Position Number:

998591

Functional Title:

Information Security Systems Engineer

Position Type:

Staff

Position Eclass:

EP - EHRA 12 mo leave earning

University Information:

UNC Greensboro, located in the Piedmont Triad region of North Carolina, is 1 of only 57 doctoral institutions recognized by the Carnegie Foundation for both higher research activity and community engagement. Founded in 1891 and one of the original three UNC System institutions, UNC Greensboro is one of the most diverse universities in the state with 20,000+ students, and 3,000+ faculty and staff members representing 90+ nationalities. With 17 Division I athletic teams, 85 undergraduate degrees in over 125 areas of study, as well as 74 master’s and 32 doctoral programs, UNC Greensboro is consistently recognized nationally among the top universities for academic excellence and value, with noted strengths in health and wellness, visual and performing arts, nursing, education, and more. For additional information, please visit uncg.edu and follow UNCG on Facebook, Twitter, and Instagram.

Primary Purpose of the Organizational Unit:

The Information Security Office is a subset within the Information Technology Services (ITS) division that is charged with providing active information security assessment, risk analysis, incident management, information security controls, education, and guidance for the protection of UNCG’s information assets and information technology environment. The overall objective is to protect and preserve the confidentiality, integrity, and availability of information and information resources for teaching and learning, research, service, and the conduct of university business.

Position Summary:

The Information Security Systems Engineer contributes to the success of the University by developing, configuring, implementing, and supporting specialized information security systems and tools that protect critical information systems and resources from security threats. This includes implementation, maintenance, lifecycle management, and break/fix support for a wide variety of information security systems including:

• Security Event Information Management (SEIM) systems
• Vulnerability detection and management systems
• Data Loss Prevention (DLP) and data security scanning systems
• Network traffic monitoring behavioral anomaly detection systems
• Cloud Access Security Broker (CASB) systems
• Database access monitoring and security scanning systems
• Governance, Risk & Compliance (GRC) systems
• eDiscovery systems
• Security Orchestration, Automation, and Response (SOAR) systems
• Application security testing and Runtime Application Security Protection (RASP) systems

The Information Security Systems Engineer is also responsible for planning and executing short- and medium-term information improvement projects and initiatives intended to improve the sustainability, automation, efficiency, efficacy, performance, and coverage of information security systems and tools with guidance and support from the Chief Information Security Officer (CISO) and systems architects. This includes evaluating, proposing, acquiring, developing, and deploying new and/or customized security solutions to meet UNCG’s specific information security needs according to the adopted ISO/IEC 27002 control framework. The Engineer works actively with other IT staff and end-users from other University departments and divisions to help determine functional, interoperability, sustainability, and information security requirements for the security systems being deployed and is responsible for ensuring that deployed technologies provide the necessary protection, detection, and defense capabilities for the information resources that they are intended to protect. The Engineer also ensures that all supported systems are fully documented and supported in an auditable fashion.

Additionally, the Information Security Systems Engineer provides ongoing support and advice to other IT staff and end-users on a variety of security topics and issues, helping to ensure adherence to the University’s security policies and procedures along with compliance with applicable regulations. The Engineer recommends strategies to prevent security exposures and intrusions and plays a key role in helping University business units address extant and emerging security concerns through the use of appropriate security technologies.

Minimum Qualifications:

• Mid-career with Master’s Degree and 1 to 2 years of experience; or Bachelor’s Degree and 2 to 4 years of experience; or equivalent education and experience.
• Degree should be in Computer Science, Information Technology, Information Security or closely related discipline from an appropriately accredited institution or equivalent education and experience.
• Demonstrated recent experience with server and network infrastructure operations, including Windows and Linux servers, virtual server systems, and complex enterprise network routing and switching.
• Demonstrated recent experience with scripting and automation technologies.
• Demonstrated recent experience with security configurations on cloud computing systems.

Preferred Qualifications:

• 7+ years of technical experience supporting information security systems.
• 2+ years of technical leadership responsibilities in previous positions.
• Excellent interpersonal and written communications skills.
• Information security industry or vendor certifications are desired.

Special Instructions to Applicants:

Applicants are required to upload the following documents with their electronic application:

• Resume
• Cover Letter
• List of References

Applicants are required to upload a list of references of at least three (3) professional references that includes:

• Name
• Company Name
• Type of reference (Professional, Supervisor, Colleague, Academic or Personal). One (1) of those references will need to be a current or previous supervisor.
• Email Address
• Contact Phone Number

Applications are not successfully submitted until an online confirmation number has been received at the end of the application process.

Recruitment Range:

Commensurate with experience

Org #-Department:

Info Technology Services - 23101

Job Open Date:

09/29/2021

For Best Consideration Date:

10/06/2021

Open Until Filled:

Yes

FTE:

1.000

Type of Appointment:

Permanent

Number of Months per Year:

12

FLSA:

Exempt

Percentage Of Time:

40

Key Responsibility:

Information Security Systems Support

Essential Tasks:

• Act as technical lead supporting enterprise-scale technology solutions that provide critical information security services across a diverse functional environment.
• Design, develop, test, certify, and fully document robust information security solutions according to documented requirements.
• Deploy, support, upgrade, maintain, and administer critical information security systems in support of institutional business, security, and technology goals.
• Respond to break/fix issues concerning information security systems, performing technical diagnosis, troubleshooting, and resolution for complex issues.
• Act as an escalation point for other team members, providing technical expertise for support and resolution of production problems and security incidents, always seeking to identify root cause and prevent future recurrence.

Percentage Of Time:

40

Key Responsibility:

Security Systems Consulting and Continuous Improvement

Essential Tasks:

• Provide subject matter expertise and consulting services for information security technologies to other IT Staff and distributed technology groups across the institution.
• Act as a lead security systems engineering resource for multiple parallel project efforts, helping to drive the technical components of those projects to completion.
• Drive the creation of efficient, repeatable, and measurable human processes for deploying, maintaining, administering, and supporting information security systems.
• Drive the development of scripts and other automation techniques to increase the manageability, efficiency, capability, capacity, and security of supported systems.
• Analyze and assess existing systems and identify gaps leading to potential improvements throughout the technology lifecycle.
• Create scripts, employ tools, develop automation techniques, and pursue ideas to increase the manageability, efficiency, capability, capacity, and security of information security systems, servers, and appliances.
• Pursue new and evolving security technologies, and develop them for potential future use.

Percentage Of Time:

20

Key Responsibility:

Technology Governance

Essential Tasks:

• Foster and maintain relationships with architects and system operators in a manner that reflects the communications and feedback loops necessary to ensure that systems are usable, operable, efficient, and effective according to their designed purpose.
• Maintain comprehensive technical documentation including functional requirements, technical designs, network diagrams, workflow diagrams, application communications diagrams, configuration standards, support documentation, procedural documentation, training materials, and some project documents.
• Participate in vendor support relationships and take an active role in facilitating the exchange of information in order to improve the quality and efficacy of vendor product offerings in a direction that benefits the institution.
• Work with risk management teams to help identify and articulate risks to supported systems, and to remediate, remove, or mitigate risks to the technology environment in compliance with established governance and risk management frameworks.
• Participate in audit and compliance activities, always seeking to ensure that technology systems and human processes produce artifacts that prove compliance with applicable regulatory requirements and standards.

Physical Effort:

Hand Movement-Repetitive Motions - F, Finger Dexterity - F, Reading - F, Writing - F, Hearing - F, Talking - F, Sitting - F

Work Environment:

Inside - C