Attention: All employees of the Presidents Office must be fully vaccinated against COVID-19 or obtain an approved exemption on medical or religious grounds.

Senior Security Specialist

Apply now Job no: 519093
Position type: Staff Full Time
Campus: UMass President's Office
Campus Location: South St Shrewsbury
Department: UITS-Security Operations
Categories: Information Technology
Advertised: Eastern Daylight Time
Applications close:

Job Summary:

The Senior Security Specialist is a technical role in the Information Security department responsible for providing operational support of security tools, including those deployed for vulnerability identification, SIEM, data loss prevention and cloud security. The Senior Security Specialist will evaluate technologies, architect and optimize security solutions, improve processes, conduct security assessments, participate in cross- functional initiatives and lead security focused projects. The individual will interact with and provide support to individuals across the University system, including those in in procurement, legal, human resources, internal audit and information technology.

The Senior Security Specialist will help to detect and respond to potential security related policy violations and vulnerabilities. The Specialist will take an active role in supporting incident response activities, including working with UITS colleagues, vendors and stakeholders to respond and recover in a coordinated and timely manner. The Senior Security Specialist must be adept at communicating technical information in a manner that is most successful for a given audience.

The Senior Security Specialist will be a self-starter who can work effectively with minimal direction and is comfortable managing a workload with competing priorities. The individual will be responsible for developing action plans that consider a holistic view and lead to successful outcomes. The Senior Security Specialist will demonstrate a growth mindset and be able to adapt in a constantly evolving environment.

Essential Functions:

  • Contribute to information security vulnerability management. Assess current technology architectures for vulnerabilities, weaknesses and for possible upgrades or improvement. Recommend solutions to mitigate identified issues.
  • Perform internal and external threat monitoring and reporting.
  • Participate in incident response activities.
  • Provide support to information security audits performed by internal and external organizations.
  • Participate in projects that evaluate new and emerging technologies and/or services; this includes performing industry research to determine available products / services, conducting proof-of-concept evaluations, and making recommendations to management about worthwhile security investments
  • Architect new security solutions and improve automation of existing technologies to optimize cybersecurity efficiency and effectiveness.
  • Conduct security assessments of existing, proposed and new technology.
  • Provide information security awareness training to UMass President's Office personnel. Provide support for associated security training tools and phish reporting solution.
  • Effectively communicate information security concepts to customers.
  • Lead assigned projects to successful outcomes. Develop project plans that include deliverables, phases, milestones, resource assignment and tasks. Monitor and frequently report on project status, health, and key issues while ensuring information is easily understandable, actionable, supports effective decision making and builds trust with sponsors and stakeholders.
  • Provide expertise with physical security, privacy, disaster recovery and cloud technologies.
  • Contribute to a climate of teamwork. Support colleagues by sharing knowledge and providing assistance.

Other Functions:

Typical information technology off-hours and on-call support are required for this position for support of UITS projects and initiatives, as well as responding to any type of institutional incident.

Minimum Qualifications (Knowledge, Skills, Abilities, Education, Experience):

  • A bachelor’s degree in a technical or humanities discipline, or equivalent work experience.
  • 5 years production support and hands-on work experience in high performance information security environments with an ability to resolve complex issues in a multiple vendor, technology, and customer environment.
  • Specific skills and working knowledge of networking, security, and application architectures and protocols.
  • Detailed knowledge of at least one industry standard information security framework and will be able to describe its implementation in a diverse and complex enterprise level entity.
  • Firm understanding of cybersecurity and forensics.
  • Experience with any outsourced IT environment including SaaS, cloud or trusted third party.
  • Demonstrated experience in leading a cross-functional team that does not have a direct reporting relationship.
  • Demonstrated experience and ability in negotiation, influencing, conflict resolution, and public speaking.
  • Excellent oral and written communication skills with ability to develop and deliver presentations and trainings.
  • Strong interpersonal skills with the ability to work effectively with people of all levels of information technology expertise with a wide range of constituencies and organizational relationships. Ability to communicate technical subjects to non-technical stakeholders.
  • Demonstrated sound judgment in handling sensitive and politically complex issues.

Preferred Qualifications (Knowledge, Skills, Abilities, Education, Experience):

  • Higher Education experience
  • Any industry related certification (Vendor, ISC2, GIAC, SANS, ISACA, CSA, etc) - If you don't have a certification, we'll expect you to achieve at least one certification within one year of hire and we have learning resources to support you in that goal
  • Experience with any SIEM product or deployment
  • Network Access Control (NAC) or any role based access experience
  • Web Application Firewall (WAF) experience
  • Cloud Access Security Broker (CASB) experience
  • Experience working with Linux and Windows servers
  • Experience with any vulnerability management platform
  • Center for Internet Security controls framework experience
  • Demonstrated understanding of current and emerging technologies and how other organizations are employing them to drive digital business.
  • Disaster Recovery or Business Continuity Planning experience
  • General data privacy experience

Working Conditions:

Typical office environment. Periodic travel to campus sites and executive offices in downtown Boston.

Additional Details:

Salary commensurate with experience up to $125,000.

Back to search results Apply now Refer a friend

The University of Massachusetts is an Equal Opportunity/Affirmative Action, Title IX employer. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, ancestry, age over 40, protected veteran status, disability, sexual orientation, gender identity/expression, marital status, or other protected class.