Cybersecurity Engineer-Research
Auburn University
Auburn, AL
ID: 7252639
Posted: 3 months ago
Application Deadline: Open Until Filled
Job Description
Job Summary
The Office of the Vice President for Research and Economic Development is excited to begin the search for a Cybersecurity Engineer – Research, within the Department of Research Security Compliance.
Responsibilities include: planning, engineering, developing, implementing, and compliance monitoring of organization-wide research programs including, but not limited to, Controlled Unclassified Information (CUI) management; Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System (REDCap); and Electronic Research Administration (ERA). Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards; developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems; and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets.
About Auburn: At Auburn, our work changes lives. Ranked by U.S. News and World Report as a premier public institution, Auburn University is dedicated to shaping the future of the people of Alabama, the nation, and the world through forward-thinking education, life-enhancing research, scholarship and selfless service. Auburn is nationally recognized for its commitment to academic excellence, community outreach, positive work environment, student engagement, and thriving community.
Why employee choose Auburn: Auburn University was named by Forbes Magazine as one of the State of Alabama’s best employers, with employees staying an average of ten years. Employees enjoy competitive benefits that include top-notch health insurance, generous retirement plans, tuition assistance for employees and dependents, flexible spending accounts and more! Learn more about Auburn’s impact, generous employee benefits, and thriving community by visiting aub.ie/working-at-auburn. Auburn University is committed to a diverse and inclusive campus environment. Visit www.auburn.edu/inclusion to learn more about our commitment to expanding equity and inclusion for all. Under general supervision of the Cybersecurity Research manager, responsible for the planning, engineering, developing, implementing, and compliance monitoring of organization-wide research programs including, but not limited to, Controlled Unclassified Information (CUI) management; Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System (REDCap); and Electronic Research Administration (ERA). Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards; developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems; and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets.
Essential Functions
Monitors real-time data, discovers security events, analyzes qualified incidents, executes documented resolutions for common incidents, recommends remediation steps for new incidents, and escalates major security incidents for the Research Security Enclave.
Provides assistance with governance, risks, and compliance by
Coordinating the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Auburn University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53.
Assisting with risk analysis and risk management
Assisting with security and compliance reviews
Preparing and maintaining system security plans (SSPs) for various research projects on campus
Creates and manages standard operating procedures (SOPs) for various projects.
Assists with communication, reporting, and alerting on general information security issues as well as on specific assignments within Information Security tool sets of the Research Security Enclave.
Develops scripts and tooling to verify security platforms and automate security team operations.
Implements and evaluates new technology deployments, integration testing, information security products, services, and procedures to enhance productivity and effectiveness while maintaining compliance.
Provides assistance for the Research Security Enclave, to include
Network security
Maintaining cybersecurity firewalls and web application firewalls for on-premise network and cloud environments that support research
Managing security monitoring systems for network server, firewall, and network anomalies within the Research Security Enclave
Maintaining infrastructure designs of current and future network designs and incorporating appropriate mitigation of existing and emerging threats
Assisting with identifying security design gaps in existing and proposed network architecture and recommending changes and enhancements.
Stays fully informed of current security information and issues, as well as regulatory changes affecting industry research and higher education at the state and national level. Engages in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Minimum Qualifications
Minimum Qualifications
Bachelor’s degree in Computer Science, Engineering, Computer Information Systems, or related field and 5 years of relevant experience OR
Associate’s degree and 9 years of relevant experience OR
High School diploma and 13 years of relevant experience.
*Experience – Demonstrated Cybersecurity experience, Governance, Risk and Compliance (GRC).Relevant IT experience in administering security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Minimum Skills, License, and Certifications
Minimum Skills and Abilities
Knowledge of generally accepted information/cyber security principles and practices with the ability to apply that knowledge to perform complex and non-routine specialized information technology (IT) security analysis functions such as troubleshooting, advanced analysis, research, and problem-solving.
Deep understanding of NIST 800-53 and NIST 800-171 framework and controls.
Knowledge of Cybersecurity Maturity Model Certification framework.
Must have team leadership skills, negotiation skills, and advanced client relation skills.
Ability to remain up-to-date with privacy and security regulations.
Ability to recognize, analyze, and solve a variety of problems.
Ability to effectively communicate technical concepts to a non-technical audience.
Externally imposed deadlines; set or revised on short notice; frequent shifts in priority; numerous interruptions requiring immediate attention; unusual pressure on a daily basis due to accountability for success for major projects or areas of operation.
Minimum Technology Skills
Minimum License and Certifications
Desired Qualifications
Desired Qualifications
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or CompTIA Advanced Security Practitioner (CASP) is desired. Other certifications from recognized vendors (EC-Council, GIAC, etc.) will be considered.
