Senior Security Engineer

Job Description Summary
George Washington University Information Technology GWIT is the chief provider of technology services and applications at The George Washington University (GW). GWIT partners with all key stakeholders across GW to equip students faculty and staff with the technology and tools necessary to achieve academic excellence. This position works within GWIT and ensures collaboration with both University stakeholders and external vendors for service delivery across GW. GWIT operates systems in a hybrid multicloud environment in GW data centers and commercial cloud. The Senior Security Engineer role will be a part of a team responsible for defining security requirements supporting security architecture implementing a secure development lifecycle assessing information systems recommending security best practices providing vulnerability management and generally defining implementing assessing and maintaining controls necessary to protect both physical and virtual networks hardware and systems in accordance with security requirements. The Senior Security Engineer: Communicates institution specific and industry best practices around IT security standards to internal technical leads and external technology solution developers partners and providers. Reports findings and assessment results to both technical staff and business stakeholders clearly and effectively. Provides mitigation and remediation suggestions as appropriate. Supports digital transformation including appropriate automation cloud migration stakeholder empowerment and distributed but effective security practices. Performs application security and vulnerability assessments penetration testing and risk analyses using tools such as Tenable One Metasploit Burp Suite OWASP ZAP sqlmap nmap Nessus Rapid7 Kali Linux Generates reports and summaries that note security vulnerabilities and risks based on standards and frameworks such as OWASP Top Ten NIST 800171 and CIS Benchmarks. Effectively delivers these reports to technical and nontechnical staff engineers developers and management at manager director and vice presidential levels. Collaborates with the full IT Security team as well as application administrators vendors and business stakeholders as appropriate on the operational aspects of technical solutions. Advises on the appropriate flow of information regarding risk identification treatment and acceptance within the university. Advises and contributes recommendations on operational aspects of security vulnerability and risk assessments for current technical solutions transition or emerging solutions and in evaluating changes to systems and services (change management) for both onpremise and cloud solutions. Assists team in maintaining IT security tool and capability portfolio through engaged lifecycle management of hardware and software solutions vendor management and budget planning activities (researching and drafting business cases in a zero based budget environment) as requested Contributor to the identification creation and documentation of security processes network security standards and procedures for both internal runbooks as well as university wide communications and awareness. Acts as an escalation point for and collaborates with peers throughout the institution on technical security matters. Provides project management for small security projects and participates in IT projects across the university Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.

Minimum Qualifications
Qualified candidates will hold a Bachelors degree in an appropriate area of specialization plus 5 years of relevant professional experience OR a Masters degree or higher in a relevant area of study plus 3 years of relevant professional experience OR a Bachelors degree in an appropriate area of specialization plus 3 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education training and experience.

Preferred Qualifications
Demonstrated experience in application security vulnerability assessments vulnerability management penetration testing and risk analysis activities across functional business areas and information technology services. Experience in using security testing tools such as Burp Suite Metasploit Tenable One OWASP ZAP sqlmap nmap Rapid7 Kali Linux Splunk AWS Inspector AWS CloudTrail AWS GuardDuty AWS IAM and more Ability to demonstrate flexibility/adaptability in applying IT Security standards knowledge of current best practices applicable to a given environment (higher education experience in this area a plus) Ability to effectively translate technical vulnerabilities into business risk terminology Demonstrated ability to explain standards and frameworks such as OWASP Top Ten NIST 800171 NIST 80037 CIS Benchmarks and more to technical and nontechnical staff developers engineers system/network administrators and management Ability to work closely with team members and independently to deliver expected results. Experience within a university environment is desirable.

Work Schedule
Monday through Friday