This position seeks an enthusiastic IT security engineer and architect with a willingness to learn and the ability to take initiative and produce results while delivering quality service and effective solutions.
This individual will guide the process of examining and developing secure solutions and provide advice on proactively managing risk to ensure readiness for threats and potential vulnerabilities within architecture. This role requires risk assessment and the ability to offer suggestions for remediation or mitigation. In addition, the primary goal of this position is to handle the projects that focus on the design and implementation of security best practices for new hardware and software. This individual must integrate security controls into new systems and applications, and it involves making well-researched security enhancement suggestions and introducing security standards that protect the organization from possible security incidents. To ensure the effective implementation of these security standards, there will be a need to provide informal training on information security best practices. While this role is tied closely to technology, it may, at times, be closer to the consultative and analytical processes of information security.
This individual has the ability to practically apply systems engineering best practices and processes to develop secure systems, as well as has the knowledge and skills to incorporate security into projects, applications, business processes and all information systems. This individual is expected to have a thorough understanding of complex IT systems and business processes and stay up to date with the latest security standards, systems and authentication protocols. This role requires experience in and technical expertise on building security infrastructure from scratch or updating existing systems in response to ongoing changes in the security landscape, including new risks and adherence to applicable regulations. A successful candidate will demonstrate a detailed understanding of cybersecurity methodologies, attention to detail, outstanding problem-solving skills, work comfortably under pressure, and deliver on tight deadlines.
The School of Medicine and Public Health is one of the largest divisions of UW-Madison, employing over 4,000 faculty, staff, and instructors and conducts over $350 million of research annually. The data communication network in the UW-Madison School of Medicine and Public Health is comprised of approximately 10,000 total nodes located in 16 buildings on-campus as well as another 20 sites off-campus.
The School of Medicine and Public Health has a deep and profound commitment to diversity both as an end in itself but, also as a valuable means for eliminating health disparities. As such, we strongly encourage applications from candidates who foster and promote the values of diversity and inclusion.
60% Security Engineering a. Recommend, implement, and maintain technical and procedural controls, such as system security best practices b. Provide strategic guidance, oversight to security architecture and design for a variety of technology, such as remote access and cloud solutions c. Evaluates and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems d. Provide strategy and implementation guidance, such as standard operating procedures and protocols e. Interpret standards, requirements, and their applications to the enterprise environment f. Perform technical management, such as configuration management, information management, and quality assurance g. Ability to function as an enterprise security subject matter expert who can explain complex topics to those without a technical background h. Identifying current and emerging technology issues including security trends, vulnerabilities, and threats i. Conducting proactive research to assess security weaknesses and recommend appropriate strategies
35% Security Architecture a. Perform product, infrastructure, and cloud security design b. Identify security architecture approach including types, scope, frameworks, security configurations, and network configurations c. Identify common proactive controls for applications, such as OWASP d. Design security architecture elements to mitigate threats as they emerge e. Plan, research, and design robust security architectures for projects, including utilizing defense-in-depth architecture f. Create solutions that balance business requirements with information, cybersecurity, and regulation requirements g. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
Bachelor’s Degree or minimum of 2 years’ experience in IT engineering or architecture required
Bachelor’s Degree preferably in information technology security, computer science, information systems, or related field.