Information Security Analyst/Engineer (2 positions)
Information Security Analyst/Engineer (2 positions)
About University at Albany:
Established in 1844 and designated a University Center of the State University of New York in 1962, the University at Albany's broad mission of excellence in undergraduate and graduate education, research and public service engages a diverse student body of more than 17,900 students in nine schools and colleges across three campuses.
Located in Albany, New York, New York State's capital, the University is convenient to Boston, New York City and the Adirondacks.
Information Technology Services (ITS) at the University at Albany seeks an individual with the skills and desire to join an innovative, collaborative team as an Information Security Analyst/Engineer. The successful candidate plays an important role in coordinating campus-wide efforts to protect institutional data and manage risk for a complex portfolio of digital assets at a Carnegie R1 research institution.
The Information Security Analyst/Engineer works with information security and other technology professionals to perform critical security functions for the institution. This includes many activities including:
- Intrusion detection
- Vulnerability scanning
- Responding to security incidents
- Participating in designing and building security systems to reduce risks and maintain compliance in on-premises and cloud-based environments
Reporting to the Chief Information Security Officer, this position requires technical skills and the ability to work across the campus community to improve tools, processes, best practices, and culture around information security. The information security team is currently involved in important projects using new cloud security tools and is poised for growth. This is an exciting opportunity for a seasoned security professional to leverage their knowledge and experience or someone new to the field to gain broad experience in information security in a university environment.
- Analyze a variety of data sources to detect and respond to information security vulnerabilities and potential incidents. These sources include centralized log collections, intrusion detection/prevention systems, vulnerability management tools, network mapping, system logs, etc. This duty includes both manual tasks and automated/orchestrated workflows.
- Perform assessments on systems, applications, and processes to identify strategies and solutions to reduce risks.
- Advise on information security controls and policies for various information security compliance requirements such as those for Controlled Unclassified Information (NIST 800-171), financial aid (GBLA), student records (FERPA), etc.
- Maintain, improve, and build tools for all information security core functions: identification, protection, detection, and response. This includes enhancing current tools as well as recommending and implementing new ones.
- Liaison with various University constituencies on best practices, culture, and other areas of information security
Additional duties include:
- Be available to provide scheduled support and consultation outside normal business hours, including occasional evenings, holidays, or weekends, within reasonable professional obligation and expectation.
- Actively participate, as needed, in ITS projects
- A Bachelor's degree from a college or university accredited by a U.S. Department of Education (DOE) or internationally recognized accrediting organization and a minimum of 3 years in an information security role or 5 years in any information technology role; or an equivalent combination of education and experience.
- Experience with security tools such as:
- Vulnerability management tools
- Incident response tools
- Log collection and correlation tools
- Network tools (firewalls, intrusion detection, traffic analysis, etc.)
- Excellent written and oral communication skills
- Ability to work with a culturally diverse population
- Experience with cloud security tools
- Experience with automating and orchestrating information security workflows
- Relevant skill certifications (CISSP, CEH, GIAC, etc.)
- Experience with higher education technology environments
Professional Rank and Salary Range: Senior Programmer/Analyst, SL-4; $85,000-95,000
Special Note: Visa sponsorship is not available for this position.
The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, or Clery Act, mandates that all Title IV institutions, without exception, prepare, publish and distribute an Annual Security Report. This report consists of two basic parts: disclosure of the University's crime statistics for the past three years; and disclosures regarding the University's current campus security policies. The University at Albany's Annual Security Report is available in portable document format [PDF] by clicking this link http://police.albany.edu/ASR.shtml
Pursuant to NYS Labor Law 194-A, no State entity, as defined by the Law, is permitted to rely on, orally or in writing seek, request, or require in any form, that an applicant for employment provide his or her current wage, or salary history as a condition to be interviewed, or as a condition of continuing to be considered for an offer of employment until such time as the applicant is extended a conditional offer of employment with compensation, and for the purpose of verifying information, may such requests be made. If such information has been requested from you before such time, please contact the Governor's Office of Employee Relations at (518) 474-6988 or via email at firstname.lastname@example.org.
THE UNIVERSITY AT ALBANY IS AN EO/AA/IRCA/ADA EMPLOYER
Please apply online via https://albany.interviewexchange.com/jobofferdetails.jsp?JOBID=147555
Applicants MUST submit the following documents:
- Cover letter stating all the required minimum qualifications and any of the applicable preferred qualifications
- Contact information for three professional references
Note: After submitting your resume, the subsequent pages give you instructions for uploading additional documents (i.e. cover letter etc.).
Closing date for receipt of applications: open until filled