Information Security Analyst

As a UW employee, you have a unique opportunity to change lives on our campuses, in our state, and around the world. UW employees offer their boundless energy, creative problem-solving skills, and dedication to build stronger minds and a healthier world.

By being deeply invested in our work, showing compassion in our interactions, and embodying the spirit of a team player, each member contributes to a thriving community. UW is committed to attracting and retaining a diverse staff; your experiences, perspectives, and unique identities will be honored at the University of Washington. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable, and welcoming.

UW Information Technology (UW-IT) is the central information technology organization for the University of Washington, responsible for strategic planning, oversight, and direction of the UW's IT infrastructure, resources, and services. UW-IT provides critical technology support to all three campuses, UW Medicine, and research operations around the world, partnering with the UW community to enable innovation, learning, discovery, and service."

The Office of Information Security (OIS) within UW-IT is responsible for the strategic leadership of the University's information security program and for promoting a culture of cybersecurity across the enterprise. Services are designed to help UW units understand information security risks by analyzing and forecasting threats and vulnerabilities; researching applicable information security laws; providing education, training, and awareness on safeguarding institutional information; consulting on incident management; and managing policies and strategies for protecting UW's institutional information resources.

The Information Security Analyst responds to and remediates information security events; promotes and supports the secure use of networked servers and desktops by faculty, staff, and students; serves as a member of the information security Incident Response team as specified in University policy; participates in the development of new security services for enterprise and workgroup computing; advises UW Information Technology and campus computing professionals on information security vulnerabilities, response, and remediation applicable to the University environment; and helps support system administration tasks within the Office of Information Security.

REQUIREMENTS

Bachelor's Degree in Computer Science, Information Assurance, IT Security, or related field or experience.

Minimum four years' experience in information security in an educational, research, scientific, public utility or cultural institution.

Experience working with Windows, Mac, and Linux operating systems.

Experience performing progressively more complex and responsible tasks within a technical environment.

Understanding of and experience with security-related technologies, systems and tools, including Intrusion. Prevention/Detection Systems, firewalls, etc.

Understanding of and experience using computer programming techniques and languages (such as Python, Perl, PowerShell.).

Experience with security incident response, analysis, remediation and prevention.

Ability to work within large collaborative organizations, building consensus and fostering ongoing relationships.

Ability to work independently with minimal supervision.

Knowledge of internet protocols (HTTP, DNS, etc.)

Demonstrated excellent written/oral communication skills, technical documentation skills, user liaison skills, and personal interaction abilities.

DESIRED:

Experience working in an enterprise security operations center (SOC).

Experience working with VMDR, EDR and/or XDR platforms.

Higher education or government agency information security experience.

Experience handling and protecting information at a variety of sensitivity levels.

Proficiency in ServiceNow or a similar ticketing system is preferred.

Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, and NIST.

Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc.

Experience gathering and analyzing Business Intelligence.

Ability to obtain and maintain a DoD Secret security clearance.

Understanding the complexity and challenges of enterprise environments that involve traditional IT, Internet of Things (IoT), and operational technology (OT) endpoints.

Knowledge of secure coding practices and secure web service configuration are a plus.

Knowledge of cloud and virtualization architectures.

WORKING CONDITIONS:

Must be willing to be on-call on a rotating basis.

Open office space, hybrid schedule.