Lead Security Engineer
George Washington Employment Site
Full-time
On-site
Washington, United States
Job Description Summary
GW Information Technology (GW IT) provides empowering tools and caring support for all members of The George Washington University (GW) community. We are focused on driving digital transformation and innovation to enable the academic and operational excellence of our students, faculty, staff, and researchers. At GW IT, we are committed to cultivating a team culture that values diversity, inclusion, respect and collaboration, and invests in each of our team members to grow in their technology and career skills. This lead position works within GW Information Technology as a member of the IT Security and Risk services team and ensures collaboration with both University stakeholders and cybersecurity staff to meet goals. The security operations and incident response team employs NIST 800-171 and the Cybersecurity 5 Functions among other guidance to guide planning and measure performance. This role’s responsibilities focus on leading operation of our security operations center and related incident response activities. These activities support our mission of securing and protecting GW data, users, and operations from known, discovered and emerging threats. The scope of the security program includes monitoring and securing on-premises and cloud network traffic, ensuring sensitive, restricted, and regulated data is secure at rest and in transit. Our efforts are evaluated through metrics-based outcomes that are supported by efficient management of our budget in a dynamic and flexible academic and research network environment. This role serves as a subject matter expert in the areas of vulnerability assessments, forensics, threat monitoring and incident response. As this is a lead role, guiding the organization in leveraging industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations. The role also coordinates security operations center functions in a 24×7×365 operating environment. Position Responsibilities: Perform security operations and incident response activities by monitoring, assessing threats, reviewing events and alerts, prioritized response and conducting mitigation and remediation activities Conduct independent analysis on events and alerts to determine, coordinate and implement mitigation measures. Lead, coordinate, and conduct incident root cause analyses. Prepare written reports detailing findings for management, customers and affected units, as appropriate. Ability to identify and address potential internal and external threats and provide timely, clear recommendations Support GW IT cybersecurity risk objectives with ongoing communications, including advisories and bulletins Provide strategic and operational leadership, oversee team activities, and mentor and train team members Lead assessment, design, and implementation of enterprise security prevention, detection, response capabilities, tools, frameworks, and methodologies in support of automation and process efficiencies Leverage, configure and use security systems specifically related to intrusion detection, intrusion prevention, network data analysis, host scanning, and forensics supporting incident detection and response / remediation (e.g., SIEM , SOAR , IDS / IPS , Firewall), Partner with GW IT Networking Team Participate in 24×7 on call rotation The omission of specific duties does not prevent the supervisor from assigning duties that are logically related to the position.
Minimum Qualifications
Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 7 years of relevant professional experience, OR, a Master’s degree or higher in a relevant area of study plus 5 years of relevant professional experience, OR, a Bachelor’s degree in an appropriate area of specialization plus 5 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Preferred Qualifications
Demonstrated Skills and Experience Demonstrated experience in cybersecurity incidents and response methodology including in-depth knowledge of each phase of the incident response life cycle Extensive experience in a security operations center ( SOC ) environment including operation and installation of security systems specifically related to intrusion detection, intrusion prevention, and forensic as well as assurance of successful deployment and functionality in collaboration with network staff and other stakeholders Familiarity with Cyber Kill Chain, ATT &CK and other frameworks including these are leveraged in security operations Thorough understanding of enterprise network architectures to include routing/switching, common protocols ( DHCP , DNS , HTTP , etc.), and devices (Firewalls, Proxies, Load Balancers, VPN , etc.) Subject matter expertise across security operational areas including, but not limited to: Security Architecture Network Defense and IDS Incident Response and Forensics Threat Intelligence UNIX , Microsoft and Apple operating systems, protection from vulnerabilities / exploits Strong analytical and creative problem-solving skills to resolve complex security design issues and identify security-centric solutions around threat analysis, metrics and trends and uncovered vulnerabilities Knowledge of a scripting language and networking fundamentals helpful Experience within a university environment is desirable Ability to work independently and as part of a team including mentoring junior staff Experience with Palo Alto, FireEye, Splunk and CISCO security and related tools highly desirable Knowledge and experience in hybrid environments involving hybrid on-premises and public / private cloud as well as numerous vendor specific SaaS solutions Demonstrated ability to derive meaningful metrics and guidance from system data and trends Preferred Certifications ( ISC )2 – CISSP , SSCP GIAC Certifications – Cyber Threat Intelligence ( GCTI ) , Certified Incident Handler ( GCIH ), Network Forensic Analyst ( GNFA ), Certified Forensic Examiner ( GCFE )
