Internet2, a non-profit organization, provides high-performance networking, trust and identity infrastructures, cloud services brokering, and related services to its research and education member institutions and beyond. Internet2 represents an exceptional partnership spanning U.S. and international institutions that are leaders in the worlds of research, academia, industry and government.
InCommon (https://incommon.org), the Internet2 community-developed trust fabric, provides the U.S. higher education and research community with the common framework for trustworthy access to online resources. InCommon facilitates the development of community-based common trust services – SAML Federation, Certificate Services, eduroam, and other services and activities. Position DescriptionReporting to the Director of Infrastructure and Operations, the Trust and Identity (T&I) Services Information Security Lead acts as part of a highly collaborative cross-functional technical service delivery team to securely, reliably and scalably deliver mission critical InCommon and related services to participants.
This role works closely with the services architecture and operations teams and other information security professionals within Internet2, to address operational and security-related technical service delivery needs in the InCommon Federation, Certificate, eduroam and other services. The position collaborates with Internet2 technical architects, project managers, colleagues in Internet2’s Technical Services Group, and management, to enable trustworthy and secure service deployments.The Information Security Lead is the primary person responsible for ensuring the security of the services that InCommon offers. The successful candidate will have experience delivering highly secure services in a complex IT environment. The position requires a high degree of collaboration with community groups including the InCommon participant community, and security advisory committees, frequently participating in efforts to meet requirements defined by these national and international groups.
Required Skills:
Minimum of a bachelor’s degree or equivalent in IT systems security, IT systems engineering, or equivalent combination of education and work experience.
An ISC2 CISSP certification or similar evidence of in-depth IT security knowledge and practice.
Proven experience in developing and sustaining an information security program.
5+ years experience with IT security incident handling, incident response/coordination, root cause analysis, remediation and reporting.
5+ years in analysis of security events via logs, forensics, netflows and other security tools.
Demonstrated ability to work with a team of diverse skill sets and backgrounds to achieve shared goals in IT service delivery.
Excellent documentation skills including writing technical requirements, implementation and maintenance instructions, documenting change plans and other staff-facing work.
Excellent written and verbal communication skills to span technical audiences and vendor, customer, peer, leadership relationships.
Ability to travel up to 10% of the time for work.
Ability to participate on 24x7x365 shared on-call rotation with other staff members.Responsibilities:
Risk Management - Use of tools and methodology to assess the information security risks associated with sensitive and mission critical systems, recommend and prioritize actions for remediation, and work with larger teams to see these through to completion.
Compliance - Determine applicability and scope of various regulations; interpret and implement requirements to ensure compliance.
Incident Response - Lead team in response to reported information security incidents (e.g. threat assessment, threat mitigation/eradication, after-action reporting) and in accordance with established incident response procedures. Participate in lessons learned activities.
System and Application Hardening - Work with teams to develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws.
Vulnerability Management - Detect and/or assess the impact of reported vulnerabilities; work with teams to implement mitigation strategies based on severity.
Subject Matter Expert - Participate as an information security subject matter expert in the analysis and design of new systems and services; Participate in the design, implementation, and continuous improvement of security service offerings.
Team-oriented individual who thrives in a cooperative and collaborative environmentPreferred Skills
Familiarity with cloud infrastructure services such as AWS, Azure, Google Cloud
Experience with security concepts in support of the delivery of services such as X.509 Certificate Authorities, OpenID Connect, CAS, OAuth or SAML federation, banking transactions, payment systems, or similar environments.
Experience with *nix-like environments including command line, shell scripting, scripting in other miscellaneous environments, cron jobs, systems security practices, etc.As a full-time employee, you will be eligible to participate in Internet2’s employee benefits program effective on your start date in accordance with the terms and conditions of each plan. The program currently includes medical, dental, life, vision and disability insurances, a health spending account program, sick time, vacation time and a tax deferred retirement plan. The salary range for this position is $130,000 - $144,000 (IT-5)Internet2 is a 501(c)(3) not-for-profit organization and equal opportunity and affirmative action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
