The University Information Technology Services (UITS) department of the University of Massachusetts (UMass) System Office is seeking an experienced, engaging and highly-motivated individual that embodies our department’s five most valued behaviors: communicate thoughtfully, take a holistic view, practice and protect courage, foster a growth mindset, and embrace a culture of inquiry.
The Principal Security Specialist is a vital role within UITS that applies technical knowledge to provide a safe and secure computing environment, while providing responsive support and guidance to individuals and projects across the University system, including those in university leadership, procurement, legal, human resources, internal audit and information technology.
As a member of the Information Security and Disaster Recovery team within UITS, the Principal Security Specialist will evaluate technologies, architect and optimize security solutions, improve processes, conduct security assessments, participate in cross-functional initiatives and lead security focused projects. The Principal Security specialist will provide operational support of security tools and continuously improve the effectiveness of technical solutions, including those deployed for vulnerability identification, SIEM, data loss prevention and cloud security.
The Principal Security Specialist will be a self-starter who can work effectively with minimal direction and is comfortable managing a workload with competing priorities. The individual will be responsible for developing action plans that consider a holistic view and lead to successful outcomes. The Principal Security Specialist will demonstrate a growth mindset and be able to adapt in a constantly evolving environment.
Optimize, Evolve and Innovate:
- Lead projects that evaluate new and emerging technologies and/or services; this includes performing industry research to determine available products / services, conducting proof-of-concept evaluations, and making recommendations to management about worthwhile security investments.
- Architect, implement, maintain, and support in-house security tools and fine tune existing deployments to take advantage of functionality not yet fully utilized. Improve automation of existing technologies to optimize cybersecurity efficiency and effectiveness.
- Provide expertise with physical security, privacy, disaster recovery and cloud technologies.
Embrace a Culture of Inquiry:
- Provide mentorship across teams regarding security and compliance to build skills within UITS and the President’s Office.
- Provide information security awareness training to UMass President's Office personnel. Provide support for associated security training tools and phish reporting solution.
- Contribute to a climate of teamwork. Support colleagues by sharing knowledge and providing assistance.
- Communicate technical information in a manner that is most successful for a given audience.
- Contribute to information security vulnerability management. Assess current technology architectures for vulnerabilities, weaknesses and for possible upgrades or improvement. Recommend solutions to mitigate identified issues.
- Perform internal and external threat monitoring and reporting.
- Take an active role in supporting incident response activities, including working with UITS colleagues, vendors and stakeholders to respond and recover in a coordinated and timely manner.
- Provide support to information security audits performed by internal and external organizations.
- Conduct security assessments of existing, proposed and new technology.
- Document security configurations, procedures, changes, use and test cases.
- Lead assigned projects to successful outcomes. Develop project plans that include deliverables, phases, milestones, resource assignment and tasks. Monitor and frequently report on project status, health, and key issues while ensuring information is easily understandable, actionable, supports effective decision making and builds trust with sponsors and stakeholders.
Typical information technology off-hours and on-call support are required for this position for support of UITS projects and initiatives, as well as responding to any type of institutional incident.
This job description is not a comprehensive inventory of all duties and responsibilities. Special projects and other duties as required
Minimum Qualifications (Knowledge, Skills, Abilities, Education, Experience):
- A bachelor’s degree in a technical or humanities discipline, or equivalent work experience.
- 7 years production support and hands-on work experience in high performance information security environments with an ability to resolve complex issues in a multiple vendor, technology, and customer environment.
- 2 years experience architecting solutions and implementing technologies, services and processes in a large organization with varied stakeholders.
- Demonstrated understanding of current and emerging technologies in information security and how other organizations are employing them to drive and secure digital business.
- Detailed knowledge of at least one industry standard information security framework and able to describe its implementation in a diverse and complex enterprise level entity.
- Firm understanding of cybersecurity and forensics.
- Specific skills and working knowledge of networking, security, and application architectures and protocols.
- Experience with any outsourced IT environment including SaaS, cloud or trusted third party.
- Demonstrated experience in leading a cross-functional team that does not have a direct reporting relationship.
- Demonstrated experience and ability in negotiation, influencing, conflict resolution, and public speaking.
- Excellent oral and written communication skills with ability to develop and deliver presentations and trainings.
- Organized, quality focused and efficient approach to work.
- Strong interpersonal skills with the ability to work effectively with people of all levels of information technology expertise with a wide range of constituencies and organizational relationships. Ability to communicate technical subjects to non-technical stakeholders.
- Demonstrated sound judgment in handling sensitive and politically complex issues.
Preferred Qualifications (Knowledge, Skills, Abilities, Education, Experience):
- Higher Education experience.
- One or more industry related certification (Vendor, ISC2, GIAC, SANS, ISACA, CSA, etc).
- Experience with any SIEM product or deployment.
- Network Access Control (NAC) or any role based access experience.
- Web Application Firewall (WAF) experience.
- Cloud Access Security Broker (CASB) experience.
- Experience with CIS Benchmarks.
- Hands on experience with Linux and Windows servers.
- Experience with any vulnerability management platform.
- CIS20 experience.
- Disaster Recovery or Business Continuity Planning experience.
- General data privacy experience.
Typical office environment. Periodic travel to campus sites and executive offices in downtown Boston.
Salary up to: $132,000