Work Schedule
Monday-Friday
GW Information Technology (GW IT) provides empowering tools and caring support for all members of The George Washington University (GW) community. We are focused on driving digital transformation and innovation to enable the academic and operational excellence of our students, faculty, staff, and researchers. At GW IT, we are committed to cultivating a team culture that values diversity, inclusion, respect and collaboration, and invests in each of our team members to grow in their technology and career skills. This lead position works within GW Information Technology as a member of the IT Security and Risk services team and ensures collaboration with both University stakeholders and cybersecurity staff to meet goals. The security operations and incident response team employs NIST 800-171 and the Cybersecurity 5 Functions among other guidance to guide planning and measure performance. This role’s responsibilities focus on leading operation of our security operations center and related incident response activities. These activities support our mission of securing and protecting GW data, users, and operations from known, discovered and emerging threats. The scope of the security program includes monitoring and securing on-premises and cloud network traffic, ensuring sensitive, restricted, and regulated data is secure at rest and in transit. Our efforts are evaluated through metrics-based outcomes that are supported by efficient management of our budget in a dynamic and flexible academic and research network environment. This role serves as a subject matter expert in the areas of vulnerability assessments, forensics, threat monitoring and incident response. As this is a lead role, guiding the organization in leveraging industry best practices in the domains of incident response, cybersecurity analysis, case and knowledge management, and SOC operations. The role also coordinates security operations center functions in a 24×7×365 operating environment. Position Responsibilities: Perform security operations and incident response activities by monitoring, assessing threats, reviewing events and alerts, prioritized response and conducting mitigation and remediation activities Conduct independent analysis on events and alerts to determine, coordinate and implement mitigation measures. Lead, coordinate, and conduct incident root cause analyses. Prepare written reports detailing findings for management, customers and affected units, as appropriate. Ability to identify and address potential internal and external threats and provide timely, clear recommendations Support GW IT cybersecurity risk objectives with ongoing communications, including advisories and bulletins Provide strategic and operational leadership, oversee team activities, and mentor and train team members Lead assessment, design, and implementation of enterprise security prevention, detection, response capabilities, tools, frameworks, and methodologies in support of automation and process efficiencies Leverage, configure and use security systems specifically related to intrusion detection, intrusion prevention, network data analysis, host scanning, and forensics supporting incident detection and response / remediation (e.g., SIEM , SOAR , IDS / IPS , Firewall), Partner with GW IT Networking Team Participate in 24×7 on call rotation The omission of specific duties does not prevent the supervisor from assigning duties that are logically related to the position.
Minimum Qualifications
Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 7 years of relevant professional experience, OR, a Master’s degree or higher in a relevant area of study plus 5 years of relevant professional experience, OR, a Bachelor’s degree in an appropriate area of specialization plus 5 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
Preferred Qualifications
Demonstrated Skills and Experience Demonstrated experience in cybersecurity incidents and response methodology including in-depth knowledge of each phase of the incident response life cycle Extensive experience in a security operations center ( SOC ) environment including operation and installation of security systems specifically related to intrusion detection, intrusion prevention, and forensic as well as assurance of successful deployment and functionality in collaboration with network staff and other stakeholders Familiarity with Cyber Kill Chain, ATT &CK and other frameworks including these are leveraged in security operations Thorough understanding of enterprise network architectures to include routing/switching, common protocols ( DHCP , DNS , HTTP , etc.), and devices (Firewalls, Proxies, Load Balancers, VPN , etc.) Subject matter expertise across security operational areas including, but not limited to: Security Architecture Network Defense and IDS Incident Response and Forensics Threat Intelligence UNIX , Microsoft and Apple operating systems, protection from vulnerabilities / exploits Strong analytical and creative problem-solving skills to resolve complex security design issues and identify security-centric solutions around threat analysis, metrics and trends and uncovered vulnerabilities Knowledge of a scripting language and networking fundamentals helpful Experience within a university environment is desirable Ability to work independently and as part of a team including mentoring junior staff Experience with Palo Alto, FireEye, Splunk and CISCO security and related tools highly desirable Knowledge and experience in hybrid environments involving hybrid on-premises and public / private cloud as well as numerous vendor specific SaaS solutions Demonstrated ability to derive meaningful metrics and guidance from system data and trends Preferred Certifications ( ISC )2 – CISSP , SSCP GIAC Certifications – Cyber Threat Intelligence ( GCTI ) , Certified Incident Handler ( GCIH ), Network Forensic Analyst ( GNFA ), Certified Forensic Examiner ( GCFE )
Work Schedule
Monday-Friday