The University of Vermont
The University of Vermont is especially interested in candidates who can contribute to the diversity and excellence of the institution. Applicants are encouraged to include in their cover letter information about how they will further this goal.
The Senior Systems Security Engineer is a senior level IT position with a high-impact technical role focused on securing both the physical and virtual aspects of UVM’s information environment. This position’s primary responsibility is building, maintaining, and improving UVM’s intrusion detection and prevention systems (IDPS). This position will also contribute to other operational security efforts, including UVM’s vulnerability management and scanning systems and our system and network logging and analysis systems. This position implements, manages, and integrates systems and software in support of the mission to identify and remediate threats to the confidentiality, integrity, and availability of information in the University of Vermont’s information environment. The incumbent manages information security projects of significant institutional impact and importance, and works most closely with the Chief Technology Officer, Information Security Officer, and members of the Systems Architecture & Administration department and Information Security Office. This position participates in UVM’s Cybersecurity Incident Response Team (CSIRT).
The incumbent must develop and leverage a deep understanding of UVM’s information ecosystem in order to design systems and workflows to detect and prevent intrusion. This engineer must exercise discretion and judgment while maintaining the security of University information, protecting individuals’ privacy, and educating constituents. Given the sensitivity of the information and access required to dispatch their duties, the incumbent must acknowledge and faithfully execute a duty to maintain strict confidentiality.
Minimum Qualifications (or equivalent combination of education and experience)
Bachelor’s degree in a related field plus four years as an information security professional. At least two of those years must be in a professional systems engineering or network engineering role. Four additional years of information security or systems/network engineering work experience can substitute for the degree requirement. Expert proficiency in the technical concepts underpinning internet-connected enterprise services required.
Expertise programming in languages popular for orchestration/automation (e.g., Python, PowerShell, Perl, Rust, Go) is required. Experience with system and network debugging.
Excellent communication skills are required. Effective written communications, especially the ability to produce both procedural documentation and activity/incident is required.
Effective interpersonal skills and demonstrated ability to work and manage projects in a collaborative, cross-departmental, team environment required. Proven problem-solving, analytical, and decision-making skills required. Demonstrated ability to evaluate risks, costs, and benefits of security measures required.
Ability to work effectively on team and independent projects, with ability to self-direct and adjust to shifts in priorities.
Successful criminal background check required.
Any one or more of the following will strengthen an applicant’s candidacy: Professional experience with at least one of: 1) intrusion detection and prevention, 2) cybersecurity incident response, 3) endpoint/network forensics, and/or 4) continuous security monitoring; experience implementing security measures across hybrid cloud/on-premises environments; experience applying machine learning techniques to information security problems; experience hardening servers, applications, and databases; network management experience with Cisco equipment; security information and event management (SIEM), vulnerability management tools, firewalls; configuration management systems; VMware ESX and NSX virtualization products; experience evaluating competing technology products and negotiating with vendors/service providers; work experience in a higher education environment