Security Engineer - IT Solutions

TITLE

Security Engineer

JOB SUMMARY

The Security Engineer is responsible for university-wide information protection (IP), which includes data loss protection (DLP) and data classification. The position will design, implement, monitor, and evaluate the security systems that protect the university's computer systems and data. As a member of the IT Solutions (ITS) team, the Security Engineer is expected to uphold the division's mission to "empower an agile, digital university and elevate technology as a strategic institutional asset" and contribute positively to a collaborative, human-centered, innovative, accountable, transparent, and inclusive culture within ITS.

ORGANIZATIONAL RELATIONSHIPS

Reports to: Associate Director, Information Security

Supervises: No supervisory responsibilities

ESSENTIAL DUTIES - May include, but not limited to the following:

Information Security Management (90%)

• Plans, implements, and upgrades security measures and controls.

• Manages Identity and Access Management (IAM), and the protection of user identities, for all internal and external users (guests).

• Conducts vulnerability scanning and remediates vulnerabilities in a timely manner.

• Maintains and monitors security information and event management (SIEM) systems for real-time analysis of security alerts generated by applications and network hardware.

• Protects digital files and information systems against unauthorized access, modification or destruction.

• Conducts internal and external security audits.

• Manages intrusion detection and prevention systems.

• Documents and analyzes security breaches to determine their root cause and recommends appropriate countermeasures.

• Conducts and/or participates in security risk assessments, and coordinates security plans with outside vendors.

• Advises on and/or participates in the creation of security training, policies, and tools, including proper anti-virus/anti-malware protection for computing and end-user platforms.

• Provides high quality and timely IT security support, including responding to incident/ problem tickets and troubleshooting errors and issues related to overall cybersecurity.

ADDITIONAL DUTIES

Participation & Support (10%)

• Maintains awareness of current practices and future trends in network security, data loss prevention (DLP), intrusion detection & prevention, cloud security, and cybersecurity best practices.

• Represents IT Solutions and participates in the campus community by serving on working groups, project teams, and university committees.

• Performs other duties as requested.

EDUCATION

Bachelor's degree required. Additional job-related experience may substitute for the required education on a year-for-year basis.

EXPERIENCE

Three years of relevant experience information or cyber security. Additional job-related education may substitute for the required experience on a year-for-year basis.

REQUIREMENT

Regular and reliable attendance at the University during regular scheduled days and work hours is an essential function of this position. Work is performed under general supervision and performance is based on the effective completion of assignments and results obtained. The performance evaluation is conducted through the performance evaluation system and in accordance with the University Policies & Procedures.

All employees share the responsibility of maintaining information security and privacy requirements within the university by adhering to Federal and State regulations, and TWU Policies & Procedures.

KNOWLEDGE, SKILLS, AND ABILITIES - The following are essential:

• Ability to maintain the security and integrity of the infrastructure.

• Experience with security assessments of network infrastructure, hosts, and applications.

• Ability to perform vulnerability and risk assessments on business processes and functional areas.

• Strong written and oral communication skills (including ability to present ideas in user-friendly, business-friendly and technical language) and interpersonal skills with a focus on rapport-building, listening and questioning skills.

• Proven analytical and problem-solving abilities, including ability to anticipate, identify, and solve critical problems.

• Ability to build effective relationships and strong commitment to working collegially and collaboratively with constituents at all levels in a diverse and distributed environment.

• Ability to use a personal computer and other office equipment, including related university software and email.

Additional/Desirable Skills & Abilities

• CompTIA Security+, (ISC)² Systems Security Certified Practitioner (SSCP), or (ISC)² Certified Authorization Professional (CAP) certification.

• Understanding of penetration testing of applications and infrastructure.

• Experience with investigation and analysis of information breaches.

• Knowledge of an information security framework like ISO27001, NIST 800-53, or NIST 800-171.

• Experience in a higher education setting.

• Familiarity with Texas Administrative Code (TAC 202).

PHYSICAL DEMANDS

The physical demands described in the Essential Duties and below are representative of those that must be met by an employee to successfully perform the essential duties of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

The employee may be required to travel. May be required to work a flexible schedule, including nights, weekends and holidays.

WORK ENVIRONMENT

All employees are responsible for maintaining an environment that is free from discrimination, intimidation, harassment, including sexual harassment. Work is normally performed in a typical interior work environment.

SAFETY

TWU promotes a safe working environment. Employees are responsible for completing assigned tasks safely and efficiently, and supervisors are responsible for creating and maintaining a safe work environment. Employees must report any unsafe work conditions or practices, as well as any near-miss incidents, to their supervisor and Risk Management. Supervisors and employees should ensure that injury/accident reports are submitted to the Office of Human Resources and Risk Management within 24 hours of the incident.

The job description does not constitute an employment agreement between the employer and employee and is subject to change by the employer as the needs of the employer and requirements of the job change.

Texas Woman's University, an AA/EEO employer, provides equal opportunity to all employees and applicants for employment and prohibits discrimination on the basis of race, color, national origin, religion, gender, age, disability, veteran status, sexual orientation, or any other legally protected category, class or characteristic.

All offers of employment will be contingent on the candidate's ability to provide documents which establish proof of identity and eligibility to work in the United States. Positions at Texas Woman's University deemed security-sensitive require background checks and verification of all academic credentials.

If you are a male between the age of 18 and 25, federal law requires that you must be registered with the U.S. Selective Service System, unless you meet certain exemptions under Selective Service law. Under HB 558, enacted by the 76th Texas State Legislature, if you are currently of the age and gender requiring registration with Selective Service, but knowingly and willfully fail to do so, you are ineligible for employment with an agency in any branch of Texas state government. For additional information regarding registration or status, you can contact the Selective Service System at 847-688-6888 or www.sss.gov.