Job Description Security Engineer Location: Boston, Massachusetts Date Posted: 2/3/2023 Employment Type: Permanent Recruiter: Mohamed Barami Recruiter Email: mo.barami@avidtr.com Job ID: JN -022023-15445 Job Description Position Overview: The Information Security Engineer will be, responsible for supporting the implementation of security and risk management protocols across the School. Under the guidance of the Director, this role provides expert assistance to ensure the School’s research and administrative IT infrastructure and information assets are appropriately secured. The role performs security assessments and security attestations of IT applications, systems and development projects, investigates events using security tools and works with appropriate teams to remediate information security threats. The Information Security Engineer works to identify threats and manage incident response to preserve the protection of critical Sloan information assets and infrastructure. The role works with other staff and Security staff to monitor its security controls, analyze system logs for security events, and gather threat intelligence. Other responsibilities include vulnerability management and e-discovery, digital forensics, and incident response management. The Information Security Engineer communicates and educates IT and the School about security policies and industry standards, and provide solutions for enterprise/research/business security issues. The role requires strong analytical, communication and consulting skills with knowledge of Information Security and related technologies. This position keeps abreast of current security threats and stays current with security technology evolution, and plays a key role in designing and understanding security controls and supporting and maintaining those controls. Familiarity with a variety of technologies and security systems matched with attention to detail is required to ensure continuity of approach and control structure across multiple projects and initiatives. Principal Duties and Responsibilities (Essential Functions**): • Support the implementation of security and risk management programs across the School. o Collaborate with other Sloan staff to assure the creation and implementation of proactive security operations on critical infrastructure, applications/platforms and information assets o Process and evaluate information received from all available sources, and respond with the appropriate communication and dispatch procedures o Conduct forensic investigations and target reviews of suspect areas o Identify and resolve root causes of security-related problems • Provide consulting and assistance for data use agreements and data security processes o Respond to requests for assistance in research data management plan development and assessment o Perform security assessments and security attestations of IT applications, information services and development projects o Conduct IT security awareness and compliance training programs designed by the Director. o May guide users on the usage and administration of security tools that control and monitor information security. Page 2 of 3 o Ensures users understand and adhere to necessary procedures to maintain security. • Ensure collection and reporting on key metrics related to protection of information assets and infrastructure o Consult regularly with staff and faculty colleagues on security processes, incidents and requests; solicit feedback, analyze and recommend improvements o Assist the Director and other STS staff in gathering and reporting on key security and compliance metrics • Collaborate with Institute security personnel to assure overall security of Sloan community, IT assets and infrastructure. o Establish and maintain relationships within STS to ensure seamless security and compliance of IT services and data. o Establish relationships and collaborate with Institute security personnel. Understand their services and deployable resources, evaluate Institute security processes and policies to assure alignment, integration and support. o Understand and advise STS leadership on the tools available from the Institute that might be used within Sloan for information protectionQualifications & Skills: REQUIRED EDUCATION AND EXPERIENCE: Education o Bachelor’s Degree in technology field and 2+ years of relevant experience, or o 5+ years of relevant experience Technical Skills o Knowledge of security issues and remediation techniques o Knowledge of critical security controls, preferably NIST Cyber Security FrameworkFamiliarity with secure coding practices, ethical hacking and threat modeling. PREFERRED EDUCATION AND EXPERIENCE: Bachelor’s Degree in Computer Science, Information Systems or other related field, and o 5+ years of relevant experience.Technical Skills o Working knowledge of security issues, techniques and implications across computer platforms.Knowledge of critical security controls, preferably NIST Cyber Security Framework. o Working knowledge of scripting languages, e.g. PowerShell, Python, Perl.Familiarity with secure coding practices, ethical hacking and threat modeling.Strong understanding and experience with managing computers and users on a network and understanding how systems interoperate. Possess or be willing to work towards a related security certification (e.g. CISSP, SANS GSEC) • Project ManagementDemonstrated familiarity with standard principles of project management Apply for this job