational, research, scientific, and cultural institutions are key assets.
Bachelor’s Degree in Computer Science or related field or related experience
Four years’ experience in information security
Experience working with Windows, Mac, and Unix/Linux operating systems for desktops and servers
Experience performing progressively more complex and responsible tasks within a technical environment, including maintenance and support of networked computer systems, applications, and operations
Experience consulting on information security threats and vulnerabilities
Demonstrated understanding of and experience with security-related technologies, systems and tools, including
Intrusion Prevention/Detection Systems, firewalls, etc.
Demonstrated understanding of and experience using scripting and programming languages such as Python, Perl, PowerShell, Java and C
Experience with security incident response, analysis, remediation and prevention
Experience advising stakeholders, at all levels in an organization, on information security related risks
Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
Strong communication skills (i.e., written, verbal, listening), technical documentation skills, user liaison skills, and personal interaction abilities
Ability to work within large collaborative organizations, building consensus and fostering ongoing relationships
Ability to work independently with minimal supervision
Knowledge of internet protocols (HTTP, DNS, etc.)
Demonstrated written/oral communication skills, user liaison skills and personal interaction abilities.
Equivalent education/experience will substitute for all minimum qualifications except when there are legal requirements, such as a license/certification/registration.
Information security experience working in an educational, research, scientific, cultural institution or government agency
Experience handling and protecting information at a variety of sensitivity levels
Experience in intelligence analysis
Understanding of laws and standards such as FISMA, HIPAA, FERPA, PCI DSS, and NIST
Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc.
Knowledge of cloud and virtualization architectures
Knowledge of Internet of Things and related cyber security implications of use
Creative thinker who can add mindset diversity to the existing team
Ability to obtain and maintain a DoD security clearance
CONDITIONS OF EMPLOYMENT:
Must be able to respond to security incidents during off-hours. This essential position is required to work remotely when UW suspends operations.
Work is mainly sedentary and performed in a typical campus or home office.
Application Process: The application process for UW positions may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process. These assessments may include Work Authorization, Cover Letter and/or others. Any assessments that you need to complete will appear on your screen as soon as you select “Apply to this position”. Once you begin an assessment, it must be completed at that time; if you do not complete the assessment you will be prompted to do so the next time you access your “My Jobs” page. If you select to take it later, it will appear on your "My Jobs" page to take when you are ready. Please note that your application will not be reviewed, and you will not be considered for this position until all required assessments have been completed.
Founded in 1861, the University of Washington is one of the oldest public institutions in the west coast and one of the preeminent research universities in the world. The University of Washington is a multi-campus university comprised of three different campuses: Seattle, Tacoma, and Bothell. The Seattle campus is made up of sixteen schools and colleges that serve students ranging from an undergraduate level to a doctoral level. The university is home to world-class libraries, arts, music, drama, and sports, as well as the highest quality medical care in Washington State and a world-class academic medical center. The teaching and research of the University’s many professional schools provide undergraduate and graduate students the education necessary toward achieving an excellence that will serve the state, the region, and the nation. As part of a large and diverse community, the University of Washington serves more students than any other institution in the Northwest.