Sr. IT Security Engineer - Computing Services

The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.

CMU's Computing Services department is searching for a Senior Information Security Engineer/Services Coordinator. This is an excellent opportunity for someone who thrives in an interesting and challenging work environment. The Senior Information Security Engineer/Services Coordinator (SISE/SC) is responsible for security services lifecycle management, endpoint protection and vulnerability management services; integration, administration, and support (e.g., request fulfillment and community outreach efforts) for the underlying tools and participates in threat monitoring, investigation, response and support tasks related to the operation of the University's information security program with a primary focus on compliance areas by the following core responsibilities:

Your core responsibilities will include:

• Assist with analysis of compromised computers or accounts when appropriate.

• Assisting campus IT personnel technically and procedurally with incident handling, threat mitigation, and E-Discovery requests.

• Configure and use various tools for scanning, monitoring, or testing various aspects of computer, account, or network security as needed for compliance areas.

• On-going professional development (attending/presenting at conferences, meetings, etc...).

• Participate in 24x7 on call rotations for intrusion monitoring, incident response and infrastructure maintenance which may necessitate coming to campus at off-hours.

• Provide technical guidance and assessment of control requirements for compliance areas such as HIPAA, FISMA, PCI-DSS, GLBA, DFARS and NCBI research data access.

• Provide technical guidance and assessment of control requirements for compliance areas such as HIPAA, FISMA, PCI-DSS, GLBA, DFARS and NCBI research data access.

• Monitor for and respond to computer security, abuse, and e-discovery incidents. This may entail monitoring intrusion detection, vulnerability scanning and log correlation systems; doing research; scanning machines; reviewing usage logs; etc. to confirm reports and perform forensic analysis according to established procedures, primarily for compliance areas. User contact will also be needed in order to inform people of breaches as necessary, and to obtain detailed information.

• Coordinating threat mitigation and response efforts.

• Monitoring and responding to network intrusion, system log, and vulnerability alerts raised by automated detection systems, internal & external reports and manual investigation.

• Executing incident response procedures and Information Security Office (ISO) processes to identify computer security incidents, contain intrusions and recommend options for eradication & recovery all the while effectively communicating with both internal and external customers and escalating as necessary.

• Investigating incident root cause & scope using host and network based forensics when called for by the incident response plan.

• Participating in projects within the ISO to improve and automate processes and tools through evaluation, implementation and/or development as well as providing consulting across the division and campus.

• Working with University Counsel to obtain, interpret and search forensic evidence for legal cases and subpoena compliance (E-Discovery).

• Handling service support requests for certificate authority (public key infrastructure), vulnerability scanning, data loss protection and endpoint security.

• Sharing responsibility for maintaining documentation on all incidents and job related procedures.

• Working with other groups in the division to secure infrastructure and implement security controls supporting primarily compliance areas.

• Potentially assessing systems for vulnerabilities in design and implementation as well as penetration testing of hosts and client/server & web applications as required by various compliance areas.

• Coordinating security lifecycle activities (e.g., identities, accounts, certificates, devices, processes and procedures) across the Information Security Office.

• Administering security tools like endpoint detection and response.

• Supporting integration of authentication and authorization infrastructure.

• Supporting and administering endpoint prevention, detection, and response tools (e.g.,CrowdStrike).

• Supporting the Security Points of Contact Program with onboarding, training and documentation tasks.

• Supporting the certificate authority (public key infrastructure) and data loss prevention services.

• Explaining complex security issues and their impact to diverse audience.

• Provide detailed documentation and content to team members so that the campus community can be informed of new threats or other security and abuse issues as needed.

• Monitoring threat intelligence sources to provide threat assessment and remediation which includes evaluating how issues impact the University and implementing or recommending techniques to mitigate the threats.

• Other duties as assigned.

Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.

Qualifications:

• Bachelor's Degree

• 5-8 Years of Systems/Software Engineering Experience

Requirements:

• Successful background check

"Applicants for this position must be currently legally authorized to work for CMU in the United States. CMU will not sponsor or take over sponsorship of an employment visa for this opportunity."

Are you interested in this exciting opportunity?! Apply today!

Joining the CMU team opens the door to an array of exceptional benefits.

Benefits eligible employees enjoy a wide array of benefits including comprehensive medical, prescription, dental, and vision insurance as well as a generous retirement savings program with employer contributions. Unlock your potential with tuition benefits, take well-deserved breaks with ample paid time off and observed holidays, and rest easy with life and accidental death and disability insurance.

Additional perks include a free Pittsburgh Regional Transit bus pass, access to our Family Concierge Team to help navigate childcare needs, fitness center access, and much more!

For a comprehensive overview of the benefits available, explore our Benefits page.

At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond credentials, we evaluate the role and responsibilities, your valuable work experience, and the knowledge gained through education and training. We appreciate your unique skills and the perspective you bring. Your journey with us is about more than just a job; it's about finding the perfect fit for your professional growth and personal aspirations.

Are you interested in an exciting opportunity with an exceptional organization?! Apply today!

Location

Job Function

Position Type

Full Time/Part time

Pay Basis

More Information: