Senior Security Engineer

I. JOB OVERVIEW

Job Description Summary:

George Washington University Information Technology (GWIT) is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students, faculty, and staff with the technology and tools necessary to achieve academic excellence. This position works within GWIT and ensures collaboration with both University stakeholders and external vendors for service delivery across GW.

GWIT operates systems in a hybrid multi-cloud environment in GW data centers and commercial cloud. The Senior Security Engineer role will be a part of a team responsible for defining security requirements, supporting security architecture, implementing a secure development lifecycle, assessing information systems, recommending security best practices, providing vulnerability management and generally defining, implementing, assessing, and maintaining controls necessary to protect both physical and virtual networks, hardware, and systems in accordance with security requirements.

The Senior Security Engineer:

• Communicates institution specific and industry best practices around IT security standards to internal technical leads, and external technology solution developers, partners, and providers.
• Reports findings and assessment results to both technical staff and business stakeholders clearly and effectively.
• Provides mitigation and remediation suggestions, as appropriate.
• Supports digital transformation including appropriate automation, cloud migration, stakeholder empowerment and distributed but effective security practices.
• Performs application security and, vulnerability assessments, penetration testing, and risk analyses using tools such as Tenable One, Metasploit, Burp Suite, OWASP ZAP, sqlmap, nmap, Nessus, Rapid7, Kali Linux,
• Generates reports and summaries that note security vulnerabilities and risks based on standards and frameworks such as OWASP Top Ten, NIST 800-171, and CIS Benchmarks.
• Effectively delivers these reports to technical and non-technical staff, engineers, developers, and management at manager, director and vice presidential levels.
• Collaborates with the full IT Security team as well as application administrators, vendors, and business stakeholders, as appropriate, on the operational aspects of technical solutions.
• Advises on the appropriate flow of information regarding risk identification, treatment and acceptance within the university.
• Advises and contributes recommendations on operational aspects of security vulnerability and risk assessments for current technical solutions, transition or emerging solutions and in evaluating changes to systems and services (change management) for both on-premise and cloud solutions.
• Assists team in maintaining IT security tool and capability portfolio through engaged lifecycle management of hardware and software solutions, vendor management and budget planning activities (researching and drafting business cases in a zero based budget environment) as requested
• Contributor to the identification, creation, and documentation of security processes, network security standards and procedures for both internal runbooks as well as university wide communications and awareness.
• Acts as an escalation point for and collaborates with peers throughout the institution on technical security matters.
• Provides project management for small security projects and participates in IT projects across the university

Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.

Minimum Qualifications:

Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 5 years of relevant professional experience, OR, a Master’s degree or higher in a relevant area of study plus 3 years of relevant professional experience, OR a Bachelor’s degree in an appropriate area of specialization plus 3 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.

Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:

Cybersecurity certifications focused on security and cloud security such as Certified Cloud Security Professional (CCSP), AWS Certified Security, CompTIA Cloud+, Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Automation (GCSA), GIAC Enterprise Vulnerability Assessor (GEVA), Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) are desirable.

Preferred Qualifications:

• Demonstrated experience in application security, vulnerability assessments, vulnerability management, penetration testing, and risk analysis activities across functional business areas and information technology services.
• Experience in using security testing tools such as Burp Suite, Metasploit, Tenable One, OWASP ZAP, sqlmap, nmap, Rapid7, Kali Linux, Splunk, AWS Inspector, AWS CloudTrail, AWS GuardDuty, AWS IAM, and more
• Ability to demonstrate flexibility/adaptability in applying IT Security standards, knowledge of current best practices applicable to a given environment (higher education experience in this area a plus)
• Ability to effectively translate technical vulnerabilities into business risk terminology
• Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST 800-171, NIST 800-37, CIS Benchmarks, and more to technical and non-technical staff, developers, engineers, system/network administrators, and management
• Ability to work closely with team members and independently to deliver expected results.
• Experience within a university environment is desirable.

Hiring Range

$78,578.35 - $125,560.92

GW Staff Approach to Pay

Healthcare Benefits

GW offers a comprehensive benefit package that includes medical, dental, vision, life & disability insurance, time off & leave, retirement savings, tuition, well-being and various voluntary benefits. For program details and eligibility, please visit

II. JOB DETAILS

Campus Location:

Ashburn, Virginia

College/School/Department:

GW IT

Family

Information Technology

Sub-Family

Systems Security

Stream

Individual Contributor

Level

Level 3

Full-Time/Part-Time:

Full-Time

Hours Per Week:

40+

Work Schedule:

Monday through Friday

Will this job require the employee to work on site?

Yes

Employee Onsite Status

Hybrid

Telework:

Yes

Required Background Check:

Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search

Special Instructions to Applicants:

Employer will not sponsor for employment Visa status

Internal Applicants Only?

No

Posting Number:

S013224

Job Open Date:

08/02/2024

Job Close Date:

If temporary, grant funded or limited term appointment, position funded until:

Background Screening

Successful Completion of a Background Screening will be required as a condition of hire.

EEO Statement:

The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.