Senior Cybersecurity Engineer (Application Security) - Central
Requisition Number S612P
Under minimal supervision, the Application Security Engineer will be a technical lead and subject matter expert for the secure implementation of applications at Auburn University. This position will entail recommending, validating, and testing of application security architecture and design solutions in order to produce security recommendations for application developers and project teams. Tasks include working with DevOps and Quality Assurance teams to implement security training, threat modeling, vulnerability scanning, and pen testing of applications. Other duties involve a range of activities– such as developing security standards, participating as a security liaison on enterprise application teams, vetting software purchases, and troubleshooting Web Application Firewall alerts.
Works with stakeholders to identify strategies to mitigate and remediate vulnerabilities as they are identified, primarily by working with the Office of Information Technology DevOps team and campus application developers to provide vulnerability scanning, pen testing and advising on application development.
Assists and, at times, leads efforts for incident response activities primarily as this relates to alerts from the Web Application Firewall.
Serves as the subject matter expert in operating systems, network devices and protocols, security technologies, cloud technologies, and security data sharing work flows by participating on software deployment project teams as a security advisor to ensure secure control implementation. Analyzes vendor documentation, project needs, and knowledge of campus computing environment to develop project security controls. Assists project teams in documenting security controls and developing system security plans.
Validates and tests information security application architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies. Integrates large amounts of intelligence information on threats into context in order to draw insights about the possible implications.
Participates in vetting requests for vendor software purchases, analyzing vendor documentation and application usage to make determinations regarding a potential application’s security posture.
Compiles relevant data and integrates data into a coherent whole. Considers the information’s reliability, validity, relevance, and time sensitivity.
Maintains knowledge with current emerging technologies and advancements within Information Security
Performs all assigned work to meet expected delivery and schedules and performs other duties in the realm of support and proactive services as assigned.
Works with system owners to educate them on security standards such as authentication, multi factor authentication, audit logging and review of PII, disaster recovery plans, role based access
control (RBAC) in support of Auburn University Policies and regulations such as FERPA, HIPAA, NIST, and GLBA.
Assists systems owners in creating System Security Plans (SSP) and overall security documentation.
Minimum Education and Experience
Bachelor's degree from an accredited institution
No specific discipline required. Degree in IT or related field preferred. Master’s Degree in Information technology or directly relevant discipline preferred.
8 Years of Experience
Demonstrated successful experience in information technology that includes a minimum of 8 years of progressively responsible experience in information security -Cybersecurity.
Minimum License and Certifications
This position requires industry-standard Information Assurance certification of a Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) maybe considered instead of the CISSP. CISSP must be obtained within 6 months of hire if other cert is used at time of hiring.
Knowledge of well-known application security best practices such as OWASP, aspects of ISO 27001, or applicable NIST 800 standards, particularly NIST 800-171 and NIST 800-53.
Experience with application security tools including DAST, SAST, Penetration testing, Fuzzing etc.
Experience with both a detailed technical knowledge and hands-on practice working in security engineering, DevOps, application penetration testing, and/or secure software.
Experience with a broad range of web attack classes, their workings, and propagation methods.
higher education environment, including, but not limited to, PCI-DSS, HIPAA, GLBA, FERPA, and DMCA.
Basic experience with the following Operating Systems is recommended but not required: Linux distributions (Ubuntu, Kali Linux, Debian), iOS (current versions), Android OS (current versions), macOS (current versions)
Strong analytical and problem-solving skills, and works well in a team environment.
Willingness to acquire in-depth knowledge of network- and host security technologies and products continuously improve these skills.
Salary Range: $85,400 - $136,600
Job Category: Information Systems/Technology
Special Instructions to Applicants
Auburn University is one of the nation’s premier public land-grant institutions. In 2020, it was ranked 44th among public universities by U.S. News and World Report. Auburn maintains high levels of research activity and high standards for teaching excellence, offering Bachelor’s, Master’s, Educational Specialist, and Doctor’s degrees in agriculture and engineering, the professions, and the arts and sciences. Its 2019 enrollment of 30,460 students includes 24,594 undergraduates and 5,866 graduate and professional students. Organized into twelve academic colleges and schools, Auburn’s 1,643 instructional faculty members—87% of whom are employed full-time—offer more than 200 educational programs. The University is nationally recognized for its commitment to academic excellence, its positive work environment, its student engagement, and its beautiful campus.
Auburn residents enjoy a thriving community, recognized as one of the “best small towns in America,” with moderate climate and easy access to major cities or to beach and mountain recreational facilities. Situated along the rapidly developing I-85 corridor between Atlanta, Georgia, and Montgomery, Alabama, the combined Auburn-Opelika-Columbus statistical area has a population of over 500,000, with excellent public school systems and regional medical centers.
Auburn University is committed to providing a comprehensive employee benefits package that attracts and retains talent to further the University’s mission and contributes to the personal and financial well-being of employees and their families. Employee Benefits include: Health Insurance, Dental Insurance, Vision Care, Cancer Insurance, Life Insurance/Personal Accident Coverage, Disability Group & Supplemental Plans, Flexible Spending Account Plan, and Mandatory and Voluntary Retirement Plans, Auburn University Federal Credit Union, Bookstore Discounts, Tiger Perks discounts on dining, shopping and entertainment, Travel Assistance (Domestic and International), and Educational Improvements for Employees and Dependents.
AN AFFIRMATIVE ACTION/EQUAL OPPORTUNITY EMPLOYER. It is our policy to provide equal employment opportunities for all individuals without regard to race, sex, religion, color, national origin, age, disability, protected veteran status, genetic information, sexual orientation, gender identity, or any other classification protected by applicable law.