Information Security Engineer - Tufts Technology Services - (17001508)
Viewing technology in the context of work, scholarship and campus life, Tufts Technology Services (TTS) is a university-wide service organization committed to delivering technology services that support Tufts' mission of teaching, learning, research, and service. Understanding that IT enables innovation, TTS prioritizes holistic, human-centered design strategies to create timely and intuitive services, applications and tools that differentiate the Tufts experience.
Across our diverse and creative teams, we engage and focus our collective talent to strengthen Tufts' strategic IT capabilities. To keep pace with our community's emerging needs, we continue to evolve our competencies across four main families of practice, including Planning and Design, Service Delivery and Operations, Data Strategy, and Academic Technology.
Thinking and acting strategically with technology occurs through strong partnerships and an engaged community. Additionally, for technologies to take on integral meaning to our work, we also need reliable and consistent support in using them. With staff across all of Tufts' campuses, as well as a 24x7 IT Service Desk, we collaborate with schools and divisions to meet the demands of a global, mobile community and to enable the broadest possible access.
Come join our collaborative, flexible work environment, where leadership is valued at all levels of the organization, and opportunities abound to work with leading technologies and learn new skills.
The Information Security Engineer works with the Associate Director of IS Engineering & Risk Management to oversee our security technologies and develop programs and technologies to manage and mitigate Information Security and compliance risks to Tufts University. Information Security is one of the TTS directorates in the Data Strategy family of practice charged with providing University-wide information security services that invite and empower the Tufts community to be proactive by thinking, working, and acting securely. This position will be responsible for all building and maintenance of the suite of Information Security tools, the effectiveness of the Information Security architecture (maintained inside/outside the Information Security directorate), engineering needed solutions, and assessing threats and risks. This position is also responsible for the engineering lifecycle from design through production including training security operations on these tools. In addition, this position will be responsible for security consulting for projects and programs, and creating/maintaining documentation on the IT security architecture and processes.
3+ years of experience in Information Technology preferably as a systems administrator for Windows and/or Linux.
Familiarity administering server based operating systems through command line interface.
1+ years of experience with Information Security with implementing and administering security technologies (experience can be concurrent).
Experience with security technologies such as firewalls, IDS, antivirus, anti-spam, vulnerability scanning tools, and with systems administration for Windows and/or Linux.
Familiarity with security monitoring, SEIMs, and log analysis (triage and incident analysis).
Strong customer service skills and the ability to work effectively with business clients, operations staff, and other IT departments.
Familiarity with national and international regulatory compliance frameworks such as HIPAA, PCI DSS, FERPA, ISO27001/2, Data Privacy, and NIST.
Experience in creating documentation and performing training.
Strong IT troubleshooting capabilities.
Excellent time management skills, strong sense of urgency, and driven to get results.
Comfortable balancing risk, protection, and business needs with the ability to remain calm and effective under stress.
Master's degree or similar advanced, graduate degree.
Knowledgeable of SQL and NoSQL database technologies.
Knowledgeable of open-source and real-time distributed search and analytics engines.
Knowledgeable of typical attack methods and mitigation strategies.
Knowledgeable of related technologies such as routers/switches, DNS and DNS filtering, AD/LDAP/ADFS,MFA, APT tools, and forensic investigation tools.
Experience conducting security risk reviews of vendors.
Basic knowledge of ITIL.
Experience in project management.
Certifications are a plus such as CISSP, CISM, SSCP, CCFP, CSSLP, GSEC, GCIH, GCIA, GCFA, GPEN, GCFE, GSNA, GREM, EnCE, EnCEP, etc.
Familiarity with non-profit or academic environments.
Special Work Schedule Requirements: Occasional evening or weekend work, as well as the ability to participate in a 24x7 on call rotation for major incident support activities.
An employee in this position must complete all appropriate background checks at the time of hire, promotion, or transfer.