Senior Cybersecurity Engineer (Application Security) - Central

Position Details

Requisition Number

S612P

Home Org Name

CIO-VP IT and IT Administration

Division Name

CIO Information Technology

Position Title

Senior Cybersecurity Engineer (Application Security) - Central

Job Class Code

CS04

Appointment Status

Full-time

Part-time FTE

Limited Term

No

Limited Term Length

Job Summary

Under minimal supervision, the Application Security Engineer will be a technical lead and subject matter expert for the secure implementation of applications at Auburn University. This position will entail recommending, validating, and testing of application security architecture and design solutions in order to produce security recommendations for application developers and project teams. Tasks include working with DevOps and Quality Assurance teams to implement security training, threat modeling, vulnerability scanning, and pen testing of applications. Other duties involve a range of activities– such as developing security standards, participating as a security liaison on enterprise application teams, vetting software purchases, and troubleshooting Web Application Firewall alerts.

Essential Functions

1. Works with stakeholders to identify strategies to mitigate and remediate vulnerabilities as they are identified, primarily by working with the Office of Information Technology DevOps team and campus application developers to provide vulnerability scanning, pen testing and advising on application development.
2. Assists and, at times, leads efforts for incident response activities primarily as this relates to alerts from the Web Application Firewall.
3. Serves as the subject matter expert in operating systems, network devices and protocols, security technologies, cloud technologies, and security data sharing work flows by participating on software deployment project teams as a security advisor to ensure secure control implementation. Analyzes vendor documentation, project needs, and knowledge of campus computing environment to develop project security controls. Assists project teams in documenting security controls and developing system security plans.
4. Validates and tests information security application architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies. Integrates large amounts of intelligence information on threats into context in order to draw insights about the possible implications.
5. Participates in vetting requests for vendor software purchases, analyzing vendor documentation and application usage to make determinations regarding a potential application’s security posture.
6. Compiles relevant data and integrates data into a coherent whole. Considers the information’s reliability, validity, relevance, and time sensitivity.
7. Maintains knowledge with current emerging technologies and advancements within Information Security
8. Performs all assigned work to meet expected delivery and schedules and performs other duties in the realm of support and proactive services as assigned.
9. Works with system owners to educate them on security standards such as authentication, multi factor authentication, audit logging and review of PII, disaster recovery plans, role based access control ( RBAC ) in support of Auburn University Policies and regulations such as FERPA, HIPAA, NIST, and GLBA .
10. Assists systems owners in creating System Security Plans ( SSP ) and overall security documentation.

Education Level

Bachelor's degree from an accredited institution

Field of Study

No specific discipline required. Degree in IT or related field preferred. Master’s Degree in Information technology or directly relevant discipline preferred.

Years of Experience

8

Area of Experience

Demonstrated successful experience in information technology that includes a minimum of 8 years of progressively responsible experience in information security -Cybersecurity.

Requirements for Additional Job Levels

Education Level

Field of Study

Years of Experience

Area of Experience

Requirements for Additional Job Levels

Minimum Skills and Abilities

Minimum Technology Skills

Minimum License and Certifications

This position requires industry-standard Information Assurance certification of a Certified Information Systems Security Professional ( CISSP ). Certified Information Security Manager ( CISM ) or Certified Information Systems Auditor ( CISA ) maybe considered instead of the CISSP . CISSP must be obtained within 6 months of hire if other cert is used at time of hiring.

Desired Qualifications

1. Experience with development in . NET, Python, SQL and/or JavaScript.
2. Knowledge of well-known application security best practices such as OWASP, aspects of ISO 27001, or applicable NIST 800 standards, particularly NIST 800-171 and NIST 800-53.
3. Experience with application security tools including DAST, SAST, Penetration testing, Fuzzing etc.
4. Experience with both a detailed technical knowledge and hands-on practice working in security engineering, DevOps, application penetration testing, and/or secure software.
5. Experience with a broad range of web attack classes, their workings, and propagation methods.
6. Working knowledge of laws, regulations and standards affecting information technology security in a higher education environment, including, but not limited to, PCI - DSS, HIPAA, GLBA, FERPA, and DMCA .
7. Basic experience with the following Operating Systems is recommended but not required: Linux distributions (Ubuntu, Kali Linux, Debian), iOS (current versions), Android OS (current versions), macOS (current versions)
8. Strong analytical and problem-solving skills, and works well in a team environment.
9. Willingness to acquire in-depth knowledge of network- and host security technologies and products continuously improve these skills.

