Information Security Engineer

Babson College is a world-class business school, empowering entrepreneurial leaders to create great economic &amp; social value. It's an exciting launch pad for anyone who wants to make a real impact in higher education. We provide everything you need to achieve your goals, including learning opportunities, outstanding benefits, rich rewards, wellness programs, &amp; a genuine dedication to creating a diverse, multicultural &amp; inclusive community. <br /><br />To view all open staff positions, click <a href="" target="_blank" title="Babson College Staff Positions" rel="noopener noreferrer">here</a>.

Babson Park, MA

Babson College

<p><strong>We&rsquo;re all different.</strong></p> <p><strong>We&rsquo;re all Babson.</strong></p> <p class="p1">All Babson College faculty and staff authorized to work on campus must be fully vaccinated against COVID-19, <a href=""><span class="s1">including any appropriate boosters</span></a>. Proof of vaccination upon hire is required or within 21 days of becoming eligible for a booster. Contact <a href="">Human Resources</a> for medical accommodation or religious exemption requests.</p> <p class="p1">Babson College is a world-class business school, empowering entrepreneurial leaders to create great economic and social value - everywhere. You&rsquo;ll find a collaborative, collegial team environment designed to include and motivate every individual. It&rsquo;s a rewarding workplace &ndash; an exciting launch pad for anyone to make a real impact in higher education. We provide everything you need to achieve your goals, including learning and development opportunities, outstanding benefits, rich rewards, wellness programs, and a genuine dedication to creating a diverse, multicultural and inclusive community.</p>

keywords: job description,security,assist,technical,leadership,strategy,review,other duties,education & experience,knowledge, skills & abilities,systems,interpersonal,initiative,proficiency,covid-19

