Information Security Engineer, Information Security Office (ISO)-2005545
The Information Security Office (ISO), part of Carnegie Mellon University's Computing Services, collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure. ISO services include security awareness training and presentations, information security consulting, security assessments including attack & penetration testing, incident response, and assistance Obtaining SSL Web Certificates.
We are seeking an Information Security Engineer to join our dynamic team. In this role, you are responsible for monitoring, investigation, response and support tasks related to the operation of the University's information security program. These responsibilities
Monitoring and responding to network intrusion and vulnerability alerts raised by automated detection systems, internal & external reports and manual investigation
Executing incident response procedures and Information Security Office (ISO) processes to identify computer security incidents, contain intrusions and recommend options for eradication & recovery all the while effectively communicating with both internal and external customers
Assisting campus IT personnel technically and procedurally with incident handling and E-Discovery requests
Participating in projects within the ISO to improve and automate processes and tools through evaluation, implementation and/or development as well as providing consulting across the division and campus
Investigating incident root cause & scope using host and network based forensics when called for by the incident response plan
Handling service support requests for certificate authority, vulnerability scanning, data loss protection and endpoint security
Providing documentation and announcements for security & abuse issues and current threats
Working at the direction of supervisor, Incident Response Coordinator, and/or the Director to obtain and search forensic evidence for legal cases and subpoena compliance per Office of General Counsel requests.
Participating in 24x7 on call rotations for intrusion monitoring, incident response and infrastructure maintenance which may necessitate coming to campus at off-hours
Sharing responsibility for maintaining documentation on all incidents and job related procedures
Occasionally working with other groups in the division to secure infrastructure as needed
Potentially assessing systems for vulnerabilities in design and implementation as well as penetration testing of hosts and client/server & web applications
Bachelor's degree or equivalent in experience (as evidenced by employment history, professional certification, and/or academic track record) required; Master's degree preferred
At least 3-5 years of system/software design, administration, and/or engineering experience required
Expertise with a variety of operating systems including Windows, Macintosh, and/or Linux
Ability to diagnose and respond to computer and network security incidents
Experience in obtaining forensic data in support of University Counsel and on-going incidents
Experience in providing guidance and ensure compliance with incident response procedures; evaluate security threats and applicability to a given environment;
Experience with security control services such as certificate authority, vulnerability scanning, data loss protection and endpoint security
Excellent interpersonal communication skills (both verbal and written) and excellent technical and problem solving skills throughout all duties
CISSP, GSEC, GCFE, or other information security practitioner certificates preferred
Preferred Experience: Five years or more experience in information technology and/or computer and network security in an academic environment. Prior experience working with law enforcement, fulfilling subpoena requests, maintaining chain of custody requirements and conducting host and network forensics is preferred. Familiarity with encryption tools and scripting/programming. One or more years of experience in any of security assessments/audits, penetration testing, secure application or information system design or equivalent
Preferred Skills: Strong technical skills in forensic methods, multiple operating systems and file systems (i.e. Mac, Windows and Unix), multiple databases (Oracle, MySQL,etc.), multiple data storage technologies (SAN, tape, etc.), enterprise systems (e.g. e-mail, collaboration software, ERP). Proficiency with scripting or programming languages (Ruby, Python, Perl, AutoIt, VB, C, C++, Java, etc...) Ability to perform host, network, application and database vulnerability assessment and remediation. Ability to independently conduct technical evaluations of threats and security elements of new services.
Carnegie Mellon University is a private, global research university that stands among the world's most renowned education institutions. With ground-breaking brain science, path-breaking performances, creative start-ups, big data, big ambitions, hands-on learning, and a whole lot of robots, CMU doesn't imagine the future, we invent it. If you're passionate about joining a community that challenges the curious to deliver work that matters, your journey starts here!
Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.
Time Type:Full Time
:INFORMATION SECURITY OFFICE (COMP SVCS)
Minimum Education Level:Bachelor's Degree or equivalent
Carnegie Mellon (www.cmu.edu) is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 12,000 students in the university’s seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solu...tions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon’s main campus in the United States is in Pittsburgh, Pa. It has campuses in California’s Silicon Valley and Qatar, and programs in Africa, Asia, Australia, Europe and Mexico.