Cybersecurity Engineer-Research

Job Summary

The is excited to begin the search for a Cybersecurity Engineer Research , within the Department of Research Security Compliance.

Responsibilities include : planning, engineering, developing, implementing, and compliance monitoring of organization-wide research programs including, but not limited to, Controlled Unclassified Information (CUI) management;

Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System (REDCap); and Electronic Research Administration (ERA).

• Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards;
• developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems;

and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets.

About Auburn : At Auburn, our work changes lives. Ranked by News and World Report as a premier public institution, Auburn University is dedicated to shaping the future of the people of Alabama, the nation, and the world through forward-thinking education, life-enhancing research, scholarship and selfless service.

Auburn is nationally recognized for its commitment to academic excellence, community outreach, positive work environment, student engagement, and thriving community.

Why employee choose Auburn : Auburn University was named by Forbes Magazine as one of the State of Alabama’s best employers, with employees staying an average of ten years.

Employees enjoy competitive benefits that include top-notch health insurance, generous retirement plans, tuition assistance for employees and dependents, flexible spending accounts and more! Learn more about Auburn’s impact, generous employee benefits, and thriving community by visiting .

Auburn University is committed to a diverse and inclusive campus environment. Visit to learn more about our commitment to expanding equity and inclusion for all.

Under general supervision of the Cybersecurity Research manager, responsible for the planning, engineering, developing, implementing, and compliance monitoring of organization-wide research programs including, but not limited to, Controlled Unclassified Information (CUI) management;

Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System (REDCap); and Electronic Research Administration (ERA).

• Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards;
• developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems;

and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets. Essential Functions

• Monitors real-time data, discovers security events, analyzes qualified incidents, executes documented resolutions for common incidents, recommends remediation steps for new incidents, and escalates major security incidents for the Research Security Enclave.
• Provides assistance with governance, risks, and compliance byCoordinating the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Auburn University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53.

Assisting with risk analysis and risk managementAssisting with security and compliance reviewsPreparing and maintaining system security plans (SSPs) for various research projects on campusCreates and manages standard operating procedures (SOPs) for various projects.

• Assists with communication, reporting, and alerting on general information security issues as well as on specific assignments within Information Security tool sets of the Research Security Enclave.
• Develops scripts and tooling to verify security platforms and automate security team operations.
• Implements and evaluates new technology deployments, integration testing, information security products, services, and procedures to enhance productivity and effectiveness while maintaining compliance.
• Provides assistance for the Research Security Enclave, to includeNetwork securityMaintaining cybersecurity firewalls and web application firewalls for on-premise network and cloud environments that support researchManaging security monitoring systems for network server, firewall, and network anomalies within the Research Security EnclaveMaintaining infrastructure designs of current and future network designs and incorporating appropriate mitigation of existing and emerging threatsAssisting with identifying security design gaps in existing and proposed network architecture and recommending changes and enhancements.
• Stays fully informed of current security information and issues, as well as regulatory changes affecting industry research and higher education at the state and national level.

Engages in professional development to maintain continual growth in professional skills and knowledge essential to the position.

Minimum Qualifications Minimum Qualifications

• Bachelor’s degree in Computer Science, Engineering, Computer Information Systems, or related field and 5 years of relevant experience OR
• Associate’s degree and 9 years of relevant experience OR
• High School diploma and 13 years of relevant experience.
• Experience Demonstrated Cybersecurity experience, Governance, Risk and Compliance (GRC).Relevant IT experience in administering security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Minimum Skills, License, and Certifications Minimum Skills and Abilities

• Knowledge of generally accepted information / cyber security principles and practices with the ability to apply that knowledge to perform complex and non-routine specialized information technology (IT) security analysis functions such as troubleshooting, advanced analysis, research, and problem-solving.
• Deep understanding of NIST 800-53 and NIST 800-171 framework and controls.
• Knowledge of Cybersecurity Maturity Model Certification framework.
• Must have team leadership skills, negotiation skills, and advanced client relation skills.
• Ability to remain up-to-date with privacy and security regulations.
• Ability to recognize, analyze, and solve a variety of problems.
• Ability to effectively communicate technical concepts to a non-technical audience.
• Externally imposed deadlines; set or revised on short notice; frequent shifts in priority; numerous interruptions requiring immediate attention;

unusual pressure on a daily basis due to accountability for success for major projects or areas of operation.

Minimum Technology Skills Minimum License and Certifications Desired Qualifications Desired Qualifications

Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or CompTIA Advanced Security Practitioner (CASP) is desired.

Other certifications from recognized vendors (EC-Council, GIAC, etc.) will be considered.

• United States Government Security Clearance is desired, but not required.
30+ days ago