IT Security Professional III

East Carolina University

IT Security Professional III
Vacancy #:  500065
Recruitment Range:  $93,162 - $101,642
Closing Date:  Open Until Filled

Organizational Unit Overview
Information Technology and Computing Services (ITCS) is the central agency that supports enterprise-wide computing at East Carolina University. ITCS, through innovative information technology initiatives and service, provides opportunities for the ECU community to excel in teaching, research, and service using state-of-the-market technology and collaborative environments. ITCS is first and foremost committed to providing excellent information technology support for faculty, staff, and students. ITCS partners with campus departments, other universities, and industry to make strategic investments in information technology infrastructure that will help maintain a competitive advantage in administrative applications, faculty research, and outreach to the state and nation. We will achieve this through increasing the core functions and deploying appropriate technology throughout the university.

The Cyber Security Operations Center (CSOC) team, a unit within the Information Security Office, detects, analyzes, and facilitates the university’s response to cyber security threats. This team is responsible for security incident response management, vulnerability management, sensitive data verification, cyber threat analysis, security information and event management (SIEM) and monitoring, and digital forensics. The CSOC team develops security standard operating procedures and best practice guidelines, and interfaces with Internal Audit, and other agencies on security related issues.

Job Duties
Reporting to the Chief Information Security Officer (CISO), the main responsibilities of this position center on providing technical expertise and leadership in driving ECU’s CSOC team initiatives, processes and day-to-day functions for ensuring/improving the overall cyber security posture for the University. The position functions in a high-level technical capacity which includes developing, implementing, supporting, and providing technical consultation on security issues. The position mentors other personnel and functions as subject matter expert for complex cyber security related solutions. The CSOC Supervisor advises and provides recommendations to the CISO on the planning, development, execution, monitoring, and evaluation of cyber security strategies, policies, procedures, and standards to ensure the confidentiality, integrity, and availability of university IT resources and data.

The position’s duties include supervision of the Cyber Security Operations Center team, providing direction on the day-to-day planning and organizing of team members’ work, and conducting performance evaluations. The individual in this position may also be called upon to supervise student interns. Supervision duties includes time management and quality of work supervision. Observes and assesses work performed on a day-to-day basis providing feedback and direction for planning and organization of the work of the CSOC team members and vendor resources. Holds team meetings and one-to-one meetings with individual team members.

This position will provide expert level support in assisting team members as well as other support teams and university users with identifying, addressing and/or resolving complex security related issues concerning endpoints, servers, applications, information systems, network infrastructure, and physical security. This position is responsible for knowledge of various security systems and technologies that are associated with incident response management; system audits; and identifying and remediating potential security issues. This includes but is not limited to analysis of the output of security alerting tools, development and execution of plans to remediate issues; coordinate and collaborate with ITCS teams and external departments to ensure their systems meet the required security standards set in place for the university; research and stay current on security technologies, trends, issues, threats and solutions; and assist the CISO with the development of security practices for the university, while recommending appropriate security initiatives.

Proactively assesses the implications of vulnerabilities on the network and potential risk to IT systems and data. Analyzes information obtained from intrusion detection and prevention systems and works with security protocols and standards including recommended blocks to apply.

Provides support that involves complex analysis techniques that include an in-depth understanding of security technical controls, IT networks, and systems. Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, security controls, and security tools. Leverages an applied understanding of IT technologies, security risks, and controls to develop effective approaches that identify the highest risk issues and advise the CISO and other team members on the best approach for addressing the identified issues. Provides information to management regarding the negative impact on the university caused by cyber incidents that may disrupt, damage, or deny access to IT systems or data.

Integral to this position is maintaining broad knowledge of industry standards and best practice security frameworks including ISO 27002, NIST, and CIS 20.

