Job Description

Job Description Summary
The search will remain open until the position has been filled.
______________________________________________________________________________________________________


About URI:

The University of Rhode Island enrolls approximately 17,000 students across its graduate and undergraduate programs and is the State’s flagship public research university, as well as the land grant and sea grant university, for the state of Rhode Island. The main campus is located in the historic village of Kingston, and the Bay Campus is located in Narragansett. Both campuses are near major beaches in a beautiful coastal community. URI is just 30 minutes from Providence, RI and within easy reach of Newport, Boston, and New York City.

________________________________________________________________________________________

BASIC FUNCTION:

The Cyber Security Engineer plays a pivotal role in advancing the university’s cybersecurity initiatives. This position requires expertise in endpoint security, data loss prevention, compliance standards like CMMC, and hands-on experience with Microsoft Azure security and DUO multi-factor authentication. The ideal candidate will proactively assess vulnerabilities, design secure configurations, and implement cutting-edge security solutions to safeguard the university’s infrastructure. In addition, they work with URI constituents on providing support and managing relations. Create clear and concise documentation to formalize new processes. Process requests to resolve security issues with endpoint support and end users, including exception/exclusion handling. Administrate and implement policies/rules on endpoint devices and refine security standards. Implement and maintain cyber security management tools. Interact closely with product vendors, service providers, and personnel from various IT departments (including application development, cloud infrastructure, networking, and business units and colleges).

Duties and Responsibilities
ESSENTIAL DUTIES AND RESPONSIBILITIES:

As the Cyber Security Engineer, you will lead the implementation and continuous improvement of CMMC compliance frameworks for research and institutional projects, providing you with a unique opportunity for growth and learning.

Provide technical support, including monitoring, reporting, and tool administration.

Design and integrate endpoint protection solutions into the university’s infrastructure based on the ongoing business requirements and URI’s security policy.

As the Cyber Security Engineer, you will play a crucial role in keeping our security systems documentation up to date, ensuring the safety and integrity of our university’s operations.

Maintain awareness of the latest security risks, exploits, and vulnerabilities and apply them to the URI environment as required.

Conduct regular security assessments to identify vulnerabilities, recommend mitigations, and ensure compliance with university policies and regulatory requirements.

Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations.

Examine systems and applications to assess the current security posture.

Raise concerns to management regarding endpoint security deficiencies or enhancements that must be addressed.

Develop, maintain, and monitor endpoint security technology and best practices and provide ongoing monitoring of new technology and capabilities.

Possess and maintain broad technical and business knowledge of all aspects of endpoint technologies, including mobility, client operating systems, VDI, and IoT.

Possess broad expertise with client and endpoint authentication (SSO), data protection, VPN, antivirus, and anti-malware technologies and controls.

Oversee the implementation, administration, and operation of multiple endpoint security technologies, including Absolute, Cylance, Patch Management, Bitlocker, and FileVault.

Work with the Manager of Endpoint Support to design and implement a stable, secure, and optimized endpoint environment for university constituencies.

OTHER DUTIES AND RESPONSIBILITIES:

Perform other duties as assigned.

LICENSES, TOOLS, AND EQUIPMENT:

Desktop software and work management tools, computer workstations, Information Technology terminology and service delivery practices, project management, and general IT Service Management tools.

Required Qualifications
REQUIRED:

1. Bachelor’s degree.

2. Minimum two years of experience in an Information Security role.

3. Minimum two years of experience working on corporate technologies (including but not limited to endpoints, servers, and network technologies).

4. Demonstrated experience in compliance, risk management, and information security in higher education or corporate settings.

5. Demonstrated experience managing compliance for research projects involving federal regulations.

6. Demonstrated experience with vulnerability management solutions (e.g., Qualys, Tenable, Rapid7, etc.) and with MDM technologies (e.g., Microsoft Intune).

7. Demonstrated experience with endpoint security solutions (e.g., Absolute, Microsoft Defender Enterprise, Cisco Umbrella, etc.), best practices and procedures.

8. Demonstrated deployment and maintenance experience with endpoint security solutions (including antivirus, anti-malware, disk encryption, EDR, DNS security, patch management).

9. Demonstrated experience securing multiple operating systems (e.g., Mac, Windows, Linux and/or other Unix-like variants).

10. Demonstrated knowledge of networking and application protocols (e.g., TCP/IP, UDP, HTTPS).

11. Demonstrated customer service skills and technical problem-solving skills.

12. Demonstrated strong interpersonal and verbal communication skills.

13. Demonstrated proficiency in written communication skills.

14. Demonstrated ability to work with diverse groups/populations.

Preferred Qualifications
PREFERRED:

1. Master’s degree.

2. Demonstrated higher education experience in a security administrator position.

3. Demonstrated ability to automate and script tasks using preferred language.

4. Demonstrated ability to work with remote data and write scripts against common web APIs (REST, SOAP).

5. Demonstrated knowledge of cloud platforms and cloud security.

6. Demonstrated experience in regulated environments (HIPAA, PCI, GLBA, etc.)

7. Demonstrated understanding of endpoint security, operating systems, networks, and application layer technologies.

8. Demonstrated experience with data loss prevention technologies.

9. Demonstrated experience with desktop administration and troubleshooting.

10. Demonstrated experience with web application security scanners (e.g., Qualys, Tenable, Rapid7, etc.)