Description of Position:
Providing the U.S. research and education community with a dynamic, innovative, world-leading set of advanced information technologies. Through collaboration with regional optical networks, international and campus partners, we provide next-generation network services and a platform for the development of new networking paradigms. With community control of the fundamental networking infrastructure, our network provides the scalability for its members to efficiently provision resources to address bandwidth-intensive requirements of their campuses such as collaborative applications, distributed research experiments, grid-based data analysis, and social networking.
We maintain and operate a 13,500-mile domestic coherent DWDM network infrastructure, with multiple Layer 2 and Layer 3 networks provisioned on top of it.
To help support this critical mission, we are seeking a Senior Cyberinfrastructure Security Architect
to design, build, test and implement security systems within our global infrastructure programs. The Senior Cyberinfrastructure Security Architect is a senior technical position that will play a key role in the establishment and evolution of the security program for our cyberinfrastructure. Supports the business by ensuring network security is integrated into the essential project and program activities. Ensures risks are treated in a consistent and effective manner and promotes responsible security behavior. Responsible for researching, developing and driving the adoption of software security strategy, security architecture standards, design patterns, and best practices across all our cyberinfrastructure products and services. This position requires some travel, possible on-call support, frequent community interaction, and reports to the Chief Cyberinfrastructure Security Officer.
Tasks and Responsibilities:
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Plans security systems by evaluating network and security technologies; developing requirements for the production network including virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs solutions such as resource public key infrastructures (RPKI) for improving inter-domain routing security; adhering to industry standards such as MANRS.
- Contributes to the development and maintenance of the information security strategy.
- Developing project timelines for ongoing system upgrades.
- Use tools and methodology to assess the security risks associated with sensitive and mission critical systems and develop mitigation strategies to bring risk levels into an acceptable range.
- Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws.
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
- Liaise with the larger research and education community to understand needs and coordinate activities.
- Evaluates and develops secure solutions, based on approved security architectures.
- Researches, designs and advocates new technologies, architectures, and security products.
- Communicates security risks and solutions to business partners and IT staff.
- Supports ethical hacking initiatives to eliminate security risks in cyberinfrastructure products.
- Models attack vectors and design security controls to mitigate risk.
- Builds security into infrastructure and architecture designs and guides the implementation.
- Creates and delivers knowledge sharing presentations and documentation to other architects, security, developers and operations teams.
- Senior leader expected to proactively research industry trends, user requirements and translate into architectural direction.
- Working Group Leader and Facilitator in complex stakeholder environments.
Escalation point for support and technical negotiations with vendors.
Required Skills, Abilities, and Certifications
- BS in Computer Science or equivalent.
- Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH).
- Must be well versed in Internet routing protocols such as BGP, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network-based scanners).
- Working knowledge of network telemetry techniques and sources such as netflow, ipfix, sflow, SNMP, streaming telemetry, syslog, packet captures, etc.
- Familiarity with security frameworks such as ISO 27001:2013 and NIST SP800-53, with a focus on security, performance, and reliability.
- Ability to provide quality deliverables on time and on budget.
- Ability to mentor other employees to improve their skills and effectiveness.
- Ability to design, resource, conduct, status, and complete projects independently, with minimal supervision.
- Minimum 4 years hand-on experience in Network / Security.
- Solid understanding of security protocols, cryptography, authentication, authorization and security.
- Good working knowledge of current IT risks and experience implementing security solutions.
- Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook. Should be able to work with technical and non-technical individuals alike.
- Ability to conduct research into emerging technologies and study their relevance for our use.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Excellent analytical and problem-solving abilities.
- Able to prioritize and execute tasks in a high-pressure environment.
- Experience working in a team-oriented, collaborative environment.
- Ability to travel up to 30% for community and vendor interactions.
Note: This job has three locations: Denver CO., Ann Arbor MI., West Hartford CT.