The Information Security Engineer reports to the Information Security & IT Compliance Officer (CISO) and works to build upon, and to mature, the information security program at client. The Information Security Engineer is responsible for working with the CISO to identify areas for improvement, assist with formulating strategy, and to execute the strategy. This role involves coordination and collaboration with other members of the Information Technology department, research teaching and administrative departments, as well as affiliated Academic Medical Centers. The Information Security Engineer will take the lead on multiple projects to identify, mitigate and remediate information security risks to client, its data, and IT infrastructure. This role is responsible for helping to educate the client, Longwood Medical Area, and larger community about Information Security, risk, and security practices that are appropriate to a highly complex educational and research environment. This includes creating and giving presentations, facilitating classes on Information Security, organizing information security awareness campaign materials, and helping to create other training materials. The Information Security Engineer will consult with technical teams on the secure configuration of IT and physical assets, including cloud deployments, as well as improve logging and monitoring, conduct incident investigation, vulnerability scanning, threat hunting, forensic investigations, and work to advance these capabilities at client. This role will also play a consultative role in network and host firewall configurations, Network Access Control policies and deployment, as well as investigate, evaluate, and implement new tools to help to protect the school's assets, data, and reputation.
location: Boston, Massachusetts
job type: Contract
work hours: 8am to 4pm
PRINCIPAL DUTIES AND RESPONSIBILITIES: Test and assess systems (hardware and software) and network equipment for vulnerabilities, identify mitigation steps, and collaborate with system administrators and network engineers to remediate or mitigate vulnerabilities based on risk levels and threats
Recognize and respond to information security incidents, in partnership with IT organizations at client and hospital affiliates.
Perform digital forensics as part of incident response and in response to other community needs. Author and edit incident reports.
Track down systems for remediation based on automated alerts and threat assessment tools
Stay on top of latest developments in information security, industry trends, security risks, and best practices.
Lead evaluation and deployment of new tools and techniques to better secure client's data and IT related assets. Act as an internal consultant on security-related matters to faculty, and staff. Coordinate and perform security-related awareness campaigns and educational exercises. Closely align and coordinate activities with co-workers in client's Information Security organization.
Help to foster a local Community of Practice of information security professionals at client in the Longwood Medical Area.
BASIC REQUIREMENTS: Bachelor's degree in computer science or a related field, or 5+ years of related experience. Experience with technical project management. Experience with leading security mitigation and remediation efforts Excellent time management, organization, and planning skills. Excellent oral and written communication skills, with the ability to share information effectively and confidently to internal and external audiences of varying levels of technical knowledge. Manage multiple assigned tasks and projects under general supervision.
ADDITIONAL REQUIREMENTS: Industry certifications, such as: CISSP, CISA, or GIAC are strongly preferred Excellent interpersonal skills, including the ability to build and cultivate strong relationships and work effectively with diverse groups, including education and non-education personnel, internal and external to client
Ability to function as a trusted advisor on all matters relative to information security and risk
Working knowledge of Linux, Windows, OS X, and mobile platforms administration and security Familiarity with Splunk for building dashboards, reports, and alerts Experience using penetration testing and vulnerability scanning tools Familiar with network security concepts and technologies, such as firewalls, IDS, NAC and the ability to analyze network traffic Ability to teach and collaborate with individuals of varying skill levels
Master's degree in computer science with an emphasis in cybersecurity is preferred. This position will have a broad scope and impact across client and its affiliates, the Information Technology department, as well as other schools across the client; the candidate will focus on developing strong business partnerships and cultivating trust. Decisions can affect critical processes at client, as undetected and unmitigated threats can jeopardize systems and data that are essential to the operation of client.
DECISION MAKING: ? Demonstrated self-starter who can operate independently without supervision and ability to "ramp up" quickly in both technology and business processes ? Works inter-dependently toward overall goals and objectives by deep collaboration with the community, the IT department, other information security professionals
- Experience level: Experienced
- Education: Bachelors
- SECURITY ENGINEER
- remediation and mitigation
- vulnerabilities exp
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.