Cyber Security Systems Engineer

Summary

Job Category:
Security
Job Title:
Cyber Security Systems Engineer 
Job Category Definition:
This specialty covers cyber security, information assurance, and compliance design, integration, implementation, modification, and coordination of the installation, testing, operation, and disposition of hardware and software systems. Functions may include conducting analyses, developing functional and technical requirements and specifications, documentation, monitoring the availability, serviceability, and recoverability of installed technology security systems, implementing cyber security procedures and tools, maintaining systems configuration, managing the installation and integration of system patches updates, and enhancements, and ensuring the rigorous application of information security/information assurance policies, principles, and practices.
Job Title Definition:
The Cyber Security Systems Engineer proactively evaluates the system and network enterprise environments of the University and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures and education to implement effective security programs and strategies. The Cyber Security Systems Engineer studies malware trends and applies in-depth understanding of the threat to the development and implementation of defense-in-depth strategies. The Cyber Security Systems Engineer exercises critical judgment in a fast-paced environment to determine the optimum resolution of system or network incidents detected by or reported to the University. Cyber Security Systems Engineer also forensically preserve and analyze data to support internal investigations, or as required under law for release to external law enforcement agencies under the direction of the Office of General Counsel. Cyber Security Systems Engineers execute operational Cyber Incident Response Team (CIRT) activities. The Cyber Security Systems Engineer fully masters and explains to others the cyber security requirements for legal and regulatory compliance including FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), GLB (Gramm-Leach-Bliley Act), PCI (Payment Card Industry), DMCA (Digital Millennium Copyright Act) and other federal regulations and statutes. Duties are performed at various levels within the defined title.
Working Conditions:
Specific physical requirements and effort are outlined in Job Responsibilities Worksheet (list of essential job duties and responsibilities specific to a particular job at the unit level) in accordance with the Americans with Disabilities Act of 1990 (ADA).
Other Requirements: Maintain a security clearance when specific job duties require interaction with classified systems.
 

Levels

Level 1 

Level Details
Job Code Salary Band FLSA Status
ITSC0101 J Non-Exempt

Level 1 positions typically demonstrate baseline working knowledge of routine work applications; follow standard principles and systems and use appropriate terminology associated with a particular field of specialization; participate as a team member in a collaborative environment within a diverse workforce; actively contribute to completion of team goals and assigned tasks; clearly communicate information, ideas, or instructions verbally and in writing; follow recommended approach to assigned work to facilitate achievement of desired results; ensure safe practices and environmental consciousness are exhibited in decisions; typically work under direct and frequent supervision while performing routine duties using established procedures with detailed instructions.

Typical Education & Experience

0+ years related experience

Associate’s Degree or higher

Or an equivalent combination of education and experience

Typical Work Duties
  • Assist in the testing, implementation, and operation of secure operating systems, networks, databases, and security event monitoring products
  • Assist with conducting risk assessments and vulnerability analyses
  • Assist with basic security vulnerabilities, including firewalls, electronic data traffic, and network access
  • Maintain documentation and correct as instructed
  • May assist in the design of security solutions
  • Support the integration of new technology; provide basic architectural analysis
  • Research and stay current on industry best practices
  • Demonstrate fundamental understanding of system and network security principles and technology

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 2 

Level Details
Job Code Salary Band FLSA Status
ITSC0102 L Exempt

Level 2 positions typically demonstrate intermediate knowledge of the concepts, practices and procedures of a particular field of specialization; perform intermediate tasks in defined skill areas/applications by continuously building on current job knowledge; maintain effective relationships with peers, vendors, and others in a diverse environment; support team decisions and follow through with team responsibilities; interpret information, ideas and instructions and communicate clearly and accurately both verbally and in writing including materials intended for distribution; determine causes of unusual occurrences and apply standard principles and practices to determine and implement solutions; ensure safe practices and environmental consciousness are exhibited in decisions; typically work under general supervision, while performing assignments that are varied and that may be somewhat difficult in character, but usually involve limited responsibility.

Typical Education & Experience

2+ years related experience

Bachelor’s Degree or higher

Or an equivalent combination of education and experience

Typical Work Duties
  • Conduct risk assessments, vulnerability analyses, penetration testing, and provide domain level recommendations
  • Respond to system and network security incidents
  • Investigate and resolve standard security vulnerabilities with minimal oversight, including firewalls, electronic data traffic, network access, and architectures
  • Perform total system analyses to include but not limited to design, configuration, testing, installation, operation, maintenance and disposal
  • Provide recommendations for the development of internal and external customer enterprise-wide cyber systems, networks, and applications solutions
  • Participate in the testing, implementation, and operation of secure operating systems, networks, databases, and security event monitoring products
  • Participate in the design of security solutions
  • Assist with the forensic preservation of hard drives
  • May recommend processes and procedures
  • Maintain documentation and correct as necessary
  • Support the integration of new technology; provide basic architectural analysis
  • Research and stay current on industry best practices
  • Demonstrate proficient understanding of system and network security principles and technology

 

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 3 

Level Details
Job Code Salary Band FLSA Status
ITSC0103 M Exempt

Level 3 positions typically demonstrate proficient and comprehensive knowledge of defined skill areas/applications to integrate fundamental elements from other specialties into work assignments; apply knowledge of principles, practices, and procedures of a particular field of specialization to complete difficult assignments; promote a culture that is conducive to effective relationships among diverse team members; ensure safe practices and environmental consciousness are exhibited in decisions; may lead a project team involved in completion of difficult assignments, requiring proficient knowledge of field of specialization; interpret and communicate information, ideas and instructions clearly, accurately and persuasively both verbally and in writing including materials intended for distribution; incorporate new facts and ideas into group processes and apply creative thinking to develop new solutions; typically work with minimal supervision on difficult assignments, conferring with manager on unusual matters.

