1+ months

Sr. Cyber Security Analyst

University of Washington
Seattle, WA 98104

Sr. Cyber Security Analyst

Req #: 173463
Job Location: Downtown Seattle,  Harborview Medical Center,  Health Sciences Center,  Northgate,  Other Location,  Sand Point,  Seattle Campus,  South Lake Union,  UW Medical Center - Montlake
Job Location Detail: Primary work location is the IBM Building on the corner of 5th and Seneca in downtown Seattle 
Posting Date: 10/25/2019 
Closing Info: Open Until Filled 
Salary: Salary is commensurate with education and experience. 
Shift: First Shift 
Notes: Clicking "Apply for this job" immediately submits your resume as a candidate for this position - even if you don't finish all of the assessments. Only click if you're ready to apply for the job right now.  

UW Medicines IT Services department is looking for an outstanding Sr. Cyber Security Analyst to join the team! 

What are we looking for?
  • Patients Are First focus
  • Customer service mindset
  • Interpersonal skills and teamwork
  • Results-oriented attitude
  • Commitment
  • Adaptability and flexibility

  • What are the perks?
  • Medical insurance at reasonable rates with TEN plans to choose from!
  • Dental Insurance at no cost to you OR your dependentsAND we have three plans for you to choose from!
  • 10 paid holidays annually!
  • 1 personal holiday every year!
  • Generous amounts of vacation and sick leave that you can feel good about taking (more than 5 work weeks in your first year)!
  • TWO Retirement plans to choose from one even matches 100% of your contributions with immediate vesting!
  • Voluntary Investment program to save more towards your retirement!
  • Deferred Compensation program to save even MORE towards your retirement!
  • Flexible Spending Account...Tax Exempt!
  • Dependent Care Assistance program!
  • On-site Childcare Centers!
  • Long Term Disability insurance!
  • Life and Accidental Death and Dismemberment insurance!
  • U-PASS transportation program and discounted parkingPRE-TAX!
  • Tuition Exemption program at the UW (and other colleges around the state)!
  • Housing resources and home buying options!
  • Auto, home, renter, and boat group insurance!
  • Valuable membership and merchandise discounts!
  • Federal student loan forgiveness under the Public Service Loan Forgiveness (PSLF) program!

  • For all of the specific details on these benefits and more, please click here.

    UW Medicines Information Technology Services (ITS) department is a shared services organization that supports all of UW Medicine.  UW Medicine is comprised of Harborview Medical Center (HMC), UW Medical Center-Montlake Campus (UWMC-Montlake), UW Medical Center-Northwest Campus (UWMC-NW), Valley Medical Center (VMC), UW Neighborhood Clinics (UWNC), UW Physicians (UWP), UW School of Medicine (SOM) and Airlift Northwest (ALNW).  In addition, UW Medicine shares in the ownership and governance of Childrens University Medical Group and Seattle Cancer Care Alliance (a partnership between UW Medicine, Fred Hutchinson Cancer Research and Seattle Childrens).  ITS is responsible for the ongoing support and maintenance of the infrastructure and applications which support all of these institutions, along with the implementation of new services and applications that are used to support and further the UW Medicine mission.

    ITS implements, deploys, and manages highly complex system applications and applications to meet and exceed key IT initiatives that support UW Medicine entities.  The need to provide and deploy security engineering services is to ensure that appropriate and effective security controls, techniques and solutions are identified and implemented ensuring confidentiality, integrity and availability of sensitive data. Additional applications and systems are supported through UW Medicine research affiliations such as the Fred Hutchinsons Cancer Research Center, NIH and other grants, contracts, clinical affiliations and other School of Medicine activities; as well as medical training programs with other institutions such as the Veterans Administration and Madigan Army Medical Center. This position is needed in order to meet federal regulatory requirements under HIPAA, ISO, PCI and other security standards, as well as to ensure the security of systems. Failure to meet regulatory requirements may result in fines, sanctions, loss of public credibility, and other business risks.

    As one of the largest healthcare systems in the Puget Sound region, UW Medicine is facing many technical and security challenges driven by rapid growth in the size and complexity of its network of affiliated organizations and increasingly rigorous policy requirements in the areas of security, compliance and patient privacy.  With simultaneous increases in the importance and central role of computing technology to healthcare delivery and the UW Medicine mission, it has become essential to evaluate, design and implement and/or configure IT security safeguards, controls and protection solutions as part of the IT services and solutions delivery process to reduce or eliminate security threats, risks, and vulnerabilities from being introduced into the production environments through code, new and existing mobile devices, applications, enhancements, third party suppliers, configurations, and more. 

