George Washington University
Senior Security Engineer
George Washington University, Ashburn, Virginia, United States, 22011
JOB OVERVIEW
George Washington University Information Technology (GWIT) is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students, faculty, and staff with the technology and tools necessary to achieve academic excellence. This position works within GWIT and ensures collaboration with both University stakeholders and external vendors for service delivery across GW.GWIT operates systems in a hybrid multi-cloud environment in GW data centers and commercial cloud. The Senior Security Engineer role will be a part of a team responsible for defining security requirements, supporting security architecture, implementing a secure development lifecycle, assessing information systems, recommending security best practices, providing vulnerability management and generally defining, implementing, assessing, and maintaining controls necessary to protect both physical and virtual networks, hardware, and systems in accordance with security requirements.Responsibilities
Communicates institution specific and industry best practices around IT security standards to internal technical leads, and external technology solution developers, partners, and providers.Reports findings and assessment results to both technical staff and business stakeholders clearly and effectively.Provides mitigation and remediation suggestions, as appropriate.Supports digital transformation including appropriate automation, cloud migration, stakeholder empowerment and distributed but effective security practices.Performs application security and, vulnerability assessments, penetration testing, and risk analyses using tools such as Tenable One, Metasploit, Burp Suite, OWASP ZAP, sqlmap, nmap, Nessus, Rapid7, Kali Linux.Generates reports and summaries that note security vulnerabilities and risks based on standards and frameworks such as OWASP Top Ten, NIST 800-171, and CIS Benchmarks.Effectively delivers these reports to technical and non-technical staff, engineers, developers, and management at manager, director and vice presidential levels.Collaborates with the full IT Security team as well as application administrators, vendors, and business stakeholders, as appropriate, on the operational aspects of technical solutions.Advises on the appropriate flow of information regarding risk identification, treatment and acceptance within the university.Advises and contributes recommendations on operational aspects of security vulnerability and risk assessments for current technical solutions, transition or emerging solutions and in evaluating changes to systems and services (change management) for both on-premise and cloud solutions.Assists team in maintaining IT security tool and capability portfolio through engaged lifecycle management of hardware and software solutions, vendor management and budget planning activities (researching and drafting business cases in a zero based budget environment) as requested.Contributor to the identification, creation, and documentation of security processes, network security standards and procedures for both internal runbooks as well as university wide communications and awareness.Acts as an escalation point for and collaborates with peers throughout the institution on technical security matters.Provides project management for small security projects and participates in IT projects across the university.Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.Minimum Qualifications
Qualified candidates will hold a Bachelor's degree in an appropriate area of specialization plus 5 years of relevant professional experience, OR, a Master's degree or higher in a relevant area of study plus 3 years of relevant professional experience, OR a Bachelor's degree in an appropriate area of specialization plus 3 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.Additional Required Licenses/Certifications
Cybersecurity certifications focused on security and cloud security such as Certified Cloud Security Professional (CCSP), AWS Certified Security, CompTIA Cloud+, Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Automation (GCSA), GIAC Enterprise Vulnerability Assessor (GEVA), Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) are desirable.Preferred Qualifications
Demonstrated experience in application security, vulnerability assessments, vulnerability management, penetration testing, and risk analysis activities across functional business areas and information technology services.Experience in using security testing tools such as Burp Suite, Metasploit, Tenable One, OWASP ZAP, sqlmap, nmap, Rapid7, Kali Linux, Splunk, AWS Inspector, AWS CloudTrail, AWS GuardDuty, AWS IAM, and more.Ability to demonstrate flexibility/adaptability in applying IT Security standards, knowledge of current best practices applicable to a given environment (higher education experience in this area a plus).Ability to effectively translate technical vulnerabilities into business risk terminology.Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST 800-171, NIST 800-37, CIS Benchmarks, and more to technical and non-technical staff, developers, engineers, system/network administrators, and management.Ability to work closely with team members and independently to deliver expected results.Experience within a university environment is desirable.Hiring Range
$78,578.35 - $125,560.92Campus Location
Ashburn, VirginiaCollege/School/Department
GW ITFamily
Information TechnologySub-Family
Systems SecurityStream
Individual ContributorLevel
Level 3Full-Time/Part-Time
Full-TimeHours Per Week
40+Work Schedule
Monday through FridayWill this job require the employee to work on site?
YesEmployee Onsite Status
HybridTelework
YesRequired Background Check
Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search.Special Instructions to Applicants
Employer will not sponsor for employment Visa status.Internal Applicants Only?