Typical Education & Experience

5+ years related experience

Bachelor’s Degree or higher

Or an equivalent combination of education and experience

Typical Work Duties
  • Conduct risk assessments, vulnerability analyses, penetration testing, and provide enterprise-wide recommendations
  • Respond to complex system and network security incidents; investigate and resolve non-standard security vulnerabilities
  • Design and recommend security solutions
  • Perform total system analyses and provide recommendations
  • Provide recommendations for the development of internal and external enterprise-wide cyber systems, networks, and applications solutions; interface directly with vendors
  • Perform complex testing, implementation, and operation of secure operating systems, networks, databases, and security event monitoring products
  • Perform and analyze forensic preservation of hard drives
  • May interface with external entities including law enforcement and intelligence/government agencies
  • Recommend processes, procedures, and security standards to promote operational efficiency
  • Design and integrate new architectural features; provide architectural and engineering analyses
  • Embed advanced cyber defense techniques for incident response
  • Assist in the development and delivery of cyber security training material
  • Participate in the tactical execution of Cyber Incident Response Team (CIRT)
  • May provide guidance to lower level Engineers
  • Develop communications in addressing system and network security principles and technology solutions

 

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 4 

Level Details
Job Code Salary Band FLSA Status
ITSC0104 N Exempt

Level 4 positions typically demonstrate advanced knowledge of principles, practices, and procedures of a particular field of specialization and complete complex assignments; integrate complex elements from other specialties into work assignments; demonstrate a strong commitment to inclusionary practices which support diversity throughout the University; establish a shared vision and take responsibility for the achievement of team goals, and provide direction for appropriate implementation of plans; present ideas, concepts and instructions in a clear manner, and use persuasion and negotiation to build consensus and cooperation; ensure safe practices and environmental consciousness are exhibited in decisions; develop new techniques, concepts, theories, programs or solutions and apply them to complex strategic operating issues; typically work independently on complex work assignments, review progress and evaluate results and update management as appropriate; may direct and delegate work to lower-level staff.

Typical Education & Experience

8+ years related experience

Bachelor’s Degree or higher

Or an equivalent combination of education and experience

Typical Work Duties
  • Lead and provide process enhancement for risk assessments, vulnerability analyses, and penetration testing
  • Oversee response to security incidents and vulnerabilities
  • Coordinate the design and engineering of security solutions; participate in planning for future cyber security technology
  • Perform complex forensic preservation tasks as required
  • Provide technical expertise to external entities, including law enforcement and intelligence/government agencies
  • Develop processes, procedures, and security standards to promote operational efficiency
  • Design and integrate new architectural features; provide complex architectural and engineering analyses
  • Embed advanced cyber defense techniques for incident response
  • Lead the tactical execution of Cyber Incident Response Team (CIRT)
  • Develop and deliver cyber security training material
  • Present enterprise-wide security solutions and analyses to internal and external stakeholders
  • Present security awareness sessions to diverse audiences University-wide
  • Research leading edge techniques and technologies for cyber security
  • Direct the development of communications addressing system and network security principles and technology solutions
  • Apply project management principles and methods to the leadership of security tasks or projects
  • Provide guidance to and may supervise lower level Engineers

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 5 

Level Details
Job Code Salary Band FLSA Status
ITSC0105 O Exempt

Level 5 positions typically extend mastery of job knowledge to the principles, theories and practices of related specialties; expand knowledge of best practices and incorporate into all work assignments and procedures; evaluate and enhance current practices and efforts to ensure optimal support of diversity; oversee leadership of teams and projects that involve extensive cooperation and coordination between multiple departments across the University or with external customers; prepare written and/or verbal presentations or proposals on highly complex issues and deliver to a broad variety of audiences; identify and implement innovative solutions to important, highly complex strategic and/or operational issues which may involve unusual circumstances and incomplete or conflicting data; ensure safe practices and environmental consciousness are exhibited in decisions; work independently on highly complex or strategic assignments; may direct and supervise lower-level staff.

Typical Education & Experience

12+ years related experience

Bachelor’s Degree required; Master’s Degree preferred

Or an equivalent combination of education and experience

Typical Work Duties
  • Provide subject matter expertise in the strategic planning process and provide input into enterprise strategic security initiatives     
  • Oversee the development and research of leading edge techniques and technologies for cyber security
  • Lead the design and engineering of security solutions; plan for future cyber security technology
  • Engage in University, customer, and industry collaboration efforts
  • Develop cyber security programmatic training content; present at various outreach and/or educational forums
  • Develop strategic security standards and policies
  • Provide strategic guidance and subject matter expertise to the Cyber Incident Response Team (CIRT)
  • Provide operational and project team leadership for multiple, simultaneous enterprise-wide cyber security initiatives
  • Participate as required in the budget process
  • Provide guidance to all levels of Cyber Security Systems Engineers

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.