Senior Information Security Engineer

Senior Information Security Engineer

About the Opportunity

JOB SUMMARY

Northeastern University is looking for a highly motivated and experienced candidate for the role of Senior Information Security Engineer. This individual reports directly to the Director of Information Security and will ensure the delivery of the Information Security Program services to achieve both business and security objectives and contributes to Information Security Operations across Northeastern University's global campus network.

Our ideal candidate should have considerable professional experience, including a proven record of leadership and a portfolio of successful projects. The person in this role will provide security consulting on projects for internal clients to ensure conformity with corporate information, security policy, and standards. They will also build Information Security systems (e.g. SIEM/SOAR) and tools (e.g. data processing pipelines, connecting various SaaS systems or using APIs to strengthen the data in the program, etc.).

At Team ITS, your success matters as much as the mission. Learn more about our flexible, highly dynamic, and values-first culture at careers.its.northeastern.edu.

This position is eligible for remote work.

MINIMUM QUALIFICATIONS

• Bachelor's degree in Information Systems or Computer Science and/or equivalent combination of education and work experience.
  
• Deep experience as an IT professional with a minimum of 7 years of direct experience with information security architecture, engineering and security operations in a complex, heterogeneous network environment.
  
• Demonstrated growth and service-oriented mindset
  
• M365 experience (ideally M365 security)
  
• Experience interfacing with/ managing security controls or working in a mature security control environment
  
• Strong systems Engineer including Powershell scripting (or python) for automation
  
• Experience with scripting, programming, or automation tools; vulnerability scanning tools and processes (Tenable Nessus); cloud security testing tools and processes.
  

• Hands-on experience with architecture and implementation of key information security tools such as an enterprise SIEM and SOAR solutions, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices (experience with security technology solutions particularly QRadar, Sentinel, Defender, Intune)
  
• Experience with enterprise scale workflows, services, and architecture, including Cloud Platforms (such as M365) and applicable Cloud Security principals.
  
• Certifications in one or more of the following: Certified Information Systems Security Professional (CISSP), CISM, GIAC Security Essentials (GSEC), or other relevant certifications.
  
• Experience in managing vendor relationships and partnerships (Managed Security Service Providers and Professional Services engagements) to assure that service standards and expectations are maintained and achieved.
  
• Must be detail-oriented, and have excellent organizational, administrative, and interpersonal skills.
  
• Experience Writing and preparing technical reports, and Standard Operating Procedures/Playbooks
  

PREFERRED QUALIFICATIONS

The following Additional Qualifications are strongly preferred. If you meet some, but not all, you are still encouraged to apply; we value employees with a willingness to learn.

• Experience participating in digital forensics investigations using current technologies and practices.
  
• Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux
  
• Project Management experience, Scrum/Agile preferred.
  
• CISM, GIAC or CISSP certifications preferred.
  
• Familiarity with compliance and Privacy themes is preferable, including but not limited to Privacy and legal requirements FERPA, NIST.
  
• Previous experience in higher education preferred.
  

KEY RESPONSIBILITIES & ACCOUNTABILITIES

• Provide security consulting on projects for internal clients to ensure conformity with corporate information, security policy, and standards. Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security across all University systems, audience types, and applications.
  
• Consult on initiatives by examining environments and helping provide recommendations for applying security standards in the form of configuration management, Infrastructure as Code, etc.
  
• Assist with the management of infrastructure security systems (NGFW, NAC, SIEM, NGAV, EDR, UBA, WAF, DLP, etc.
  
• Act as a consultative partner for Application security design and security reviews
  
• Assist/perform deployment/ maintenance and tuning of security systems such as firewalls, IPS/IDS, SIEM, EDR, WAF, threat and vulnerability management tools to reduce false positives and deliver actionable reporting
  
• Architect/Design/Review system configurations to ensure that they are secure, role appropriate, and consistent throughout the organization
  
• Without direct supervision, perform tasks required to ensure customer satisfaction and departmental SLA's are achieved.
  
• Provide Tier 1, 2, and 3 support to customers on the services provided by the department.
  
• Provide accurate and effective documentation on all issues and problems.
  
• Provide training and documentation to Tier 1 support and other department team members on emerging issues.
  

• Without direct supervision, perform tasks required to ensure customer satisfaction and departmental SLA's are achieved.
  
• Provide Tier 1, 2, and 3 support to customers on the services provided by the department.
  
• Provide accurate and effective documentation on all issues and problems.
  
• Provide training and documentation to Tier 1 support and other department team members on emerging issues.
  

• Additional responsibilities, including but not limited to:
  
  • Identify potential information and network security vulnerabilities.
    
  • Develop and implement solutions to mitigate risks and enhance system security.
    
  • Ensure site security and provide consultation on security issues.
    
  • Investigate and recommend security technologies including managed security services, data loss prevention, firewalls, encryption, intrusion detection, VPN and solutions for incorporation into product/services.
    
  • Analyze and resolve data, application, computer and network security problems and issues.
    
  • Perform security investigation and computer forensic analysis.
    
  • Assist in the development of secure architecture and designs and provides training on security solutions
    
  • Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
    
  • Review and correlate security logs
    

• Responsible for general Security Operations support including Incident Response (may require outside of regular hours as needed)
  
• Contribute to incident response activities across the University for all community members (faculty, students, and staff); including after-hours as needed.
  
• Consult with and advise the community as a subject matter expert in areas of information security automation and response.
  
• Provide consultation and support for approved services and tools.
  
• Cross-train and mentor other members of the team.
  

Position Type

Information Technology

Additional Information

Northeastern University considers factors such as candidate work experience, education and skills when extending an offer.

Northeastern has a comprehensive benefits package for benefit eligible employees. This includes medical, vision, dental, paid time off, tuition assistance, wellness & life, retirement- as well as commuting & transportation. Visit https://hr.northeastern.edu/benefits/ for more information.

Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

To learn more about Northeastern University's commitment and support of diversity and inclusion, please see www.northeastern.edu/diversity.


To apply, visit https://northeastern.wd1.myworkdayjobs.com/en-US/careers/job/Boston-MA-Main-Campus/Senior-Information-Security-Engineer_R112810



jeid-aaffc94eebbde148b0bfe543b0883e50