Search for University Jobs in Staff & Non-Managerial Professionals
Stevens Institute of Technology
Cybersecurity Engineer Job Description
Job Description Summary
Web Server and Database Admin
The Cybersecurity Engineer reports directly to the Chief Information Security Officer within the Division of Information Technology. This person in this position is a key member of the Division of Information Technology, and as part of a team of professionals across the Division, will support the security of Stevens’ enterprise network, systems, and information assets. Stevens fundamentally depends upon a high-availability, state-of-the-art production networked computing environment for academic, administrative, and research functions. Consistent with this, the Cybersecurity Engineer supports the University’s mission, goals, and strategic initiatives across academic, administrative, and research operations. The incumbent will play an important role in recommending, planning, and implementing security provisioning. This position requires a proven and successful professional who has the combination of skillset and mindset required to be an effective member of a high-performing team of professionals. Beyond technical skills, this position requires excellent communication, collaboration, teamwork, transparency, and service ethic in order to be successful.
As is the case with all areas of the Division of Information Technology, a fundamental responsibility of this individual is being highly user-centric and working directly with users. This will involve engagement including significant consulting and collaborating with users and ensuring excellent customer service and responsiveness regarding security questions and issues. It will also require complete engagement, transparency, and collaboration with other members of the unit and the Division. This is an on-site/hybrid or remote position with an established work schedule. The position also requires the ability to work off-hours and weekends as necessary to meet the needs of the University. This may include non-scheduled onsite problem response when necessary. Responsibilities include, but are not limited to:
- Overseeing daily operation of the University’s information security systems, as well as ensuring that cybersecurity situational awareness is maintained continuously
- Acting as a liaison between IT and Academics for coordinating the execution and documentation of research technology systems, including information security processes of a Controlled Unclassified Information environment adhering to the NIST SP 800-53, and especially NIST SP 800-171
- Implementing and operating campus intrusion detection systems, intrusion prevention systems, SIEM, and other tools to detect, respond to, and mitigate information security-related vulnerabilities and incidents
- Reviewing and processing threat intel reports and sources (e.g. security events, network traffic, logs, etc.) and formulating these into actionable intelligence for Divisional members and leaders
- Serving as a resource person in assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices for all campus information systems including but not limited to information systems dedicated to research grants and awards
- Evaluating current and future security-related requirements and developing or recommending technical and operational solutions accordingly
- Researching, developing, testing, analyzing, documenting, and recommending SOC tools and applications
- Assisting the CISO in delivering information security technologies and services to the campus including but not limited to patch management, vulnerability scanning, system hardening, encryption services, and configuration review
- Monitoring general and specific threat intelligence, and assisting with cybersecurity tools, malware analysis, and implementation of threat detection analytics
- Working with User Support Services to address security issues and concerns, and acting as Level 2 response for user security challenges
- Serving as a member of Stevens’ Cyber Incident Response Team (CIRT)
- Providing training, support, mentoring, and coaching to users, including students and other staff members
- Other duties as assigned.
- Bachelor’s degree with a major directly related to the responsibilities of the position; equivalent combination of training and experience may be considered
- 3-5 years substantial professional experience directly related to the responsibilities of the position (e.g. information security, network security, system security)
- Must be able to achieve government clearance to assist campus with security and research tasks
- Direct, hands-on practical experience in the use of security monitoring and detection systems and tools as well as access control mechanisms
- Experience with Azure Information Protection, Office365 Message Encryption and design
- Experience with identity and user management solutions provided by Azure, OKTA, or other 3rd parties
- Strong knowledge of NIST Special Publications; specifically, NIST SP 800-53 and NIST SP 800-171, and other NIST Special Publications, including the NIST and DoD Risk Management Framework
- Ability to develop Institutional System Security Plans (SSPs) and to include Plans of Actions and Milestones (POA&Ms) is essential
- Ability to build necessary documentation to comply with all controls of DFARS 7012 / NIST 800-171, NIST 800-53 (low, moderate, or high) or the NIST Cybersecurity Framework (NIST CSF)
- Solid working knowledge of the NIST Risk Management Framework and Security Controls and their application
- Experience with a variety of web application protocols, web services, scripting capabilities, software development frameworks, operating systems, and networking technologies
- Technical knowledge and understanding of operating systems, network architecture (i.e. routing, switching, VLANs, segmentation, NAC) and design, access controls and authentication methodologies, Active Directory, and similar fundamentals
- Knowledge of encryption and key management
- Excellent interpersonal, written, and oral communication skills and the ability to communicate effectively with both highly technical and non-technical audiences
- Strong self-initiative and work ethic
- Ability to work effectively as a positive, engaged, transparent member of a high-performing / collaborative team of professionals
- Ability to handle multiple priorities in a highly dynamic and fast-paced environment
- Strong organizational, prioritization, and time management skills
- Strong analytical, systems thinking, and problem-solving skills
- Sound judgement and decision-making commensurate with the responsibilities of the position
- Commitment to professional growth and experience
- Weekend/off-hours work as needed or required.
- 5-7 years of intensive professional experience in information security in a large, complex, production network
- Substantial professional experience in higher education and research environments, providing infrastructure support for academic, administrative, and research functions
- Substantial professional training in security, with corresponding certifications (e.g. SEC+ CE, CySA+, GICSP, GSEC, SSCP, CISSP)
- At least 2 years experience with nist controls in a NIST SP 800-53, specially NIST SP 800-171 environment
- Experience with cloud security tools, frameworks, and methods in an Azure or AWS environment.
- Familiarity with common compliance frameworks (e.g., ISO, HIPAA, NIST, COBIT, etc.)
- Knowledge of the application and utilization of endpoint threat intelligence technologies
- Proficient knowledge of network security including firewalls and network monitoring and alerting systems, as well as vulnerability assessment and threat mediation
- Experience in network / host-based intrusion analysis, malware analysis, and forensics
- Training and knowledge of advanced persistent threats, data exfiltration techniques, and similar advanced security issues.
Breakdown of Essential Duties and Responsibilities
- 30%: Information Assurance security
- 30%: Vulnerability Management
- 30%: Programmatic, planning, and requirements creation for security
- 10%: Other duties as assigned in support of overall IT strategic goals and synergy within IT
Office of Information Security Services
General Submission Guidelines:
In order to be considered a candidate for any job at Stevens, you must submit an online application. Please attach a cover letter and resume with each application. Other requirements for consideration may depend on the job.
Please reference AcademicKeys.com in your cover letter when
applying for or inquiring about this job announcement.
Please see the job description for contact details
pertaining to this university job announcement.
Refer this job to a friend or colleague!
New Search |