Cybersecurity Analyst/Engineer (Governance, Risk, and Compliance) - Central
Job posting number: #7122694
Posted: February 3, 2023
Application Deadline: Open Until Filled
Job DescriptionJob Summary
The Office of the Chief Information Security Officer at Auburn University is seeking applicants for a cybersecurity position. Under minimal supervision, the Governance, Risk, and Compliance (GRC) Security Analyst or Engineer will be a subject matter expert on assessing and documenting the institution’s risk and compliance posture related to IT assets. This position will entail engaging third parties and reviewing documentation of application security architecture and design solutions to produce security recommendations for application developers and project teams. Responsibilities include working with vendors and campus users to assess security controls and requirements. Other duties involve a range of activities– such as assisting in developing security standards, participating as a security liaison on enterprise application teams, vetting software purchases, and troubleshooting Web Application Firewall alerts.
Working onsite is a requirement of the job. May work up to 2 days hybrid remote in local area with supervisor’s approval.
The ideal candidate applies systems thinking, possesses superior interpersonal and communication skills, is self-motivated, and is a life-long learner.
7 Reasons You’ll Love Being a Cybersecurity Analyst at AUBURN:
Work/life balance is a priority! No travel is required.
Careers in Higher Education are reliably stable.
Competitive retirement plan and benefits.
Generous leave (including two weeks off during the holidays!)
Paid parental leave.
Tuition assistance for yourself and dependents.
Being a part of the life-changing work and research our students, faculty, and staff perform.
Auburn was named by Forbes Magazine as one of the state of Alabama’s best employers, with employees staying an average of ten years! Learn more about Auburn’s impact, generous employee benefits, and thriving community by visiting aub.ie/working-for-auburn.
It’s a Lifestyle: The Auburn/Opelika area is a page right out of Southern Living magazine with an idyllic small-town feel, perfecting a unique balance between a close-knit community and driving consistent growth and development. Paralleling the exponential growth of Auburn University, the Auburn/Opelika area boasts services and amenities that cater to any interest. We’re proud of our top school systems, city services, award-winning restaurants, and the infectious spirit of life in a college town. You can find us nestled halfway between the beach and the mountains in a lower-cost-of-living area, two hours outside of Atlanta or Birmingham. If you’re new to Auburn, we’d love to introduce you. If you’re already acquainted with Auburn, we’ll keep it simple: it’s time to come home!
Our Commitment: Auburn University is committed to a diverse and inclusive campus environment. Visit auburn.edu/inclusion to learn more about our commitment to expanding equity and inclusion for all.
1. Serves as the subject matter expert in operating systems, network devices and protocols, security technologies, cloud technologies, and security data sharing work flows by participating on application deployment project teams as a security advisor to ensure secure control implementation.
2. Analyzes vendor documentation, project needs, and knowledge of campus computing environment to develop project security controls. Assists project teams in documenting security controls and developing system security plans.
3. Validates and tests information security application architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies. Integrates large amounts of intelligence information on threats into context in order to draw insights about the possible implications.
4. Assists systems owners in creating System Security Plans (SSP) and overall security documentation.
5. Performs risk assessments for applications. Additionally, works with cybersecurity team to identify organizational and tactical risks.
6. Works with GRC lead to maintain cybersecurity risk register of tactical and organizational risks.
7. Participates in vetting requests for vendor software purchases, analyzing vendor documentation and application usage to make determinations regarding a potential application’s security posture.
8.Maintains knowledge with current emerging technologies and advancements within Information Security.
9. Performs all assigned work to meet expected delivery and schedules and performs other duties in the realm of support and proactive services as assigned.
10. Works with system owners to educate them on security standards such as authentication, multi factor authentication, audit logging and review of PII, disaster recovery plans, and role based access control (RBAC) in support of Auburn University Policies and regulations such as FERPA, HIPAA, NIST, and GLBA.
Cybersecurity Analyst (MA39)
High School Diploma – 11 year’s relevant experience required OR
Associate’s Degree – 7 year’s relevant experience required OR
Bachelor’s Degree – 3 year’s relevant experience required
Typical salaries at this level are between $57,500 and $103,500
Cybersecurity Engineer (MA40)
High School Diploma – 13 year’s relevant experience required OR
Associate’s Degree – 9 year’s relevant experience required OR
Bachelor’s Degree – 5 year’s relevant experience required
Typical salaries at this level are between $74,400-$133,900
Cybersecurity Engineer Licensure Requirements:
Industry recognized cybersecurity certification required within six (6) months of hire date. Recognized certifications include the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+, Certified Ethical Hacker (CEH), Certified in Risk and Information Systems Control (CRISC) and others as deemed appropriate by the CISO of Auburn University.
Substitutions for Education:
When a candidate has the required experience, but lacks the required education, they may normally apply additional relevant experience toward the education requirement, at a rate of two (2) years relevant experience per year of required education.
Minimum Required Knowledge:
Knowledge of intermediate troubleshooting, client relations, and cybersecurity principles. Ability to implement a plan to address and mitigate security vulnerabilities. Ability to recognize, analyze, and solve a variety of problems. Ability to effectively communicate technical concepts to a non-technical audience.
Minimum Skills, License, and Certifications
Minimum Skills and Abilities
Knowledge of generally accepted information/cyber security principles and practices with the ability to apply that knowledge to perform complex and non-routine specialized information technology (IT) security analysis functions such as troubleshooting, advanced analysis, research, and problem-solving.
Ability to remain up-to-date with privacy and security regulations.
Ability to recognize, analyze, and solve a variety of problems.
Ability to effectively communicate technical concepts to a non-technical audience.
Minimum Technology Skills
Minimum License and Certifications
Cybersecurity Analyst: None required. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC (SANS), or ISC (2) preferred.
Cybersecurity Engineer: Industry recognized cybersecurity certification required within six (6) months of hire date. Recognized certifications include the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+, Certified Ethical Hacker (CEH), Certified in Risk and Information Systems Control (CRISC) and others as deemed appropriate by the CISO of Auburn University.
1. Experience with system administration of servers and workstations.
2. Experience with virtual machines and Microsoft Azure environments.
3. Experience with the following Operating Systems is recommended but not required: Windows, Linux distributions (Ubuntu, Red Hat), macOS (current versions)
4. Knowledge of laws, regulations, and standards affecting information technology security in Search a higher education environment, including, but not limited to, PCI-DSS, HIPAA, GLBA, FERPA, and DMCA.
5. Familiarity and knowledge of security and IT concepts such as data classification, change management, access control, and the principle of least privilege.
6. Ability to effectively communicate business risk and information security concepts to audiences of varying technical acumen through multiple communication channels.
7. Strong analytical and problem-solving skills and works well in a team environment.
8. Willingness to acquire in-depth knowledge of network and security technologies and products and continuously improve these skills.
9. Higher Education experience preferred.