Vulnerability Management
This position functions in a high-level technical capacity and facilitates and manages the identification and remediation of vulnerabilities. Of particular emphasis is overseeing the university’s vulnerability management processes for servers, working with the Enterprise Systems team to provide technical oversight of campus-wide vulnerability management goals, while steering system administrators toward remediating issues. Oversees and/or performs vulnerability scanning using vulnerability assessment tools including Rapid7 InsightVM. The position provides analysis on which vulnerabilities may potentially be exploited, especially in a higher education IT environment. Ensures that proper documentation is in place regarding configuration of the vulnerability management system, record of systems monitored, and contact information for system or application administrators.

Is involved in the evaluation of vulnerabilities and threats and to determine and recommend safeguards for system or application owners. Is involved in the development of corrective plans, mitigations, and full remediation actions. Understands and communicates attack chains to management and other stakeholders. Serves as the Chair of the Vulnerability Management Committee.

SIEM Management
This position is responsible for overseeing the monitoring, detection, and analysis of security events from logs and alerts generated by critical IT assets such as network devices and applications sent to tools such as a Security Information and Event Management (SIEM) solution. Supervises CSOC team members in regular monitoring of security alerts to determine relevancy and urgency. Provides expertise and leadership to utilize threat intelligence and reporting capabilities to analyze data from multiple feeds to better detect and respond to cyber attacks and decrease risk to assets or data.

Oversees the tracking and managing of adverse security events or threats affecting the university’s network, and manages processes for creating trouble tickets for security incidents that require further investigation. Provides technical expertise in identifying affected systems and the scope of potential compromise, conducts further technical investigation, and determines and directs remediation and recovery efforts.

Digital Forensics
This position is responsible for overseeing and/or performing as a technical resource for digital forensic investigations. Evaluates, manages and maintains digital investigation resources. Assists Internal Audit with the use and integration of the solution within their investigation workflow. Ensures users are provided with an update on resource changes as they may impact use.

This position works with legal and compliance teams investigating matters which are information security related. Assists or may be requested to assist in investigations as requested by forensically preserving and analyzing digital evidence and presenting the findings in an objective manner. This may include but is not limited to carrying out deep dives on digital devices on laptops, desktops, servers, mobile phones and other electronic devices that may contain ECU data. Analyze systems after compromise to provide insight. This position manages the maintenance of processes and procedures for forensic investigations.

Security Incident Response
This position is responsible for overseeing and performing as a part of the core security incident response team. Responsible for ensuring that security incident standard operating procedures are consistently followed while maintaining procedures and process documents so that they’re revised if necessary and kept up-to-date. Oversees the progress of investigations pertaining to security incidents, ensures quality control for security incident report documentation. Conducts access control reviews for incident response document repositories containing data pertaining to security incidents or vulnerabilities.

Manages security incidents during their scheduled “on-call” rotation, including incident activation, including incident level determination and initial impact analysis, notification to appropriate personnel including Security Incident Response Team members, maintaining communication throughout the incident, coordinating remediation efforts when multiple groups are involved, and documenting the incident. The CSOC Supervisor ensures that Lessons Learned meetings are held at the conclusion of an incident, and that any post-incident activities requiring plans of action or milestones are documented in the Information Security Risk Register. This position advises the CISO on any recommended changes to incident responses plans or processes.

Sensitive Data Verification
This position is responsible for overseeing and/or performing sensitive data analysis and verification. Utilizes resources to scan, analyze, and cull sensitive data by conducting a careful review for sensitive data, checking for quality, consistency, and gaps in treatment of sensitive data. Oversees the reporting of findings to the CISO, data stewards, data custodians, or other stakeholders.

Project Management
The position may be tapped for project management responsibilities, requiring development and management of complex project plans that require facilitating the work of the team and supporting vendor resources with some authority on actions and decisions. This requires maintaining accurate project documentation, project priorities, providing status updates and ensuring projects are completed according to schedule. Utilization of project management software and methodologies is required to manage projects. On occasion the position performs as a project team member for other complex projects of different functional teams. Assist management with developing project budgets.

Documentation, Professional Development, and other Administration
This position has substantial knowledge in developing, documenting and maintaining security processes, procedures and standards. This position is responsible for security related documentation for distribution/use within ITCS, other departments, and individual end users. Delivery methods will include web pages, documents, and formal and informal training sessions. The position ensures precise documentation of recurring activities so that when a team member normally handling a duty is not available, essential duties can be performed by another team member.

