Senior Security Engineer

The Senior Security Engineer will be responsible for identifying potential threats to the IT infrastructure, recommending enhancements accordingly and implementing those technologies. The senior security engineer provides support to ensure applicable information protection policies, procedures, guidelines, and best practices are followed. Performs Security Risk Assessments (SRAs) and compliance reviews to ensure applications and services are operating in accordance with established policies and procedures. Educates stakeholders in the assessment process and leads both pre- and post-assessment meetings.

Duties and Responsibilities:

• Serve as a security expert in networks, endpoints, and enterprise applications efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
• Manage vulnerability assessments on various types of networks and topologies;
• Execute risk and vulnerability assessments and remediation activities.
• Conduct penetration testing on IT infrastructure.
• Analyze output from network vulnerability assessments, recommend mitigation strategies and resolve any security incidents through work with pertinent business departments.
• Review and provide feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs, as applicable;
• Review and provide input into networks and endpoints designs to ensure compliance with security and enterprise architecture.
• Review in-house and 3rd-party applications/code for security vulnerabilities and best practices.
• Build/enhance security architecture and configure networks and endpoints to enhance the security posture of the enterprise.
• Research, design, and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
• Participate in Software Development Lifecycle: code review, QA security testing, launches, etc.
• Develop and/or implement automated security testing tools where possible.
• Participate in the development of security-related tools and applications, such as multi-platform cookie-based authentication and internal security libraries/frameworks.
• Train engineers on common security problems and best practices for writing secure code.
• Performs hands-on testing of applications, as well as building and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practices.
• Lead and execute projects on our security roadmap.
• Adhere to existing risk management frameworks, such as COBIT, ITIL, and ISO 27002.
• Participate in managing incident response for network security events.
• Develop and maintain IT security policies.
• Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branch.

Skills:

• Basic skills needed include:
• Secure solutions development
• Middleware security
• N-tier apps dev infrastructure
• Compliance PCI, GLB, GLBA, CMMC. GDPR, etc.
• Risk management and security risk assessments
• Code review, reverse engineering
• API's and protocols
• Authentication and authorization. SSO (Single Sign On), MFA (Multi-Factor Auth.).
• Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.)
• Recognized as a strategic thinker and is results oriented
• Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with an IT and other functional support groups with minimal guidance
• Demonstrated successful experience in a customer-facing role
• Demonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitation
• Demonstrated effective time management, organizational and documentation skills

Education & Experience Requirements:

• 7 years or more of professional experience in IT security including security policy development, security architecture models, and information security regulatory compliance
• Must have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and the interest and experience to work on security policy and architecture
• Hands-on experience with the following technologies: enterprise system administration across multiple operating systems, IPS management (i.e., Cisco ASA, Palo Alto, TrendMicro), vulnerability scanning applications, Splunk
• Experience in engineering and enterprise system administration roles.
• Experience developing a standard set of metrics that measure our security posture on a monthly/weekly basis.
• Proven experience developing security policies, procedures, risk registers and incident response plans
• Intermediate to advanced knowledge of information security concepts.
• Experience with one or more applications development languages such as Python, Go, Ruby on Rails, Java, C/C++, .NET.
• Solid knowledge of and experience with secure web architectures, tools and processes
• Knowledge of network architecture and design, network Security, wireless Security and client/server security. Very strong computer networking skills and understanding of networking protocols.
• Security of virtual machine environments is highly desirable.
• Expert knowledge and hands-on experience of vulnerability assessment/network discovery and associated tools
• Understands infrastructure monitoring
• Expert in securing Linux and Windows systems.
• Experience with various types of firewalls and technologies
• Demonstrated process improvement experience
• Previous application development experience is very helpful for secure code reviews
• Hands-on experience using multiple Amazon Web Services and Azure technologies to support an enterprise environment.
• Prior experience as a team lead or role mentoring junior team members.
• Experience with threat detection and incident management for web applications

Certifications:

• Possessing at least one professional security certification such as CISSP, CISM, CISA or similar.

Preferred Experience Requirements:

• Education: Bachelor's Degree

All submissions should include a cover letter and resume.

The University of Maryland Global Campus (UMGC) is an equal opportunity employer and complies with all applicable federal and state laws regarding nondiscrimination. UMGC is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, ancestry, political affiliation or veteran status in employment, educational programs and activities, and admissions.

Workplace Accommodations:

The University of Maryland Global Campus Global Campus (UMGC) is committed to creating and maintaining a welcoming and inclusive working environment for people of all abilities. UMGC is dedicated to the principle that no qualified individual with a disability shall, based on disability, be excluded from participation in or be denied the benefits of the services, programs, or activities of the University, or be subjected to discrimination.

Benefits Package Highlights:

• Generous Time Off: Enjoy 22 days of paid vacation, 15 days of sick leave, 3 personal days, and 15 paid holidays (16 during general election years). For part-time employees, time off rates will be prorated based on the number of hours worked.
• Comprehensive Health Coverage: Access to health care, medical with vision, dental, and prescription plans for both individuals and families, effective from the 1st of the month following your hire date.
• Insurance Options: Term Life Insurance, Accidental Death and Dismemberment Insurance, and Long-Term Disability (LTD) Insurance. Part-time employees working less than 0.5 FTE are not eligible for LTD.
• Flexible Spending Accounts: Available for medical and dependent care expenses.
• Retirement Plans: Choose between the Optional Retirement Program (ORP) or the Maryland State Retirement and Pension System (MSRPS).
• Supplemental Retirement Plans: include 401(k), 403(b), 457(b), and various Roth options. The university does not provide matching funds.
• Tuition Remission: Immediate availability for Regular Exempt Staff. Spouses and dependent children are eligible for undergraduate tuition remission after two years of service. NOTE: For part-time employees (at least 50