IT Security Professional III

Employer
Fayetteville State University
Location
Fayetteville, NC
Closing date
Oct 22, 2021

View more

Administrative Jobs
Institutional & Business Affairs, Safety & Security

Job Details

Position Title::

IT Security Professional III

Position Number::

006301

Full-time or Part-time::

Full Time

Department::

ITTS

Posting Number::

0401370

SHRA/EHRA::

EHRA (Non-Faculty)

Job Category::

Professional

Hiring Range::

Commensurate with Education and Experience

Minimum salary::

Commensurate with Education and Experience

Maximum salary::

Commensurate with Education and Experience

Overall Position Competency::

Flat Rate

Description of primary duties and responsibilities::

Primary Purpose of the Organizational Unit:

The mission of Information Technology and Telecommunication Services is to explore, implement, maintain, and support the uses of technology to effectively and efficiently achieve the University’s academic and administrative objectives as stated in University’s strategic plan.

Primary Purpose of the Position:
The IT Security Professional provides technical implementations and daily monitoring of the university’s complex IT environment in accordance with best practices and standards such as NIST 800-171, NIST 800-53, PCI DSS (Payment Card Industry Data Security Standards), DMCA, FERPA, GLBA, HIPAA, etc. Responsibilities include security reviews, risk assessments, risk management, policy standards and guidelines, security awareness and training, audit coordination and project management. Specifically, the Security Professional reviews, coordinates and monitors information technology security controls that protect confidentiality, integrity and availability of the organization’s controlled secure research data in accordance with legal, regulatory and institutional requirements. The Security Professional is responsible for ensuring that users with access to secure research data receive appropriate training. The Security Professional consults with faculty, college/unit IT staff, applicable ITS staff, Office of Sponsored Research Staff, and other subject matter experts to ensure technology solutions and compliance standards are in line with contract requirements.

Duties & Responsibilities:
Reporting to the Chief Information Security Officer (CISO), the main responsibilities of this position center on providing technical expertise and leadership in driving FSU’s IT Security team initiatives, processes and day-to-day functions for ensuring/improving the overall cyber security posture for the University. The position functions in a high-level technical capacity which includes developing, implementing, supporting, and providing technical consultation on security issues. The position mentors other personnel and functions as subject matter expert for complex cyber security related solutions. The IT Security Professional III advises and provides recommendations to the CISO on the planning, development, execution, monitoring, and evaluation of cyber security strategies, policies, procedures, and standards to ensure the confidentiality, integrity, and availability of university IT resources and data.

This position will provide expert level support in assisting team members as well as other support teams and university users with identifying, addressing and/or resolving complex security related issues concerning endpoints, servers, applications, information systems, network infrastructure, and physical security. This position is responsible for knowledge of various security systems and technologies that are associated with incident response management; system audits; and identifying and remediating potential security issues. This includes but is not limited to analysis of the output of security alerting tools, development and execution of plans to remediate issues; coordinate and collaborate with ITS teams and external departments to ensure their systems meet the required security standards set in place for the university; research and stay current on security technologies, trends, issues, threats and solutions; and assist the CISO with the development of security practices for the university, while recommending appropriate security initiatives. Proactively assesses the implications of vulnerabilities on the network and potential risk to IT systems and data. Analyzes information obtained from intrusion detection and prevention systems and works with security protocols and standards including recommended blocks to apply.

Description of Work Continued::

Integral to this position is maintaining broad knowledge of industry standards and best practice security frameworks including ISO 27002, NIST, and CIS 20.

Vulnerability Management
This position functions in a high-level technical capacity and facilitates and manages the identification and remediation of vulnerabilities. Of particular emphasis is overseeing the university’s vulnerability management processes for servers, working with the Systems team to provide technical oversight of campus-wide vulnerability management goals, while steering system administrators toward re-mediating issues. Oversees and/or performs vulnerability scanning using vulnerability assessment tools. The position provides analysis on which vulnerabilities may potentially be exploited, especially in a higher education IT environment. Ensures that proper documentation is in place regarding configuration of the vulnerability management system, record of systems monitored, and contact information for system or application administrators.
Is involved in the evaluation of vulnerabilities and threats and to determine and recommend safeguards for system or application owners. Is involved in the development of corrective plans, mitigation’s, and full remediation actions. Understands and communicates attack chains to management and other stakeholders.

SIEM Management
This position is responsible for overseeing the monitoring, detection, and analysis of security events from logs and alerts generated by critical IT assets such as network devices and applications sent to tools such as a Security Information and Event Management (SIEM) solution. Provides expertise and leadership to utilize threat intelligence and reporting capabilities to analyze data from multiple feeds to better detect and respond to cyber-attacks and decrease risk to assets or data.

Digital Forensics
This position is responsible for overseeing and/or performing as a technical resource for digital forensic investigations. Evaluates, manages and maintains digital investigation resources. Assists Internal Audit with the use and integration of the solution within their investigation workflow.
Assists or may be requested to assist in investigations as requested by forensically preserving and analyzing digital evidence and presenting the findings in an objective manner.

