Information Security Engineer
Florida’s newest state university is looking for exceptional candidates to serve as the Information Security Engineer, who will work within Information Security team to ensure that university data remains highly confidential, enjoys security work, and possesses both deep and wide expertise in the security space.
The Information Security Engineer is senior level position and will be responsible for the engineering, design, implementation, maintenance, analysis, and administration of technology services security systems and tools. The Information Security Engineer will also participate in establishing procedures and wherever possible, automate routine day-to-day tasks to reduce operational overhead. This position will make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. The Engineer will have a background in security, network or systems engineering and will act as a project lead and as a well-rounded subject matter expert in the IT Security domain.
- Collaborate with members of technology services and other departments’ project and development teams of new technology solutions to define information security requirements that are in line with the enterprise information security architecture.
- Document security architecture design, review results and follow-up on the implementation of recommended controls. Mitigate security vulnerabilities by implementing applicable solutions and tools. Build, deploy, and track security measurements for computer systems and networks.
- Team up with other TS teams to gather identified information security risks; develop risk profiles for enterprise-wide business applications and identify areas where existing security architecture requires change or development. Perform risk based security assessment. Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
- Create reports from various IT Security systems for the purpose of monitoring critical activities and providing security metrics to IT Security management.
- Evaluate industry best practices relative to university’s security requirements and emerging security technologies. Recommend new security solutions, software tools and/or other solutions for technical challenges involving IT Security processes. Possess and maintain up-to-date understanding of emerging trends in IT Security.
- Manage the development and implementation of security policies, standards, guidelines and procedures to ensure ongoing maintenance of security
- Design infrastructure to alert the technical team of detected vulnerabilities. Assess system vulnerabilities by performing intermediate to advanced level end-to-end penetration testing and scans.
- Automate routine day-to-day tasks to reduce operational overhead. Prepare and document standard operating procedures and protocols
- Recommend the application of fixes, patches, and recovery procedures in the event of a security incident.
- Participate in assessment of compliance with security regulations such as PCI, FERPA, and HIPAA. Respond to requests for information in support of internal and external audits and examinations.
- Perform hands-on support for a wide range of security technologies including, but not limited to NGFW, SIEM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access control, identity and access management, and data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics, software, security incident response.
- Assists with all functions relating to the planning, architecture, design, installation configuration and operation of technology infrastructure
- Determine the sensitivity of the data in order to recommend the appropriate security needs.
- Administer network and computing devices/systems that enforce security policies and audit controls in network firewalls, switches, routers, Windows, Mac and UNIX based environment.
KNOWLEDGE, SKILLS AND ABILITIES:
- Excellent problem solving skills, verbal and written communication and ability to work under pressure
- Thorough understanding of the latest security principles, techniques, tools and protocols
- Demonstrated knowledge of systems configuration and management of systems, firewalls, IDS, anti-virus software, authentication systems, log management, content filtering, Microsoft Active Directory, servers and work stations, experience with packet capture on firewalls and servers
- Demonstrated experience collecting data and reporting results; handling and escalating security issues or emergency situations appropriately; providing incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for protected data
- Minimum of Bachelor’s Degree in Computer Science, Information Technology or related field. Equivalent combination of education and experience is considered.
- Proven minimum of three (3) years of work experience as a network, system, security engineer or information security engineer
- Minimum of three (3) years’ of experience in Network, System or Cyber Security for security technology projects.
- Proven In-depth knowledge of secure campus architecture design and engineering practices network, systems, database and operating system security, network monitoring tools
- Intimate knowledge and working experience on Risk Based Security Assessment practices.
- Proven experience with networking, Windows, UNIX, TCP/IP, and common anti-viral solutions.
- Intermediate to expert level working experience/knowledge of end-to-end penetration testing and network vulnerability scan and remediation.
- Access control and surveillance systems: installation and programming experience.
- Must have a proven track record in complex security system design and installation management.
- At least one professional certification is required [such as Security +, CISSP, CISM, GIAC, CISA, CCNP]
- Experience working with endpoint security and DLP solutions is preferred.
- Previous experience working in an educational institution.
- Ability to work “off hours” to implement solutions in order to limit impact/exposure to customers.
- Master’s degree in Computer Science, Information Technology or related field is preferred.
- Experience as an Information Security Professional designing secure solutions in an environment comprising of systems handling confidential, personnel and proprietary information.
PHYSICAL DEMAND AND WORKING CONDITIONS:
Physical requirements include occasional lifting/carrying of 5 to 70 pounds; visual acuity, speech and hearing; hand and eye coordination and manual dexterity necessary to operate a computer keyboard and basic office equipment. Subject to sitting, standing, reaching, walking, twisting, and kneeling to perform the essential functions. Working conditions are primarily inside an office environment.
Limited travel between University sites is required.
REQUIRED LICENSES, CERTIFICATIONS, AND/OR OTHER SPECIFIC REQUIREMENTS OF LAW:
- Must possess a valid driver’s license.
- This position requires a criminal background check.
- This position is subject to federal and state privacy regulations.
NORMAL WORK SCHEDULE: Monday – Friday, 8:00 a.m.-5:00 p.m. Occasional overtime (weekends and evenings) may be required. Available on call when needed and participate in weekly call rotation for after-hours support.
EXPECTED STARTING SALARY: $75,000 - $80,000 annually, commensurate with experience.
APPLICATION DEADLINE DATE: The position is open until filled.