Full time

Overview: <br />The IT Security Engineer is a member of the Office of Information Security and performs a variety of activities in the monitoring, assessment, response of, and recovery from, cybersecurity risks. This role responds to cybersecurity events and incidents and escalates as needed. Leads the monitoring, identification, response, and remediation of the security infrastructure. Specific responsibilities include monitoring security event logs and data; acting as a primary resource to the department for security-related configurations and architecture discussions, and in the deployment and configuration of cybersecurity applications; guiding and responding to Penetration Testing and vulnerability scanning activity; providing relevant and clear metrics and KPIs on the security program to the CISO (and, in the absence of the CISO, the CIO).
Responsibilities: <br /> <ul> <li>Responsible for identifying threats to the environment, strategy, and implementation guidance to other operations and engineering teams. Works to build and maintain a secure scalable environment of integrated global networks, applications, and related systems.</li> <li>Performs periodic risk and vulnerability scans, assessments, and reviews; application and infrastructure audits. Manages network penetration tests; plans and creates penetration testing plans and toolkits. Performs hands-on penetration testing and manages external engagement resources to conduct penetration test activities. Presents findings and remediation guidance to relevant stakeholders, and manages resolution plans.</li> <li>Determines infrastructure, application, and cloud security requirements, procedures, and policies; defines and implements security controls.</li> <li>Responsible for protecting College constituents and critical assets through management of access control and data security functions.</li> <li>Assists in the design implementation, modification, and administration of identity and access management and account provisioning systems, two-factor authentication systems and single sign-on systems, connections to Cloud services, and other production or legacy application systems environments.</li> <li>Participates in data governance and data retention strategies and controls, in collaboration with the strategy set by the CISO.</li> <li>Participates in the design of information security policy, education, training, and awareness activities; monitors compliance with the College&rsquo;s security policy and applicable laws; participates in the coordination of investigations and reporting of security incidents.</li> <li>Monitors security systems, SIEM, log files, packet captures, and network flows directly or through liaison with manage service providers to detect cybersecurity events, respond to threats, manage incidents as they arise and structure organizational Incident Response.</li> <li>Performs endpoint incident detection and network incident detection and manages security systems (EDR, AV, etc.).</li> <li>Responds to incidents involving malware; network-based attacks, SIEM, firewall, IDS and IPS, cloud, and data loss prevention events.</li> <li>Leads project team meetings, reviews action plans and tracks project milestones. Summarizes and clearly communicates complex information in written and oral formats to colleagues, internal and external stakeholders, and clients.</li> <li>Trains, mentors, and leverages the skills of others (including business partners and technical team members) to ensure timely and effective support for the Information Security Office.&nbsp;</li> <li>Participates in vendor and new technology evaluations.</li> <li>Performs vulnerability assessments and remediations.</li> <li>May represent the Information Security Office by sitting on inter-departmental and College-wide committees when appropriate.</li> <li>Assumes additional responsibilities as required.</li> </ul>
Requirements: <br /> <p><strong>WHAT EDUCATION AND SKILLS YOU WILL NEED:</strong></p> <p>&nbsp;</p> <ul> <li><strong>Bachelor&rsquo;s Degree</strong></li> <li><strong>A minimum of 5+ years of experience in business administration, auditing, and information security-related OR systems integrations fields (with a strong understanding of security concepts).</strong></li> <li>Must possess a significant level of <strong>operational cybersecurity expertise, demonstrate an in-depth knowledge of cybersecurity concepts, practices, and policies</strong>; experience working in heterogeneous technology environments; participating in systems integrations; troubleshooting complex issues; and monitoring an environment that includes on-premise, co-located, hosted, and cloud architectures.</li> <li>Ability to <strong>manage and maintain a disparate suite of security solutions. Knowledge of secure software development life cycles and methodologies.</strong></li> <li>Must be meticulous, detail-oriented, and <strong>have excellent organizational, administrative, and interpersonal skills.</strong></li> <li>Ability to <strong>produce, maintain, and analyze security logs (Intrusion Detection/Prevention Systems), firewalls, antivirus, and incident reports</strong>, work and troubleshoot in a technical environment.</li> <li><strong>Solicits and gathers technical details and requirements</strong> contributing to establishing project milestones, tasks, and goals.</li> <li>Maintains a <strong>constructive, team-oriented, and customer-focused attitude</strong>. Provides a high level of customer service at all times.</li> <li>Ability to<strong> work independently and creatively, </strong>learn quickly<strong>, and solve complex problems in high-pressure situations.</strong></li> <li><strong>Experience with a variety of different systems, platforms, security frameworks, and tools</strong> (Such as: CIS, NIST, AWS/AZURE and/or cloud security, ITIL, IAM or accounting provisioning software, vulnerability assessment tools, Microsoft 365 and Google Suite, SQL, LDAP, LAPS, and active directory management, Linux, Red Hat, and related OS, Python, Perl, Batch, CSS, XML, JSON, and PHP).&nbsp;</li> <li>Envisions and proposes new methods to perform tasks that support ET&amp;A; <strong>takes thoughtful risks</strong>; and accepts new and ongoing initiatives, objectives, and solutions to gain sought-after results.</li> <li><strong>Anticipates and embraces change</strong>; demonstrates willingness to achieve, acquire, and utilize new skills and challenging tasks; and is flexible in changing conditions.</li> </ul> <p>&nbsp;</p> <p>&nbsp;</p> <p><strong>HOW AND WHERE YOU WILL WORK:</strong></p> <ul> <li>All Babson College faculty and staff authorized to work on campus must be fully vaccinated against COVID-19<strong>, </strong><strong><a href="" target="_blank" rel="noopener noreferrer">including any appropriate boosters</a>. Proof of vaccination upon hire is required or within 21 days of becoming eligible for a booster. Contact <a href="" target="_blank" rel="noopener noreferrer">Human Resources</a> </strong><strong>for</strong> medical accommodation or religious exemption requests.</li> <li>Potential for on-call responsibilities.</li> </ul> <p><strong><br />ADDITIONAL SKILLS YOU MAY HAVE:</strong></p> <p>&nbsp;</p> <ul> <li>CISM, GIAC or CISSP certifications preferred.</li> <li>Familiarity with compliance themes is preferable, including but not limited to legal requirements such as 201 CMR 17.00, FERPA, NIST, as well as industry standards that govern software lifecycles.</li> <li>Previous experience in higher education preferred.</li> </ul>