    As part of the Information Security Team, the Sr. Cyber Security Analyst (Analyst) will track known and emergent threats to UW Medicine information assets to support institutional threat awareness, risk assessments, threat detection and analysis, incident response, cyber security operations, and security education and awareness. This position also develops and delivers user training, security awareness programs, and security documentation such as policies, standards, and operating procedures. The position utilizes demonstrated experience with a variety of threat sources including raw data, computer log information, written reports and bulletins, and collaborations with both internal and external partners to develop threat profiles for UW Medicine information assets. With a deep understanding of and significant experience with information security best practices, the Analyst will integrate threat information into institutional vulnerability assessments, risk assessments, and mitigation activities.

    Responsibilities include:

    Risk Management, Threat Assessment, and Security Analysis (50%)
  • Conduct risk and vulnerability assessments, analyze findings, and determine levels of risk throughout the enterprise.
  • Monitor designated security tools and successfully incorporate the resultant data into the Vulnerability and Risk Management Programs. 
  • Deploy automated and manual tools to graphically illustrate changes over time.
  • Process risk acceptance and evidence of completion in accordance with approved policies and procedures.
  • Perform system security risk assessments to determine alignment with best practices, standards, and frameworks such as NIST, PCI, and OWASP.
  • Identify risks and track mitigation activities.
  • Maintain understanding of threat actors, their tools, techniques and practices, and the assets they target.
  • Evaluate significance of threats to UW Medicine's risk posture.
  • Analyze and monitor known and emergent vulnerabilities related to UW Medicine technology deployments and use.
  • Convert analyses and insights into actionable use cases and measurable improvements.
  • Support the development and deployment of threat detection capabilities.
  • Support institutional risk and vulnerability assessments by providing expert perspective on threats.
  • Develop and deliver threat awareness briefings, as assigned.
  • Integrate computer and software vulnerability findings into the risk management program at UW Medicine. 
  • Assist with the development of remediation strategies to mitigate risk.

  • Security Consultation, Technical Services, and Team Operations (20%)
  • Provide security consulting and technical services to technical, hospital, business, operations and vendor staff and teams concerning implementation of UW Medicine security standards, processes and NIST 800-53 best practices on secure system design and risk mitigation strategies.
  • Deploy approved security tools in accordance with formal policies and procedures to assess the vulnerability of the UW Medicine workforce and/or assets to specific threats. 
  • Represent the Information Security team at technical advisory groups, project teams, and other committees, as assigned. 
  • Ensure that specified tools and websites are updated in a timely fashion and managed effectively. 
  • Maintain awareness of known and emergent vulnerabilities related to UW Medicine's technology deployments and use.
  • Participate and collaborate in information security projects, project reviews, and change management reviews, when assigned.
  • Build and maintain collaborative relationships with Office of CISO staff and other stakeholders (including government and private sector organizations) engaged in the sharing and dissemination of threat information.
  • Facilitate full participation in the Risk Management and Vulnerability Management programs throughout UW Medicine.
  • Mentor and coach Cyber Security Analysts and other team members who may need more senior-level guidance.

  • Education and Outreach (20%)
  • Develop, revise, and deliver information security training, education, awareness and outreach activities, as required.
  • Research, draft, revise, and publish information security standards, policies, and procedures for UW Medicines IT systems, networks, and devices.
  • Coordinate revisions with the Information Security Manager and the CISO and assist with collaborative discussions with departmental liaisons and stakeholders throughout UW Medicine.
  • Provide updates, status information, and assistance to the Lead Cybersecurity Analyst, Information Security Manager, and, when requested, the Chief Information Security Officer (CISO), in support of Information Security initiatives.

  • Incident Response (10%)
  • Respond to information security incidents and provide support as required.
  • Define and develop reporting and post-event activities related to information security breaches.
  • Follow investigative protocols and methods of logging Security and Incident/Investigations into applicable tracking systems as established by the Information Security Manager or CISO.

  • What youll bring to the table: (minimum requirements)
  • Bachelor's degree in Computer Science, Information Technology, Business Administration, or related field or equivalent combination of education/experience.

  • 4+ years information security experience to include experience in one or more of the following areas: Security Engineering, Security Analysis, Security Project Management, Security Architecture, implementing best practices, tools and technology and/or demonstrated Information Security aptitude.
  • Demonstrated work experience designing, implementing, or maintaining security tools (including threat assessment tools, risk management tools, or vulnerability management scanning systems). 
  • Demonstrated work experience conducting security assessments, security control analysis, risk assessments, vulnerability assessments, or penetration tests.
  • Strong understanding of information security threats and vulnerabilities.
  • Strong understanding of, and experience with, security-related technologies, systems, and tools.
  • Demonstrated work experience with major operating systems including Windows, Mac OS, Linux and Mobile Platforms.
  • Demonstrated work experience and proficiency using standard business productivity software and tools, including Microsoft Office, Word, Excel and PowerPoint, preferably in a Microsoft Windows environment.

