Internet2, a non-profit organization, provides high-performance networking, trust and identity infrastructures, cloud services brokering, and related services to its research and education member institutions and beyond. Internet2 represents an exceptional partnership spanning U.S. and international institutions that are leaders in the worlds of research, academia, industry and government. The organization is an equal opportunity employer and welcomes and seeks diverse candidates for all of its positions.
InCommon, the Internet2-community developed identity federation, provides the U.S. higher education and research community with the common framework for trustworthy access to online resources. InCommon facilitates the development of community-based common trust fabrics – SAML Federation, Certificate Services, and other services and activities – that enable participants to access protected online resources. For more information about InCommon visit www.incommon.org.
The Trust and Identity Services Security Lead and Systems Administrator acts as part of a highly collaborative cross-functional technical service delivery team to securely, reliably and scalably deliver mission critical InCommon and related Internet2 Trust and Identity IT Services to InCommon’s customers. The position reports to the Director of Technology and Strategy, InCommon and works closely with the Trust and Identity Services DevOps Manager to address operational and security-related technical service delivery needs in the InCommon Federation, Certificate, eduroam and other services. The position collaborates with Internet2 technical architects, Internet2 project managers, and colleagues in Internet2’s Technical Services Group to design, develop, implement and deliver InCommon services including the SAML federation and other related service components.
The Security Lead and Systems Administrator works in the hands-on, day-to-day implementation, maintenance, troubleshooting, and technical delivery of services which InCommon operates, and is the primary person responsible for ensuring the security of the services that InCommon offers. The successful candidate will have experience delivering highly secure services in a complex IT environment. The position requires a high degree of collaboration with community groups including the InCommon participant community, and security advisory committees, frequently participating in efforts to meet requirements defined by these national and international groups. The position requires a background in IT security, familiarity with standard systems administration tasks as well as some familiarity with working in a “DevOps” environment, where systems engineers, architects and developers collaborate to deliver services using modern, collaborative approaches.
Areas of work include:
- Risk Management - Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range.
- Compliance - Determine applicability and scope of various regulations; interpret and implement technical requirements to ensure compliance.
- Incident Response - Carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities.
- System and Application Hardening - Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws.
- Network Monitoring and Protection - Detect and prevent intrusions using IDS/IPS tools; Implement firewall policies and monitor effectiveness.
- Vulnerability Management - Detect and/or assess the impact of reported vulnerabilities; implement mitigation strategies based on severity.
- Subject Matter Expert - Participate as an information assurance subject matter expert in the analysis and design of new systems and services; Participate in the design, implementation, and continuous improvement of security service offerings.
This staff position is full-time, ideally based in Ann Arbor, MI, Denver CO, West Hartford CT, Emeryville CA, or Washington, DC. Other locations will be considered. The job requires some schedule flexibility, ability to travel up to 20% of the time for work, and to act as part of a 24x7x365 shared on-call rotation with other staff members in support of Internet2 Trust and Identity services.