WHAT YOU WILL DO
- Responsible for identifying threats to the environment, strategy, and implementation guidance to other operations and engineering teams. Works to build and maintain a secure scalable environment of integrated global networks, applications, and related systems.
- Performs periodic risk and vulnerability scans, assessments, and reviews; application and infrastructure audits. Manages network penetration tests; plans and creates penetration testing plans and toolkits. Performs hands-on penetration testing and manages external engagement resources to conduct penetration test activities. Presents findings and remediation guidance to relevant stakeholders, and manages resolution plans.
- Determines infrastructure, application, and cloud security requirements, procedures, and policies; defines and implements security controls.
- Responsible for protecting College constituents and critical assets through management of access control and data security functions.
- Assists in the design implementation, modification, and administration of identity and access management and account provisioning systems, two-factor authentication systems and single sign on systems, connections to Cloud services, and other production or legacy application systems environments.
- Participates in data governance and data retention strategies and controls, in collaboration with the strategy set by the CISO.
- Participates in the design of information security policy, education, training, and awareness activities; monitors compliance with the College’s security policy and applicable laws; participates in the coordination of investigations and reporting of security incidents.
- Monitors security systems, SIEM, log files, packet captures, and network flows directly or through liaison with manage service providers to detect cybersecurity events, respond to threats, manage incidents as they arise and structure organizational Incident Response.
- Performs endpoint incident detection and network incident detection and manage security systems (EDR, AV, etc.).
- Responds to incidents involving malware; network-based attacks, SIEM, firewall, IDS and IPS, cloud, and data loss prevention events.
- Leads project team meetings, reviews action plans and tracks project milestones. Summarizes and clearly communicates complex information in written and oral formats to colleagues, internal and external stakeholders, and clients.
- Trains, mentors, and leverages the skills of others (including business partners and technical team members) to ensure timely and effective support for the Information Security Office.
- Participates in vendor and new technology evaluations.
- Performs vulnerability assessments and remediations.
- May represent the Information Security Office by sitting on interdepartmental and College-wide committees when appropriate.
- Assumes additional responsibilities as required.
YOUR TEAM WILL INCLUDE
N/A
WHAT EDUCATION AND SKILLS YOU WILL NEED
Bachelor’s Degree
A minimum of 2+ years of experience in business administration, auditing, and information security-related OR systems integrations fields (with a strong understanding of security concepts).
Must possess a significant level of operational cybersecurity expertise, demonstrate an in-depth knowledge of cybersecurity concepts, practices ,and policies; experience working in heterogeneous technology environments; participating in systems integrations; troubleshooting complex issues; and monitoring an environment that includes on-premise, co-located, hosted, and cloud architectures.
Ability to manage and maintain a disparate suite of security solutions. Knowledge of secure software development life cycles and methodologies.
Must be meticulous, detail-oriented, and have excellent organizational, administrative, and interpersonal skills.
Ability to produce, maintain, and analyze security logs (Intrusion Detection/Prevention Systems), firewalls, antivirus, and incident reports, work and troubleshoot in a technical environment.
Solicits and gathers technical details and requirements contributing to establish project milestones, tasks, and goals.
Maintains a constructive, team-oriented, and customer-focused attitude. Provides a high level of customer service at all times.
Ability to work independently and creatively, learn quickly, and solve complex problems in high-pressure situations.
Experience with a variety of different systems, platforms, security frameworks, and tools (Such as: CIS, NIST, AWS/AZURE and/or cloud security, ITIL, IAM or accounting provisioning software, vulnerability assessment tools, Microsoft 365 and Google Suite, SQL, LDAP, LAPS, and active directory management, Linux, Red Hat, and related OS, Python, Perl, Batch, CSS, XML, JSON, and PHP).
Envisions and proposes new methods to perform tasks that support ET&A; takes thoughtful risks; and accepts new and ongoing initiatives, objectives, and solutions to gain sought-after results.
Anticipates and embraces change; demonstrates willingness to achieve, acquire, and utilize new skills and challenging tasks; and is flexible in changing conditions.
HOW AND WHERE YOU WILL WORK
Requires some onsite work but flexibility is offered with the onsite schedule; the on-campus requirement is subject to modification based on organizational need.
Potential for on-call responsibilities.
ADDITIONAL SKILLS YOU MAY HAVE
- CISM, GIAC or CISSP certifications preferred.
- Familiarity with compliance themes is preferable, including but not limited to legal requirements such as 201 CMR 17.00, FERPA, NIST, as well as industry standards that govern software lifecycles.
- Previous experience in higher education preferred.
.
