Description:
The Senior Information Security Engineer (SISE) is responsible security tool implementation and administration and for monitoring, investigation, response and support tasks related to the operation of the University's information security program with a primary focus on compliance areas by:
- Monitoring and responding to network intrusion, system log, and vulnerability alerts raised by automated detection systems, internal & external reports and manual investigation
- Executing incident response procedures and Information Security Office (ISO) processes to identify computer security incidents, contain intrusions and recommend options for eradication & recovery all the while effectively communicating with both internal and external customers and escalating as necessary
- Monitoring threat intelligence sources to provide documentation and community announcements for current security & abuse issues
- Coordinating threat mitigation and response efforts
- Assisting campus IT personnel technically and procedurally with incident handling, threat mitigation, and E-Discovery requests
- Investigating incident root cause & scope using host and network based forensics when called for by the incident response plan
- Providing technical guidance and assessment of control requirements for compliance areas such as HIPAA, FISMA, PCI-DSS, GLBA, DFARS, and NCBI research data access.
- Participating in projects within the ISO to improve and automate processes and tools through evaluation, implementation and/or development as well as providing consulting across the division and campus
- Handling service support requests for certificate authority, vulnerability scanning, data loss protection and endpoint security
- Working with University Counsel to obtain, interpret and search forensic evidence for legal cases and subpoena compliance (E-Discovery)
- Participating in 24x7 on call rotations for intrusion monitoring, incident response and infrastructure maintenance which may necessitate coming to campus at off-hours
- Sharing responsibility for maintaining documentation on all incidents and job related procedures
- Working with other groups in the division to secure infrastructure and implement security controls supporting primarily compliance areas
- Potentially assessing systems for vulnerabilities in design and implementation as well as penetration testing of hosts and client/server & web applications as required by various compliance areas