Cyber Security Analyst
Ann Arbor, MI
Job posting number: #7108020
Posted: August 12, 2022
Application Deadline: Open Until Filled
Come join Merit - the nation's premier Research and Education Network, providing technology services to Michigan's public universities, colleges, K-12 organizations, libraries, state government, healthcare and other Michigan non-profit organizations for over 55 years!
The Cyber Security Engineer will be responsible for overseeing the operations of Merit’s Information Security program, providing cybersecurity guidance to members and customers, and developing relevant services for use in our member community. This position will work with various internal and external teams to analyze current and applicable security threats, assist with IT risk assessments, and document remediation plans of discovered weaknesses. The analyst will also be responsible for recommending information security related tools and utilizing automation to streamline processes and improve response times to threats.
Essential Functions for this position are followed by an (E).
As a Cyber Security Analyst, this position’s key responsibilities include, but are not limited to, the following:
Internal Security Support (30%):
Work with the Chief Information Security Officer to develop, maintain, and oversee Merit’s information security and privacy program on matters of system and data confidentiality, integrity, availability, and privacy. (E)
Assist with developing and establishing policies, procedures, and standards to maintain an appropriate cyber security risk level on Merit’s internal LAN, datacenter environments, and service provider WAN environment. (E)
Monitor and respond to threats across multiple platforms and optimize responses to reported threats and vulnerabilities. (E)
Keep abreast of new security threats and make recommendations to mitigate threats against Merit and member resources. (E)
Manage documentation and documentation workflow for internal and customer facing security practices, projects, and initiatives. (E)
Contribute on overall security strategy and collaborate across the organization to set and approve operational priorities and security services.
Attend off-site meetings, conferences, and training sessions.
Assist with the acquisition and deployment of information security tools.
Assist Merit technology personnel with secure system configuration and vulnerability management.
Use of trouble tickets for response and resolution.
Member Security Support (40%):
Work with the Chief Information Security Officer in conducting audits, risk assessments, and cyber security consulting on Merit and member IT systems and processes. (E)
Review member risk mitigation plans and reports, which include time, money, and FTE resources, and communicate those plans to internal and external stakeholders. (E)
Travel as needed between Merit and its members to conduct audits and risk assessments on IT systems and processes. (E)
Develop scripts to automate risk management tools to improve efficiency of auditing, monitoring and alerting. (E)
Maintain subject matter expertise in commercial cyber security products offered by Merit to members under partnership arrangements. (E)
Continually maintain professional relationships with external stakeholders and members as a trusted member of the information security community.
Cyber Security Product Development (30%):
In coordination with additional teams at Merit, assist in designing, developing, and deploying cyber security products and services relevant to our members. (E)
Assist with the review and modification of existing deployed cyber security services. (E)
Develop tools, scripts, and procedures to aid automating current and future cyber security services.
Gain understanding of current and future member cyber security needs and requirements for use in developed services.
Assist in the operation and execution of projects and initiatives as necessary.
Please note this job description is not designated to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
Skills You Have
Bachelor’s degree in Information Technology, IT Security, Information Assurance or related field or equivalent combination of education and/or experience.
Minimum of three (3) years of experience in a cybersecurity role.
Experience with audits, writing reports, and developing plans of action and milestones.
Experience with cybersecurity best practices.
Experience with vulnerability and configuration management tools.
Work independently, prioritize multiple projects, and achieve objectives by required due dates.
Hold or be willing to obtain industry leading certifications such as CISSP, CISA, CISM, CRISC, CCNA, GIAC, or similar certifications.
Experience working in an information security team.
Knowledge of applicable laws and regulatory requirements such as HIPAA, HITECH, PCI, FERPA, ITAR.
Experience with risk assessments utilizing NIST, CIS or ISO frameworks.
Prior IT security experience in government or education sectors.
Familiarity of scripting and programming languages such as Bash, Perl, PowerShell, or Python.
Development experience with VMWare virtualization, Docker containerization, and Amazon cloud technologies, including EC2 and S3.
Experience working with higher education, K-12 educational institutions, libraries, government, healthcare, research institutions and other public sector non-profit organizations.