Lead Security Engineer at The George Washington University

I. JOB OVERVIEW

Job Description Summary:

GW Information Technology (GW IT) provides empowering tools and caring support for all members of The George Washington University (GW) community. We are focused on driving digital transformation and innovation to enable the academic and operational excellence of our students, faculty, staff, and researchers. At GW IT, we are committed to cultivating a team culture that values diversity, inclusion, respect and collaboration, and invests in each of our team members to grow in their technology and career skills. This lead position works within GW Information Technology as a member of the IT Security and Risk services team and ensures collaboration with both University stakeholders and cybersecurity staff to meet goals.

The Lead Security Engineer’s responsibilities focus on leading operation of our security operations center and related incident response activities. These activities support our mission of securing and protecting GW data, users, and operations from known, discovered, and emerging threats. The scope of the security program includes monitoring and securing on-premises and cloud traffic, ensuring sensitive, restricted, and regulated data is secure at rest and in transit. Our efforts are evaluated through metrics-based outcomes that are supported by efficient management of our budget in a dynamic and flexible academic and research network environment. This role serves as a subject matter expert in the areas of vulnerability assessments, forensics, threat monitoring and incident response. As this is a lead role, this position guides the organization in leveraging industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations. The role also coordinates security operations center functions in a 24×7×365 operating environment.

Position Responsibilities:

• Performs security operations and incident response activities by monitoring, assessing threats, reviewing events and alerts, prioritized response and conducting mitigation and remediation activities
• Conducts independent analysis on events and alerts to determine, coordinate and implement mitigation measures
• Leads, coordinates, and conducts incident root cause analyses. Prepares written reports detailing findings for management, customers and affected units, as appropriate
• Ability to identify and address potential internal and external threats and provide timely, clear recommendations
• Supports GW IT cybersecurity risk objectives with ongoing communications, including advisories and bulletins
• Provides strategic and operational leadership, oversees team activities, and mentors and trains team members
• Leads assessment, design, and implementation of enterprise security prevention, detection, response capabilities, tools, frameworks, and methodologies in support of automation and process efficiencies
• Leverages, configures, and uses security systems specifically related to intrusion detection, intrusion prevention, network data analysis, host scanning, and forensics supporting incident detection and response / remediation (e.g., SIEM, SOAR, IDS/IPS, Firewall), Partner with GW IT Networking Team 
• Develops procedures and processes for day-to-day SOC operations
• Trains and evaluates capabilities of junior staff and student employees on SOC/IR processes and procedures
• Participates in 24×7 on call rotation

Performs other related duties as assigned. The omission of specific duties does not prevent the supervisor from assigning duties that are logically related to the position.

Minimum Qualifications:

Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 7 years of relevant professional experience, OR, a Master’s degree or higher in a relevant area of study plus 5 years of relevant professional experience, OR, a Bachelor’s degree in an appropriate area of specialization plus 5 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.

Additional Required Licenses/Certifications/Posting Specific Minimum Qualifications:

Preferred Qualifications:

• Demonstrated experience in cybersecurity incidents and response methodology including in-depth knowledge of each phase of the incident response life cycle
• Extensive experience in a security operations center (SOC) environment including operation and installation of security systems specifically related to intrusion detection, intrusion prevention, and forensic as well as assurance of successful deployment and functionality in collaboration with network staff and other stakeholders
• Familiarity with Cyber Kill Chain, ATT&CK, and other frameworks leveraged in security operations
• Thorough understanding of enterprise network architectures to include routing / switching, common protocols (DHCP, DNS, HTTP, etc.), and devices (Firewalls, Proxies, Load Balancers, VPN, etc.)
• Subject matter expertise across security operational areas including, but not limited to:
  • Security Architecture
  • Network Defense and IDS
  • Incident Response and Forensics
  • Threat Intelligence
  • Linux, Microsoft and Apple operating systems, protection from vulnerabilities / exploits
• Strong analytical and creative problem-solving skills to resolve complex security design issues and identify security-centric solutions around threat analysis, metrics and trends, and uncovered vulnerabilities
• Knowledge of a scripting language and networking fundamentals is helpful
• Experience with Azure Active Directory and Google Workspace
• Experience within a university environment is desirable
• Ability to work independently and as part of a team including mentoring junior staff
• Experience with Palo Alto, FireEye, Splunk and CISCO security and related tools is highly desirable
• Knowledge and experience in hybrid environments involving hybrid on-premises and public / private cloud as well as numerous vendor specific SaaS solutions
• Demonstrated ability to derive meaningful metrics and guidance from system data and trends.

Hiring Range

$92,790.58 - $150,696.60

GW Staff Approach to Pay

Healthcare Benefits

GW offers a comprehensive benefit package that includes medical, dental, vision, life & disability insurance, time off & leave, retirement savings, tuition, well-being and various voluntary benefits. For program details and eligibility, please visit

II. JOB DETAILS

Campus Location:

Foggy Bottom, Washington, D.C.

College/School/Department:

GW IT

Family

Information Technology

Sub-Family

Systems Security

Stream

Individual Contributor

Level

Level 4

Full-Time/Part-Time:

Full-Time

Hours Per Week:

40

Work Schedule:

Monday-Friday

Will this job require the employee to work on site?

Yes

Employee Onsite Status

Hybrid

Telework:

Yes

Required Background Check:

Criminal History Screening, Education/Degree/Certifications Verification, Social Security Number Trace, and Sex Offender Registry Search

Special Instructions to Applicants:

Employer will not sponsor for employment Visa status

Internal Applicants Only?

Yes (University Wide)

Posting Number:

S013418

Job Open Date:

11/08/2024

Job Close Date:

11/11/2024

If temporary, grant funded or limited term appointment, position funded until:

Background Screening

Successful Completion of a Background Screening will be required as a condition of hire.

EEO Statement:

The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.