Salary Grade

00

Salary Range

$85,400 - $136,600

Job Category

Information Systems/Technology

Working Hours if Non-Traditional

List any hazardous conditions or physical demands required by this position

Posting Date

02/02/2021

Closing Date

EEO Statement

AUBURN UNIVERSITY IS AN AFFIRMATIVE ACTION / EQUAL OPPORTUNITY EMPLOYER . It is our policy to provide equal employment opportunities for all individuals without regard to race, sex, religion, color, national origin, age, disability, protected veteran status, genetic information, sexual orientation, gender identity, or any other classification protected by applicable law.

Special Instructions to Applicants

Auburn University is one of the nation’s premier public land-grant institutions. In 2020, it was ranked 44th among public universities by U.S. News and World Report. Auburn maintains high levels of research activity and high standards for teaching excellence, offering Bachelor’s, Master’s, Educational Specialist, and Doctor’s degrees in agriculture and engineering, the professions, and the arts and sciences. Its 2019 enrollment of 30,460 students includes 24,594 undergraduates and 5,866 graduate and professional students. Organized into twelve academic colleges and schools, Auburn’s 1,643 instructional faculty members—87% of whom are employed full-time—offer more than 200 educational programs. The University is nationally recognized for its commitment to academic excellence, its positive work environment, its student engagement, and its beautiful campus.

Auburn residents enjoy a thriving community, recognized as one of the “best small towns in America,” with moderate climate and easy access to major cities or to beach and mountain recreational facilities. Situated along the rapidly developing I-85 corridor between Atlanta, Georgia, and Montgomery, Alabama, the combined Auburn-Opelika-Columbus statistical area has a population of over 500,000, with excellent public school systems and regional medical centers.

Auburn University is committed to providing a comprehensive employee benefits package that attracts and retains talent to further the University’s mission and contributes to the personal and financial well-being of employees and their families. Employee Benefits include: Health Insurance, Dental Insurance, Vision Care, Cancer Insurance, Life Insurance/Personal Accident Coverage, Disability Group & Supplemental Plans, Flexible Spending Account Plan, and Mandatory and Voluntary Retirement Plans, Auburn University Federal Credit Union, Bookstore Discounts, Tiger Perks discounts on dining, shopping and entertainment, Travel Assistance (Domestic and International), and Educational Improvements for Employees and Dependents.

Quick Link for Internal Postings

https://www.auemployment.com/postings/21131
Documents Needed to Apply
Required Documents

1. Resume
2. Cover Letter

Optional Documents

1. Letter of Recommendation
2. Other

Supplemental Questions

Required fields are indicated with an asterisk (*).

1. * How were you made aware of this opportunity?
   • AU Employment website
   • Employment websites (Indeed, HigherEd Jobs, etc.)
   • Veterans Assistance Services
   • Disability Assistance Services
   • Newspaper
   • Professional Journal
   • Listserv
   • HR email
   • Social Media
   • State Employment Service
   • Walk-in
   • Other
2. * Please select the answer that best describes your current employment relationship with Auburn University.
   • Not a current Auburn employee
   • Current Auburn employee in position less than one year
   • Current Auburn employee in position more than one year
3. * Do you have a Bachelor's degree from an accredited institution?
   • Yes
   • No
4. * Do you have 8 years of progressively responsible experience in information security/Cybersecurity?
   • Yes
   • No
5. * Which of the following security certifications do you possess?: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) If you do not possess any of the above, please enter 'N/A'.
   
   (Open Ended Question)
   
   
6. * What one skill makes you the most qualified for this position?
   
   (Open Ended Question)