The IT @ JH Networking, Telecom and Data Center seeks a Network Security Engineer who will be responsible for infrastructure engineering, maintenance, and support of complex network security systems for a large scale, multi-site, and geographically distributed enterprise network. This role implements and manages interconnections to Hopkins affiliates and business partners. The scope of supported systems ranges from servers and desktop hardware and software, multiple operating systems, and proprietary network security systems and appliances (e.g., secure remote access, firewalls, routers, intrusion prevention systems, intrusion detection systems, vulnerability scanning and management, incident response, and regulatory compliance systems). These network security systems provide IT services to thousands of users throughout Johns Hopkins and its affiliates and business partners and have an enterprise wide complexity and scope.
The major efforts and tasks of this position are somewhat complex, and moderately technical with limited scope. Information security threats are an evolving problem with new sources of threats and variations to older problems changing daily. Due diligence is required in monitoring and understanding these problems. This is the entry level of a three-tiered Network Security Engineer position. Technical expertise is expected to be at a competent level on at least one network security platform with a more general knowledge across multiple platforms. Tasks and projects are routine and simple in nature. Position works at the direction of more senior level security engineers. Decisions recommended and made by incumbent may affect a limited number of systems and operations.
Specific Duties & Responsibilities:
The responsibilities listed below are typical examples of the work performed by this position. Not all duties assigned to this position are included, nor is it expected that everyone in this position will be assigned every job responsibility.
Participates in the implementation and support of systems and processes to reduce the security threats to Hopkins Network and IT infrastructure. These include but are not limited to data loss, exposure of private data, inappropriate systems access, denial of service, computer viruses and Trojans.
Provides network security risk and vulnerability assessments, and provides recommendations to mitigate risks for small to medium systems that are modestly complex in nature.
Represents network security in IT and business projects for network security evaluations and risk assessments.
Researches specific elements of regulatory compliance requirements (HIPPA, FERPA, PCI, Sarbanes Oxley, FISMA) and develops recommendations for network security compliance.
Provides risk management consulting services to Hopkins business units, partners and affiliates on cybersecurity and network vulnerability and risk mitigation for projects that routine and simple in nature.
SYSTEMS ANALYSIS AND DESIGN
Develops and executes technical and/or simple project plans and systems that are based on knowledge of the business and information security needs of the Johns Hopkins enterprise community.
Provides network security analysis and design consulting services to Hopkins business units, partners and affiliates on cyber security, Johns Hopkins Security policies and procedures, and network vulnerability and risk mitigation for projects that routine and simple in nature.
Develops technical security systems and procedures for IT systems that process all classification levels of electronic information (see JH electronic information classification levels at http://it.jhu.edu/policies/itpolicies.html#Classification). These Enterprise wide network information security efforts include: wired and wireless networking; telecommunications; secure messaging; enterprise clinical information systems (e.g., EPR, POE); student information systems (e.g., ISIS); and enterprise business solutions (e.g., Enterprise Business Solutions (SAP)).
Provides knowledgeable technical and project management (full life-cycle) responsibilities in at least one enterprise focused information security discipline, including, but not limited to: risk management; network intrusion detection and prevention; security event / incident response; security policy; vulnerability management; regulatory compliance; and encrypted and secure remote access for Hopkins staff, Hopkins remote entities, and business partners.
INSTALL AND CONFIGURE
Implements and configures technical security systems (hardware and software) and procedures for IT systems that process all classification levels of electronic information (see JH electronic information classification levels at http://it.jhu.edu/policies/itpolicies.html#Classification).
Installs and configures small to medium size security appliances and solutions by using established procedures.
Works with more senior Network Security Engineers to integrate into enterprise wide security systems and procedures.
Works with JH management and staff to execute enterprise network information security systems (http://it.jhu.edu/policies/itpolicies.html#Network).
Implements changes by adhering to the change management policies and procedures for any given project. Communicate to all parties the nature, significance, and risk factors of the solution.
With minimum guidance and/or oversight, installs, configures, and/or interprets results of network security analyzers and log events.
Provisions hardware and services for connection of Hopkins affiliates and small office and home office arrangements.
Assists senior level engineers with administration of enterprise network information security systems and services in support of the mission of the Johns Hopkins Institutions.
Represents network security in IT and business projects for network security evaluations and risk assessments.
Work with Enterprise infrastructure support services for data center logistics; coordinate enterprise network security system changes with affected JH customers and staff at one or more JH institution campus or location.
Works with senior level engineers in managing one or more network security platforms (Firewalls, IDS, IPS, and Security Assessment tools and network interconnect).
May provide oversight to vendor and affiliate activities.
Coordinates activities with customers and other IT organizations
MAINTAIN AND TROUBLESHOOT
Takes direction from the network security manager and/or senior level engineers in monitoring emerging threats across the cyber security landscape and makes recommendations to reduce and or eliminate the threats to the Hopkins Enterprise Network.
Maintains and troubleshoots technical security systems and procedures for IT systems that process all classification levels of electronic information (see JH electronic information classification levels at http://it.jhu.edu/policies/itpolicies.html#Classification).
Works with senior level engineers in managing one or more network security platforms (Firewalls, IDS, IPS, and Security Assessment tools).
At the direction of senior level engineers, participates in confidential security incident and event investigations. Conducts forensic investigations of security breaches and compromises.
Analyzes data from enterprise information security events (including, but not limited to: technical forensic data, incident records, analysis of network traffic). Provide reports and recommended response actions to enterprise senior level engineers and or security manager.
Produces ad-hoc and recurring reports on network security system measurement statistics.
