Security Engineer at The Ohio State University
Posting DateOctober 3, 2018
Location of Position
For 144 years, The Ohio State University's campus in Columbus has been the stage for academic achievement and a laboratory for innovation. It's where friendships are forged. It's where rivalries and revelry are born.
The university's main campus is one of America's largest and most comprehensive. As Ohio's best and one of the nation's top-20 public universities, Ohio State is further recognized by a top-rated academic medical center and a premier cancer hospital and research center. As a land-grant university, Ohio State has a physical presence throughout the state, with campuses and research centers located around Ohio.
Duties and Responsibilities
Reporting to the Information Security officer, the Security Engineer assists with risk management and security tasks with knowledge of all Advancement areas, OCIO security policies, PCI DSS, HIPAA, and any other applicable standards as they relate to the assigned duties of Advancement. He/she manages Data Loss Prevention (DLP) and Vulnerability Management applications and processes while working with the Network, Help Desk and Application Development teams to remediate risks within Advancement’s vulnerability policy, DLP policy, and in compliance as required by regulation. On an as needed basis, this position assists with third party risk assessments for all Advancement areas and reports on their status to the Advancement Information Security Officer. Attends required university committee meetings and reports their discussions back to Advancement. Reviews logs (Splunk, Endpoint Protection, FIM, etc.) to verify actions and remediate findings and works with Disaster Recovery (DR) Admin to review tape logs, import/export tapes, and prepare tapes for offsite storage
This position is expected to attend required university committee meetings and report their discussions back to Advancement IT; work across all IT areas (Infrastructure, Application Development, and Security) to help with additional work as assigned, participate in on call rotation for after-hours support; and travel to various campus locations to accomplish work
The Security Engineer must possess excellent verbal, written and documentation skills; be able to function with a moderate level of autonomy; be skilled in managing and organizing their work and time; and exhibit the behaviors associated with the Office of Advancement’s core competencies: Leadership, Continuous Improvement, Teamwork and Collaboration, and Communication/Interpersonal Effectiveness.
Manages Data Loss Prevention and Vulnerability Management products and works with Infrastructure, App Dev, and Security teams to create remediation plans and verify their results. Conducts follow up scans to verify remediation. Reports status to Security Officer and stakeholders as needed. Attends Security Working Group, Vulnerability Management, Data Loss Prevention and other committee meetings as required. Assists with security patch review and rollout each month to ensure PCI, ISCR, HIPAA, and any other applicable compliance for all Advancement servers.
Administers and responds to alerts from SCCM, Dell OpenManage, and WhatsUpGold. Works with Backup and DR Admin to configure backups, maintain tape library, and prepare tapes for off-site storage. Reviews logs from various systems to verify remediation and take action as needed to correct vulnerabilities and/or errors. Serves a liaison between the service desk and other business areas.
Assist Security Officer with risk and security management functions including 3rd party risk assessments to ensure cloud providers are securely handling OSU data in accordance with ISCR, PCI DSS, HIPAA and any other applicable polices and standards. Participates in yearly PCI audit and works with internal Advancement areas to provide auditors with any requested documentation or evidence needed in a timely manner. Participates in internal audits (ISSA) and works with Advancement areas to keep all systems secure and highly available to end users. Creates and maintains documentation related to audits ensuring that they are accurate, updated, and align with required policies.
Other duties as assigned to include, assisting other IT areas as needed with various projects and initiatives. Champions change if it improves business processes, performance, reliability, security, or is more fiscally responsible
Exposure to Security processes and concepts, experience with Data Loss Prevention (DLP) tools and Vulnerability Management tools; Experience with MS Visio or other system-diagraming tool.
In accordance with the Disaster Preparedness and University State of Emergency Policy 6.17 this position has been designated as a standby position.
Bachelor's Degree in computer related field and/or related combination of education; 3 years’ IT experience supporting staff and systems in a medium to large environment utilizing formal processes. Understanding of computer industry trends; 1 year experience working with regulations and completing internal or external audits.
The Ohio State University is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation or gender identity, national origin, disability status, or protected veteran status.