View job on Handshake

Position Summary

The MSU Information Security team aims to achieve university success through precision Information Security focused on risk management, engagement, and education.

As a valued member of this team, in coordination with a team of support professionals, the Security Analyst II ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives; responds to urgent issues 24×7 via participation in after-hours availability rotation schedule as part of information security on-call team which will require working some evenings and weekends; and acts as an independent resource and liaison to staff on investigations, analyses, and responses to cyber incidents within the network environment or enclave.

Michigan State University (MSU) is a top 100 global university located in East Lansing, three miles east of the state’s capitol. The MSU community includes more than 12,000 faculty, academic and support staff, as well as 49,695 students. MSU offers an extensive benefits package to its employees including health care, prescription, and dental coverage, and a base retirement program with a University matching contribution, as well as basic life insurance. In addition, MSU offers educational benefits including a course fee courtesy program and educational assistance.

MSU Information Technology provides the primary leadership for strategic, financial, and policy initiatives affecting information technology (IT) across MSU. MSU IT offers technology resources that support MSU’s mission of providing education, conducting research, and advancing engagement.

Diversity, Equity and Inclusion (DEI) are essential elements, vital to the culture MSU Information Technology endeavors to cultivate. This includes providing opportunities and access for all people which incorporate differences of race, age, color, ethnicity, gender, sexual orientation, gender identity, gender expression, religion, national origin, migratory status, disability/abilities, political affiliation, veteran status and socioeconomic background.

Unit Specific Education/Experience/Skills

Knowledge equivalent to that which normally would be acquired by completing a four-year college degree program; three to five years of related and progressively more responsible or expansive work experience in information technology, risk, and/or compliance; or security administration and operations, or incident response, or an equivalent combination of education and experience.

Desired Qualifications

*The following desired qualifications are based upon the NIST NICE framework for cybersecurity*

  • Knowledge of computer networking concepts and protocols, and network security methodologies. (K0001)
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk), and knowledge of cyber threats and vulnerabilities. (K0002 & K0005)
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy [principles]. (K0003 & K0004)
  • Knowledge of business continuity and disaster recovery continuity of operations plans. (K0026)
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists), and of network services and protocols interactions that provide network communications. (K0033 & K0034)
  • Knowledge of incident response and handling methodologies. (K0042)
  • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. (S0027)
  • Skill in discerning the protection needs (i.e., security controls) of information systems and networks, including how the CIA triad may apply. (S0034 & S0006)
  • Skill in securing network communications. (S0077)
  • Skill in recognizing and categorizing types of vulnerabilities and associated attacks. (S0078)
  • Skill in interfacing with customers (S0111)
  • Certification(s) or study in an area of information assurance or risk management are considered a plus (e.g., Security+; CISSP; CISA; CISM; CRISC; CSX-P) Other certifications from credentialling bodies such as: ISACA; (ISC)2; SANS GIAC; CompTIA; EC-Council, or even network/security/system vendors will also be considered.

Equal Employment Opportunity Statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, disability or protected veteran status.

Required Application Materials

Resume and Cover Letter

Together-we-will Statement

The university is requiring all MSU students, faculty and staff to be vaccinated against COVID-19 with limited exceptions. Learn more at:

Special Instructions

Three professional references knowledgeable of your work

Work Hours




Remote Work Statement

MSU strives to provide a flexible work environment and this position has been designated as remote-friendly. Remote-friendly means some or all of the duties can be performed remotely as mutually agreed upon.