Executes processes developed by more senior level engineers to reviews abstract information regarding network traffic flow and access for anomalies and potential breaches to network security
Troubleshoots simple network and security problems, involving switching, routing and security policy issues.
Manages and supports site to site interconnect of business partner network connections
Minimum Qualificiations (Mandatory):
Bachelor's degree in IT or related field. Advanced degree in IT or related field and/or professional security training and certification (e.g. SANS/GIAC, CISA, CISM, CISSP) preferred
Minimum of four years full time at an Enterprise level information security work in 2 or more information security domains. (Enterprise Firewall Management, Intrusion Detection and Prevention, Network Forensics, Technical Risk Assessment, etc.)
One year of project management and project team participation skills.
Three to four years of progressively responsible experience in at least one or more of the following: enterprise networking (wired and wireless); enterprise information or network security; computer system management & administration; project management.
Additional education may substitute for experience.
Preferred Job Qualifications:
Knowledge in the assigned IT environments.
Knowledge, Skills, & Abilities (KSA's):
Must possess all requisite knowledge, skills, and abilities as posted in the supplemental section.
Must demonstrate strong critical thinking and analytical reasoning skills
Ability to work on multiple priorities effectively.
Ability to prioritize conflicting demands.
Ability to execute assigned project tasks within established schedule
Ability to work collaboratively in a team environment.
Ability to communicate effectively in the service of users and colleagues.
Writes and communicates clearly and concisely.
Possesses sound documentation skills.
Ability to maintain confidentiality.
Must demonstrate exemplary customer service skills.
In-depth knowledge of networking systems, both at a routing and switching level, with thorough knowledge of technical skills at layer 1-3 of the OSI model.
General knowledge of complex firewall environments. This includes multi access perimeter, enterprise red zones and specialty firewall configurations. Development of complex firewall access policies, policy groupings, access control lists and firewall interface management.
General knowledge and experience with information security technologies, methodologies, and practices including, but not limited to: risk assessment and management; intrusion detection and prevention; vulnerability assessment and management; system administration (Windows, OS X, Linux, Unix, etc.); security policy, standards, and best practices; security incident response; auditing and security administration of network security systems and operating systems; access control; encryption; firewalls; secure proxies; networking; database and application security; security event log analysis; virus prevention and remediation; and custom programming/scripting.
General understanding of the use of open source network security tools i.e. NMAP, Snort)
Somewhat familiar with network vulnerability assessments and processes.
Good knowledge of network interconnect practices and the use of both public (internet) and private network interconnect services.
Capable of troubleshooting simple network and security problems, involving switching, routing and security policy issues.
Complete understanding of the interoperability of Network Security systems.
Note: This position may involve off-shift and on call support.
JHU Equivalency Formula: 30 undergraduate degree credits or 18 graduate degree credits = 1 year of experience. For jobs where equivalency is permitted, up to two years of non-related college coursework may be applied towards the total minimum education/experience required for the respective job.
Classified Title: Network Security Engineer Role/Level/Range: ATP/04/PD Starting Salary Range: $59,280 - $81,435 annually (commensurate with experience) Employee group: Full Time Schedule: Mon-Fri 8am-5:30pm Exempt Status: Exempt Location: Mount Washington Campus Department name: [email protected] Networking, Telecom and Data Ctr Personnel area: University Administration
The successful candidate(s) for this position will be subject to a pre-employment background check.
If you are interested in applying for employment with The Johns Hopkins University and require special assistance or accommodation during any part of the pre-employment process, please contact the HR Business Services Office at [email protected]. For TTY users, call via Maryland Relay or dial 711.
The following additional provisions may apply depending on which campus you will work. Your recruiter will advise accordingly.
During the Influenza ("the flu") season, as a condition of employment, The Johns Hopkins Institutions require all employees who provide ongoing services to patients or work in patient care or clinical care areas to have an annual influenza vaccination or possess an approved medical or religious exception. Failure to meet this requirement may result in termination of employment.
The pre-employment physical for positions in clinical areas, laboratories, working with research subjects, or involving community contact requires documentation of immune status against Rubella (German measles), Rubeola (Measles), Mumps, Varicella (chickenpox), Hepatitis B and documentation of having received the Tdap (Tetanus, diphtheria, pertussis) vaccination. This may include documentation of having two (2) MMR vaccines; two (2) Varicella vaccines; or antibody status to these diseases from laboratory testing. Blood tests for immunities to these diseases are ordinarily included in the pre-employment physical exam except for those employees who provide results of blood tests or immunization documentation from their own health care providers. Any vaccinations required for these diseases will be given at no cost in our Occupational Health office.
Equal Opportunity Employer Note: Job Postings are updated daily and remain online until filled.
Johns Hopkins University remains committed to its founding principle, that education for all students should be grounded in exploration and discovery. Hopkins students are challenged not just to learn but also to advance learning itself. Critical thinking, problem solving, creativity, and entrepreneurship are all encouraged and nourished in this unique educational environment. After more than 130 years, Johns Hopkins remains a world leader in both teaching and research. Faculty members and their research colleagues at the university's Applied Physics Laboratory have each year since 1979 won Johns Hopkins more federal research and development funding than any other university. The university has nine academic divisions and campuses throughout the Baltimore-Washington area. The Krieger School of Arts and Sciences, the Whiting School of Engineering, the School of Education and the Carey Business School are based at the Homewood campus in northern Baltimore. The schools of Medicine, Public Health, and Nursing share a campus in east Baltimore with The Johns Hopkins Hospital. The Peabody Institute, a leading professional school of music, is located on Mount Vernon Place in downtown Bal...timore. The Paul H. Nitze School of Advanced International Studies is located in Washington's Dupont Circle area.