Career Center

Provides senior administrative and technical support to the Chief Information Security Officer and Deputy Chief Information Security Officer and Deputy Chief Information Security  in developing, implementing, and executing the information security program. Collaboratively assists in the development of information security policies, standards, procedures, and processes in support of the mission of the university. Responsible for institutional vulnerability management, related processes, and reporting. Supports day to day incident monitoring operations and management. Assists Operational Security in developing, monitoring, and enforcing practices to ensure that information is secure from unauthorized access and inappropriate alteration. Assesses and recommends information security improvements. 

1. Lead Cyber Security Oversight and Incident Response: Provide technical leadership for vulnerability identification, threat and attack mitigation, intrusion detection and prevention, remediation plans and risk assessments. Assist in the response to security events and escalations. Reports, records, and works with departments to resolve security related issues and incidents. Assist OIT with and verify monitoring of specific components or supporting infrastructure is occurring. Recommend changes a nd tuning for Intrusion Prevention Systems, Intrusion Detection Systems, vulnerability scanning, Security Incident Event Management (SIEM), log analysis, firewall rules, Virtual Private Networks (VPNs), identity management, access management, risk assessments, encryption, sensitive data discovery, Data Loss Prevention (DLP), Mobile Device Management MDM) and/or other related functions as assigned. Support security equipment to ensure proper operation including upgrades and installations. 
 
2. Information Security Architecture: Partner across business and technology disciplines and departments to present and deliver the secure architecture. Provide guidance on the application of reference architecture (cloud or on premises), strategic direction of enterprise technology, and serve as subject matter expert with contextual knowledge of the business needs. Develop, document and utilize reusable patterns, practices, and enterprise reference architectures that fit within the overall UTA architecture. Provide strategic direction and consulting to support cross-functional security activities and project teams including security strategy, solution, architecture, technology products, design security architecture, infrastructure hardening and compliance. Assist in the development, implementation, monitoring, assessment and support of access control, data confidentiality, system integrity, system reliability, system audit and recovery methods and procedures. Adhere to and improve procedures on incident management, and use of information security tools and information. 
 
3. Assist with Research Compliance and Support: the development of requirements for, and take part in, information security projects. Provide strategic direction and consulting to support cross-functional security activities and project teams including security strategy, solution, enterprise application architecture, technology products, design and implement security architecture, infrastructure hardening and compliance. Assist the security team in support of information security projects and requirements, including project management and testing of security projects and applications. Interface with OIT and research personnel to resolve security related issues. 
 
5. Information Security Awareness Training and Communication: Support the development and implementation of security awareness training programs. Performs other duties assigned. Participate in Information Security Awareness and other duties as assigned. 
 
6. Other duties as assigned: Manage, participate and/or develop requirements for information security projects.

Bachelor's degree. Five (5) years of cumulative experience in networks, databases, security, web development or other IT related field. Two (2) years of experience with Information Security or Risk Management. Team-oriented self-starter with the ability to handle multiple projects simultaneously. Strong oral/written communications and interpersonal skills. Excellent planning and organizational skills. A high degree of initiative, motivation and problem-solving skills. Technical knowledge of operating systems, defense-in-depth concepts, networks, security related technologies, and security configurations. Working knowledge of Microsoft Windows, Linux/UNIX systems, firewalls, TCP/IP, VPN, DNS, access management, encryption, configuration management, vulnerability scanning, and application security best practices. CISSP certification. Must have CISSP certification or ability to obtain the certification within 1 year from hire.

Master's degree preferred. Certifications related to the duties and responsibilities specified, including but not limited to CNA, CCNA, CISA, CISSP, MCSE, SSCP, and SANS GIAC. Experience with web development, scripting, and/or programming. Direct working knowledge and experience with Splunk. Working, practical experience, with at least one (1) of the following: Cisco or Juniper Firewall, Intrusion Prevention Systems, Intrusion Detection Systems, Microsoft System Center End Point Protection (SCEP), Anti-Malware Software, Microsoft System Center Configuration Management (SCCM), puppet, WinMagic Secure Doc, Cenzic or Burp Application Scanner, Oracle/Peoplesoft security, MySQL, MS SQL, LDAP, Kerberos, Active Directory, Apache, IIS, Nessus vulnerability scanner, Sendmail, IronPort, Email Encryption, Identity Finder, Data Loss Prevention tools, SMTP, SNMP, Perl, Python, Unix Shell, C#, PHP, or Java.

Applicants must include in their online resume the following information: 1) Employment history: name of company, period employed (from month/year to month/year), job title, summary of job duties and 2) Education: If no high school diploma or GED, list highest grade completed; If some college or college degree, list school name, degree type, major.