Cyber Security Engineer

Cyber Security Engineer (260003X0)

Job Description - Cyber Security Engineer (260003X0)

The Cyber Security engineer position will support multiple security initiatives involving design and implementation of different cyber security initiatives. This position will frequently collaborate with Cybersecurity Management and provide guidance and direction for the Cybersecurity program. Provides best solutions to identified needs, meeting specific operational and business objectives, technology capabilities, and human resource requirements. Responsible for interactions with business users, vendors, project managers, design architects and technology managers to assess, remediate, and deploy information security, DMZ security, and networking technology throughout the UH enterprise network.

Maintains and fosters the ongoing service relationships throughout the organization.

• Collaborates with the Cybersecurity, network, server & data center teams to assess the current infrastructure and formulate a plan to manage all information security DMZ and network technologies.
• Reviews the firewall designs and configurations, Network Design document, validates its implementation, and produces an as-built enterprise network diagram.
• Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security.
• Assess potential systems and process vulnerabilities to determine security infrastructure requirements.
• Identify security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives by attempting to breach system security.
• Perform penetration testing and source code review. Document and report system vulnerabilities to internal information security department in order to resolve or patch the weakness.
• Test strength of information security processes, firewalls, and encryption of data.
• Research security trends and new methods and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach.
• Recommend changes to enhance systems security and prevent unauthorized access.
• Schedules upgrades and collaborates with security, server, and network architects on security and network optimization.
• Recommends, reviews, tests, schedules and implements upgrades (i.e. IOS upgrades, patches).
• Recommend and implement changes to enhance systems security and prevent unauthorized access. Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach.
• Provide guidance and direction on best practices for the protection of information. May oversee internal or external systems security (e.g., cloud services).
• Interacts with business users and vendors to identify and define requirements and expectations of new and existing network systems.
• Collaborate frequently with the Cybersecurity Architect to meet design requirements.

• May identify risks for internal or external security systems (e.g., cloud services).
• Performs on-call service rotation; provides 24 x 7 production support on a rotating basis.
• Performs occasional night/weekend work as required due to environmental constraints.
• Performs other duties as assigned.
• Complies with all policies and standards.
• For specific duties and responsibilities, refer to documentation provided by the department during orientation.
• Must abide by all requirements to safely and securely maintain Protected Health Information (PHI) for our patients. Annual training, the UH Code of Conduct and UH policies and procedures are in place to address appropriate use of PHI in the workplace.

• High School Equivalent / GED (Required)
• Bachelor's Degree (Preferred)

• 5+ years of experience with Enterprise Network, DMZ, and Security infrastructure, including design, implementation, and ongoing management and troubleshooting (Required).
• Hands on experience working with firewalls, proxies, email security gateways, intrusion detection / prevention, device encryption, and data leak prevention tools (Required).
• Advanced experience with security devices such as ASA, VPN Concentrators, IPS / IDS (Preferred).
• Practical experience in the use of network monitoring tools such as Cisco Works LMS, Netflow, HP Open View and Network Sniffer (Required).
• Practical experience in the use of security tools such as ProofPoint, Paloalto, Forcepoint, Cisco, Forescout, Websense, and Digital Guardian DLP (Required).

• Excellent technical and interpersonal skills. (Required proficiency)
• Excellent verbal and written communication skills. (Required proficiency)
• Familiar with DNS, HTTP, 802.1x, EAP, TKIP, AES, Radius, IPsec, TLS/SSL, routing protocols (BGP, OSPF, HSRP, VRRP) and VLANs, and layer 2 / Layer 3 roaming (Required proficiency)
• Ability to effectively document processes. (Required proficiency)
• Self-starter who is inspired by technology, highly…