Security Incident Response
This position is responsible for overseeing and performing as a part of the core security incident response team. Responsible for ensuring that security incident standard operating procedures are consistently followed while maintaining procedures and process documents so that they’re revised if necessary and kept up-to-date. Oversees the progress of investigations pertaining to security incidents, ensures quality control for security incident report documentation. Conducts access control reviews for incident response document repositories containing data pertaining to security incidents or vulnerabilities. This position advises the CISO on any recommended changes to incident responses plans or processes.

Employees are required to adjust their standard work schedule to meet the requirements of their position, which includes and is not limited to evening and weekend hours to perform scheduled and unscheduled workload requirements to manage cyber security priorities.

Duties require On-Call responsibilities.
Position required to work during periods of adverse weather or other emergencies.

Minimum Education and Experience Requirements::

Master’s degree and 2-4 years’ experience; or a bachelor’s degree and 3-5 years’ experience; and at least 1 year of supervisory experience: or an equivalent combination of education and experience. All degrees must be received from appropriately accredited institutions.

Preferred Qualifications::

Degree in Computer Science, Information and Computer Technology, Information Security, or related area from an appropriately accredited institution, and four or more years of experience with cyber security activities such as SIEM monitoring and reporting, vulnerability management, incident response, monitoring and analysis of security related activities within an IPS/IDS solution, system administration, or related duties.

Open Until Filled::

Yes

Additional Information for Applicants:

All new employees are required to have listed credentials/degrees verified prior to employment. Transcripts should be provided for all earned degrees and/or the degree which is being used to satisfy credential/qualification requirements. Transcript requests are the responsibility of the candidate.

EEO Statement::

This position is subject to the successful completion of an employment background check. An employment background check includes a criminal background check, employment verification, reference checks, license verification (if applicable) and credit history check (if applicable).

Fayetteville State University is committed to equality of educational opportunity and does not discriminate against applicants, students, or employees based on race, religion, color, national origin, sex, age, disabling condition, political affiliation or sexual orientation. Moreover, Fayetteville State University values diversity and actively seeks to recruit talented students, faculty, and staff from diverse backgrounds.

Veteran's Statement:

Fayetteville State University is a VEVRAA Federal Contractor and seeks priority referrals of protected veterans for our openings.

Organization

Working at Fayetteville State University

Fayetteville State University (FSU) is a member of the prestigious University of North Carolina System. Situated in southeastern North Carolina, FSU prides itself in being in one of the most diverse cities in the country and neighbor to one of the nation’s largest military installations – Fort Bragg.

FSU has a rich history that serves as genesis for its current status as a leading institution of higher learning. A year after the Civil War ended, the Phillips School provided primary education to Fayetteville’s black citizens, and the Sumner School provided intermediate education for this population. The two schools were consolidated in 1869 and dedicated in April of that year as the Howard School, in honor of the Freedman’s Bureau chief General O.O. Howard. Seven prominent African-American men pooled $136 to purchase two lots for the first building that housed the Howard School. Robert Harris was named the first principal of the Howard School.

In 1877, the Howard School became not just the first public normal school for African Americans in North Carolina but also the first state-sponsored institution for the education of African-American teachers in the South. It was renamed the State Colored Normal School in Fayetteville that year, Fayetteville State Teachers College in 1939, Fayetteville State College in 1963, and Fayetteville State University in 1969.

While FSU’s roots are as a teacher education institution, it now offers nearly 70 degrees at the baccalaureate, masters and doctoral levels. Many of the programs are accredited by the top agencies. The university’s School of Business and Economics is endorsed by the Association to Advance Collegiate Schools of Business (AACSB). AACSB is one of the most prestigious and rigorous accrediting bodies for business programs in higher education. Currently, less than one-third of U.S. business programs and only 15% of the world's business programs have earned AACSB accreditation. Receipt of this distinguished accreditation provides evidence that FSU’s School of Business and Economics has established itself as a leader among business schools. Additionally, the Master of Business Administration program has been cited by U.S. News and World Report and The Princeton Review as one of the best graduate business school programs in the country. The Department of Criminal Justice is accredited by the Academy of Criminal Justice Sciences (ACJS). FSU’s criminal justice program is the only such program in North Carolina to hold ACJS certification.

FSU is rapidly becoming a center for research and technology. In spring 2010, the university, in conjunction with the University of North Carolina at Pembroke, cut the ribbon on the Southeastern North Carolina Regional Microanalytical and Imaging Center. The center is home to the electron microprobe, an advanced imaging tool that magnifies objects up to 300,000 times.

FSU is a partner in the community. The institution has formulated a strong relationship with the local municipality and with civic and social organizations in the area. The institution enjoys its partnership with its military neighbors. In the coming years, as a result of Base Realignment
and Closure (BRAC), Fort Bragg will be home to more than 50,000 soldiers and some of the nation’s top military brass. To address their educational needs, FSU has implemented a degree in intelligence studies with plans to offer more academic programs with the military in mind.

Students who come to FSU know they will be learning in a nurturing environment from some of the top scholars in their respective fields. As they matriculate, they know their degrees will prepare them to be 21st century global scholars, change agents, and contributing members of society.

Find Us
Location
United States

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert