Information Security Engineer II - Temp-ITACD

Job Type:

Temporary (One-year temporary position with option for renewal); includes an amended benefits package.

Salary:

The salary is disclosed within the application as an application question.

Position Overview:

Under the supervision of the Manager of Information Security, the Information Security Engineer is responsible for helping define, drive, and deliver major components of the university security strategy. Accountable for protecting IT infrastructure, edge devices, networks to prevent data breaches by monitoring and reacting to attacks. Assist with building communication and collaboration around IT security. Helps with solutions to problems that may arise in an expeditious, efficient, and timely manner. Effectively collaborates across technology teams and business units through excellent communication skills, diplomacy, and a positive attitude. In this role, you will work on a variety of projects and will play a key part in making sure that end results are designed according to the relevant patterns and analyses. Responsible for 24x7 support of all Information Security systems and support. Responsible for performing job duties in accordance with the mission, vision and values of the University of Central Oklahoma. Hybrid/Remote option available. Must complete on-site orientation up to 30 days as determined by position.

Department Specific Essential Job Functions:

Lead in the delivery of secure architectures and designs for university systems. Provide functional and technical expertise related to data protection, security, and privacy. Provides recommendations for improvements to security posture, which includes developing road maps, guides, standards, and procedures. Responsible for activities involving the planning, development, administration, management, and support of university governance, risk and compliance operations. Understands the business strategy of enterprise-wide business and IT management, security, infrastructure and operations, disaster recovery, incident response, and works with teams to define security requirements. Communicates and coordinates with other team leads, business leadership, and project managers to ensure appropriate integration of processes and modules across the enterprise. Manages UCO’s information security systems so that they function reliably, meeting the organization’s business needs, and use the organization’s IT resources effectively. Supports and delivers on assigned projects with requirements developed through the collaborative effort of cross-functional teams and clients.

• Ensure IT security architecture, plans, controls, policies, and procedures align with IT standards and mission.
• Review federal, state, and industry regulations to ensure appropriate requirements and controls are in place to maintainobtain compliance (i.e., FERPA, HIPAA, PCI, GDPR).
• Work with IT colleagues to provide design input as well as to review the software configuration of SaaS systems to ensure the deployment of secure systems. Identify needs and contribute to data protection, governance, and compliance initiatives by implementing processes, procedures, standards, and guidelines.
• Provides mentorship to other IT staff in determining accurate risk profiles and methods to mitigate identified risk.
• Access and manage numerous reporting and security tools to protect our environment and investigate incidents. Suggest and execute as appropriate measures to contain or thwart attacks.
• Manage vulnerability scans (internal & external network, wireless, and application) and vulnerability remediation.
• Respond to vulnerability reports from other parties, occasionally responding after regular work hours based on a rotating schedule or to manage an incident. Score and triage vulnerability. Recommend appropriate prioritization to remediate the issue.
• Work with management to build the long-term strategic roadmap for the team, and provide mentorship to junior team members.
• Creates and maintains documentation, including diagrams, operational and support procedures. Publishes client-facing support documents to improve user experience.
• Interacts with end users, service desk, team members, and stakeholders in gathering information to define and document required changes to the environment. Assists IT management in preparing business and use cases.
• Performs other duties as assigned.

Qualifications

Qualifications / Experience Required:

Bachelor's degree in Computer Science or related field, plus 4 years of information security experience or total of 8+ years of comparable work experience. Requires experience with system and network infrastructure. Demonstrated proficiency and knowledge in information security. Understanding of security designs to support infrastructure, cloud services, networking technology, and architecture. Client satisfaction focused. Ability to train users on systems and applications. Strong communication skills with technical and non-technical staff. Must possess and maintain current CompTIA CASP or equivalent certification.

Qualifications / Experience Preferred:

• Experience scripting in Python, Ruby, PowerShell or Bash
• Understanding DevOps, Scrum, and ITIL concepts
• Experience using monitoring tools like New Relic, Nagios, CloudWatch or JPMon
• Experience utilizing vulnerability testing tools such as Varonis, Armis, Tenable Nessus, Rapid7, Tanium or other similar tools
• Understanding of Common Vulnerability Scoring System (CVE)
• Experience with firewalls, ACLs, and VPN technologies
• Working experience in Splunk data integrations or automation with other applications/ tools via programming
• Working knowledge of the NIST framework

Knowledge / Skills / Abilities:

Must possess strong customer service and interpersonal skills. Strong analytical, organization and collaboration skills. Ability to work well under pressure, handling multiple tasks and balancing multiple objectives, while consistently ensuring that priority objectives are met. Ability to communicate technical terms to non-technical users. Excellent verbal and written communication skills with the ability to understand procedures, policies and proposals. Adheres to and complies with UCO’s shared values and the Office of Information Technology’s Code of Ethics. This position is on-call 24x7x365 and requires the successful candidate to have high-speed internet access to their residence, and maintain a smart phone on which to receive telephone calls, email, SMS messages from servers and authorized OIT personnel.

Physical Demands:

Reasonable accommodations (in accordance with ADA requirements) may be made, upon request, to enable individuals with disabilities to perform essential functions.