The role of the Information Security Engineer is to proactively identify, promote, and implement information security best practices in Marquette University’s academic environment. The Information Security Engineer will leverage contemporary technologies to mitigate information security threats and will provide expertise, counsel, and problem resolution in the areas of network, server, database, application, and endpoint security assurance.
Duties and Responsibilities:
1. Perform security risk assessments and recommend security requirements for new and existing information technologies, systems, applications, and services. Perform vulnerability assessments against networks, systems, and applications, and work with IT Services staff to eliminate vulnerabilities found or otherwise mitigate the associated risks.
2. Aid in the development and execution of the Information Security Framework.
3. Provide technical recommendations and support for the adoption, configuration, and deployment of network and host based information security solutions and capabilities such as malware defenses, firewalls, intrusion detection and prevention, security configuration management, user and device authentication, and incident detection and response.
4. Perform application administration for information security systems to include systems configuration, integration, monitoring, operations, and troubleshooting
5. Recommend and develop security standards and configuration baselines for network-connected devices, endpoint systems, servers, applications, network equipment, and security systems. Work with technical staff responsible for the development, implementation, and administration of these systems to ensure appropriate use of secure methods and compliance with standards and baselines.
6. Lead the development and delivery of security awareness training for students, faculty, staff, and other users of College information resources.
7. Develop and maintain deep technical knowledge of security issues and protections related to network-connected devices, endpoint systems, servers, network equipment, and cloud solutions.
8. Develop and maintain deep technical knowledge of identity and access management technologies, including directory services, two-factor authentication, and federation services.
9. Apply knowledge of information security along with a deep understanding of the academic and business needs of the University to provide security-related recommendations and support to students, faculty, and staff.
10. Develop, analyze, and present scheduled and ad hoc reports, and make recommendations based on the data from various sources.
11. Develop and maintain security systems documentation.
12. Perform other duties and responsibilities as required, assigned, or requested.