  • The successful candidate will also have/possess:
  • Demonstrated ability to participate in highly collaborative team environments.
  • Excellent organization skills with the ability to prioritize when managing multiple tasks and assignments.
  • Excellent critical thinking skills, problem analysis, and problem-solving capabilities.
  • Ability to work independently with minimal supervision.
  • Demonstrated ability to quickly research, learn, and evaluate new technologies.
  • Demonstrated flexibility with the ability to implement new processes as directed.
  • Ability to write clearly and concisely and use effective communication styles.

  • Ideally, youll also have: (desired skills and experience)
  • Advanced degree.
  • Current security certification (e.g., CISSP (ISSAP, ISSEP, ISSMP), GIAC, CISM, CISA, SSCP, CEH).
  • Experience working in a large, academic healthcare system.
  • Knowledge of common health care workflows.
  • Demonstrated work experience designing, implementing and maintaining tools related to security information and event management, intrusion protection, or governance.
  • Project management experience.
  • Network or application design and management experience. 
  • Familiarity with major technology products commonly used in large healthcare systems, including Epic, Cerner, IBM, HP, and Microsoft.

  • What are some of the other tidbits that you might want to know?
  • This is an Information Technology deadline-driven work environment.
  • The individual in this position is expected to work normal daytime hours. The majority of work is performed in an office environment during normal business hours; however, significant off-hours and weekends may be needed to resolve problems and respond to emergencies. This individual is expected to be available for emergencies (business continuity/disaster recovery efforts) on a 24x7 basis as needed.
  • Because of the physically separated sites for UW Medicine, this position requires the ability to travel to alternative work locations as needed.
  • Must coordinate projects without direct supervisory authority.
  • Must work within the constraints of multiple technical environments.
  • ITS provides services to all UW Medicine organizations Harborview Medical Center, Northwest Hospital & Medical Center, Valley Medical Center, UW Medical Center, UW Neighborhood Clinics, UW Physicians, UW School of Medicine and Airlift Northwest.  The individual in this position must learn many organizational structures and cultures and continually foster collaboration.
  • Ability to communicate clearly in English, both verbally and in writing.
  • This advertised job posting may not include the complete official job description for the role.
  • Appointment of the successful candidate to this position will be made contingent upon a satisfactory outcome of criminal background checks.
  • The application process for UW Medicine positions may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process (i.e. Work Authorization, Criminal Conviction History, Cover Letter and/or others).  Any assessments that you need to complete will appear on your screen as soon as you select Apply to this position.  Once you begin applying for a position, all assessments must be completed at that time.  Please note that your application shows up in our system as ready to review regardless of whether or not all assessments have been completed.  If the assigned Recruiter happens to review applications prior to all of your assessments being completed, there is a chance you could be 'Not Selected' due to an incomplete application.  For this reason, we strongly encourage all applicants to ensure there is plenty of time to complete all of the assessments prior to clicking on Apply to this position.

  • Who are we and what do we do?
    UW Medicines mission is to improve the health of the public by advancing medical knowledge, to provide outstanding primary and specialty care to the people of the region, and to prepare tomorrows physicians, scientists and other health professionals. Our staff not only enjoys outstanding benefits and professional growth opportunities, but also an environment noted for diversity, community involvement, intellectual excitement, artistic pursuits, and natural beauty.

    Committed to attracting and retaining a diverse staff, your experiences, perspectives and unique identities will be honored at the University of Washington. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable, and welcoming.

    The University of Washington is an affirmative action and equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, protected veteran or disabled status, or genetic information.  To request disability accommodation in the application process, contact the Disability Services Office at 206-543-6450 / 206-543-6452 (tty) or click here to send an email.

    The University of Washington is a leader in environmental stewardship and sustainability, and committed to becoming climate neutral.
    See above.

    Committed to attracting and retaining a diverse staff, the University of Washington will honor your experiences, perspectives and unique identity. Together, our community strives to create and maintain working and learning environments that are inclusive, equitable and welcoming.

    The University of Washington is a leader in environmental stewardship & sustainability, and committed to becoming climate neutral.

    The University of Washington is an equal opportunity, affirmative action employer. To request disability accommodation in the application process, contact the Disability Services Office at 206-543-6450 / 206-543-6452 (tty) or dso@uw.edu.


    Posted: 2019-12-05 Expires: 2020-02-14

    Before you go...

    Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

    Share this job:

    Sr. Cyber Security Analyst

    University of Washington
    Seattle, WA 98104
    Facebook Share
    Copy Job URL

    Join us to start saving your Favorite Jobs!

    Sign In Create Account
    Powered ByCareerCast