Investigates and maintains in-depth technical knowledge of current and future products and services by reading trade publications, meeting with vendors about road maps for future products, optimizing current product utilization with vendor technical staff and seeks opportunities for professional growth. Seek out and participate in professional development activities designed to enhance employee skills including a continuing awareness of current state-of-the-art technology. Identifies needed knowledge, seeks out and applies that knowledge to changing client and campus needs.

The employee in this position is responsible for maintaining strategic technology contacts and partnerships with university departments, key technology suppliers, and vendors. The position assists the CISO in negotiating with technology vendors and procuring and maintaining various service agreements and contracts.

Lead the disaster recovery/business continuity planning, implementation, documentation and testing of CSOC systems. Develops goals and actions in the implementation of DR and continuity processes, and reviews processes with the CISO. Oversees the required disaster recovery testing on an annual basis to ensure testing is performed effectively and appropriate documentation is submitted on a timely basis.

Employees are required to adjust their standard work schedule to meet the requirements of their position, which includes and is not limited to evening and weekend hours to perform scheduled and unscheduled workload requirements to manage cyber security priorities. Duties require On-Call responsibilities.

Other duties as assigned.

Minimum Education/Experience
Master’s degree and 2-4 year’s experience; or a bachelor’s degree and 3-5 years’ experience: or an equivalent combination of education and experience. All degrees must be received from appropriately accredited institutions.

Preferred Experience, Skills, Training/Education

• Bachelor’s degree in Computer Science, Information and Computer Technology, Information Security, or related area from an appropriately accredited institution, and four or more years of experience with cyber security activities such as SIEM monitoring and reporting, vulnerability management, incident response, monitoring and analysis of security related activities within an IPS/IDS solution, system administration, or related duties.
• Knowledgeable and experienced in digital forensic investigation processes and procedures. Broad knowledge of data network concepts, protocols, practices, and procedures. Demonstrates fundamental understanding of network security principles and network protocols, and network infrastructure and equipment.
• As mentioned above, integral to this position is maintaining broad knowledge of industry standards and best practice security frameworks including ISO 27002, NIST, and CIS 20. Knowledge and experience with the following is also desired: log management and monitoring tools; anti-malware, cryptographic controls, and password auditing practices. Security related experience with operating systems (Windows, Linux, or Apple) is preferred.
• Possesses the ability to successfully manage short and long-term projects with medium to high complexity that includes coordination with internal and external resources. Individual possesses excellent oral and written communication skills; and the ability to work as an independent, productive, responsible, self-motivated individual in high-pressure situations. Ability to assess business impact of issues, prioritize them and act to rectify. Be familiar with common security device functions, such as IDS/IPS, network and application firewalls, and DLP (Data Loss Prevention).
• Having an earned security related credential/certification (CISSP, CISM, CEH, CISA, Security+, Cisco credential, or similar) is a plus.
• Excellent technical knowledge of operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, cryptography, anti-malware solutions, automated policy compliance, and desktop security tools. Substantial knowledge in developing, documenting, and maintaining security policies, processes, procedures and standards, and ability to communicate requirements to technical staff. Substantial knowledge of other work specialties.

Special Instructions to Applicant
East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. Candidates must also submit a cover letter, resume, and a list of three references, including contact information, online.

Applicants must be currently authorized to work in the United States on a full-time basis.

Additional Instructions to Applicant
In order to be considered for this position, applicants must complete a candidate profile online via the PeopleAdmin system and submit any requested documents. Additionally, applicants that possess the preferred education and experience must also possess the minimum education/experience, if applicable.

Application Types Accepted
Applications will be considered until position is filled. Please submit an online ECU application for vacancy # 500065 to ECU Human Resources at http://www.jobs.ecu.edu.

East Carolina University is an Equal Opportunity/Affirmative Action Employer. 

Visit this job posting at http://ecu.peopleadmin.com/postings/38893