NoPosting Number
S013224Job Open Date
08/02/2024Background Screening
Successful Completion of a Background Screening will be required as a condition of hire.EEO Statement
The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
#J-18808-Ljbffr
George Washington University Information Technology (GWIT) is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students, faculty, and staff with the technology and tools necessary to achieve academic excellence. This position works within GWIT and ensures collaboration with both University stakeholders and external vendors for service delivery across GW.GWIT operates systems in a hybrid multi-cloud environment in GW data centers and commercial cloud. The Senior Security Engineer role will be a part of a team responsible for defining security requirements, supporting security architecture, implementing a secure development lifecycle, assessing information systems, recommending security best practices, providing vulnerability management and generally defining, implementing, assessing, and maintaining controls necessary to protect both physical and virtual networks, hardware, and systems in accordance with security requirements.Responsibilities
Communicates institution specific and industry best practices around IT security standards to internal technical leads, and external technology solution developers, partners, and providers.Reports findings and assessment results to both technical staff and business stakeholders clearly and effectively.Provides mitigation and remediation suggestions, as appropriate.Supports digital transformation including appropriate automation, cloud migration, stakeholder empowerment and distributed but effective security practices.Performs application security and, vulnerability assessments, penetration testing, and risk analyses using tools such as Tenable One, Metasploit, Burp Suite, OWASP ZAP, sqlmap, nmap, Nessus, Rapid7, Kali Linux.Generates reports and summaries that note security vulnerabilities and risks based on standards and frameworks such as OWASP Top Ten, NIST 800-171, and CIS Benchmarks.Effectively delivers these reports to technical and non-technical staff, engineers, developers, and management at manager, director and vice presidential levels.Collaborates with the full IT Security team as well as application administrators, vendors, and business stakeholders, as appropriate, on the operational aspects of technical solutions.Advises on the appropriate flow of information regarding risk identification, treatment and acceptance within the university.Advises and contributes recommendations on operational aspects of security vulnerability and risk assessments for current technical solutions, transition or emerging solutions and in evaluating changes to systems and services (change management) for both on-premise and cloud solutions.Assists team in maintaining IT security tool and capability portfolio through engaged lifecycle management of hardware and software solutions, vendor management and budget planning activities (researching and drafting business cases in a zero based budget environment) as requested.Contributor to the identification, creation, and documentation of security processes, network security standards and procedures for both internal runbooks as well as university wide communications and awareness.Acts as an escalation point for and collaborates with peers throughout the institution on technical security matters.Provides project management for small security projects and participates in IT projects across the university.Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.Minimum Qualifications
Qualified candidates will hold a Bachelor's degree in an appropriate area of specialization plus 5 years of relevant professional experience, OR, a Master's degree or higher in a relevant area of study plus 3 years of relevant professional experience, OR a Bachelor's degree in an appropriate area of specialization plus 3 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.Additional Required Licenses/Certifications
Cybersecurity certifications focused on security and cloud security such as Certified Cloud Security Professional (CCSP), AWS Certified Security, CompTIA Cloud+, Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Automation (GCSA), GIAC Enterprise Vulnerability Assessor (GEVA), Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) are desirable.Preferred Qualifications
Demonstrated experience in application security, vulnerability assessments, vulnerability management, penetration testing, and risk analysis activities across functional business areas and information technology services.Experience in using security testing tools such as Burp Suite, Metasploit, Tenable One, OWASP ZAP, sqlmap, nmap, Rapid7, Kali Linux, Splunk, AWS Inspector, AWS CloudTrail, AWS GuardDuty, AWS IAM, and more.Ability to demonstrate flexibility/adaptability in applying IT Security standards, knowledge of current best practices applicable to a given environment (higher education experience in this area a plus).Ability to effectively translate technical vulnerabilities into business risk terminology.Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST 800-171, NIST 800-37, CIS Benchmarks, and more to technical and non-technical staff, developers, engineers, system/network administrators, and management.Ability to work closely with team members and independently to deliver expected results.Experience within a university environment is desirable.Hiring Range
$78,578.35 - $125,560.92Campus Location
Ashburn, VirginiaCollege/School/Department
GW ITFamily
Information TechnologySub-Family
Systems SecurityStream
Individual ContributorLevel
Level 3Full-Time/Part-Time
Full-TimeHours Per Week
40+Work Schedule
Monday through FridayWill this job require the employee to work on site?
YesEmployee Onsite Status
HybridTelework
YesRequired Background Check
Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search.Special Instructions to Applicants
Employer will not sponsor for employment Visa status.Internal Applicants Only?
NoPosting Number
S013224Job Open Date
08/02/2024Background Screening
Successful Completion of a Background Screening will be required as a condition of hire.EEO Statement
The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.
#J-18808-Ljbffr