United States Government Security Clearance is desired, but not required.
The Office of the Vice President for Research and Economic Development is excited to begin the search for a Cybersecurity Engineer – Research, within the Department of Research Security Compliance.
Responsibilities include: planning, engineering, developing, implementing, and compliance monitoring of organization-wide research programs including, but not limited to, Controlled Unclassified Information (CUI) management; Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System (REDCap); and Electronic Research Administration (ERA). Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards; developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems; and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets.
About Auburn: At Auburn, our work changes lives. Ranked by U.S. News and World Report as a premier public institution, Auburn University is dedicated to shaping the future of the people of Alabama, the nation, and the world through forward-thinking education, life-enhancing research, scholarship and selfless service. Auburn is nationally recognized for its commitment to academic excellence, community outreach, positive work environment, student engagement, and thriving community.
Why employee choose Auburn: Auburn University was named by Forbes Magazine as one of the State of Alabama’s best employers, with employees staying an average of ten years. Employees enjoy competitive benefits that include top-notch health insurance, generous retirement plans, tuition assistance for employees and dependents, flexible spending accounts and more! Learn more about Auburn’s impact, generous employee benefits, and thriving community by visiting aub.ie/working-at-auburn. Auburn University is committed to a diverse and inclusive campus environment. Visit www.auburn.edu/inclusion to learn more about our commitment to expanding equity and inclusion for all. Under general supervision of the Cybersecurity Research manager, responsible for the planning, engineering, developing, implementing, and compliance monitoring of organization-wide research programs including, but not limited to, Controlled Unclassified Information (CUI) management; Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System (REDCap); and Electronic Research Administration (ERA). Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards; developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems; and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets.
Essential Functions
Monitors real-time data, discovers security events, analyzes qualified incidents, executes documented resolutions for common incidents, recommends remediation steps for new incidents, and escalates major security incidents for the Research Security Enclave.
Provides assistance with governance, risks, and compliance by
Coordinating the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Auburn University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53.
Assisting with risk analysis and risk management
Assisting with security and compliance reviews
Preparing and maintaining system security plans (SSPs) for various research projects on campus
Creates and manages standard operating procedures (SOPs) for various projects.
Assists with communication, reporting, and alerting on general information security issues as well as on specific assignments within Information Security tool sets of the Research Security Enclave.
Develops scripts and tooling to verify security platforms and automate security team operations.
Implements and evaluates new technology deployments, integration testing, information security products, services, and procedures to enhance productivity and effectiveness while maintaining compliance.
Provides assistance for the Research Security Enclave, to include
Network security
Maintaining cybersecurity firewalls and web application firewalls for on-premise network and cloud environments that support research
Managing security monitoring systems for network server, firewall, and network anomalies within the Research Security Enclave
Maintaining infrastructure designs of current and future network designs and incorporating appropriate mitigation of existing and emerging threats
Assisting with identifying security design gaps in existing and proposed network architecture and recommending changes and enhancements.
Stays fully informed of current security information and issues, as well as regulatory changes affecting industry research and higher education at the state and national level. Engages in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Minimum Qualifications
Minimum Qualifications
Bachelor’s degree in Computer Science, Engineering, Computer Information Systems, or related field and 5 years of relevant experience OR
Associate’s degree and 9 years of relevant experience OR
High School diploma and 13 years of relevant experience.
*Experience – Demonstrated Cybersecurity experience, Governance, Risk and Compliance (GRC).Relevant IT experience in administering security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Minimum Skills, License, and Certifications
Minimum Skills and Abilities
Knowledge of generally accepted information/cyber security principles and practices with the ability to apply that knowledge to perform complex and non-routine specialized information technology (IT) security analysis functions such as troubleshooting, advanced analysis, research, and problem-solving.
Deep understanding of NIST 800-53 and NIST 800-171 framework and controls.
Knowledge of Cybersecurity Maturity Model Certification framework.
Must have team leadership skills, negotiation skills, and advanced client relation skills.
Ability to remain up-to-date with privacy and security regulations.
Ability to recognize, analyze, and solve a variety of problems.
Ability to effectively communicate technical concepts to a non-technical audience.
Externally imposed deadlines; set or revised on short notice; frequent shifts in priority; numerous interruptions requiring immediate attention; unusual pressure on a daily basis due to accountability for success for major projects or areas of operation.
Minimum Technology Skills
Minimum License and Certifications
Desired Qualifications
Desired Qualifications
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or CompTIA Advanced Security Practitioner (CASP) is desired. Other certifications from recognized vendors (EC-Council, GIAC, etc.) will be considered.
United States Government Security Clearance is desired, but not required.