General Position Summary:
Responsible for infrastructure engineering, maintenance, and support of complex network security systems for a large scale, multi-site, and geographically distributed enterprise network. Scope of supported systems ranges from servers and desktop hardware and software, multiple operating systems, and proprietary network security systems and appliances (e.g., secure remote access, firewalls, routers, intrusion prevention systems, intrusion detection systems, vulnerability scanning and management, incident response, and regulatory compliance systems). Collaborates with application development and infrastructure support teams to setup security components to ensure compliance i.e. (Epic/HIPPA). These network security systems provide IT services to thousands of users throughout Johns Hopkins and have an enterprise wide complexity and scope.
The major efforts and tasks of this position are highly complex, technical and enterprise wide in scope. Information security threats are an evolving problem with new sources of threats and variations to older problems changing daily. Due diligence is required in monitoring and understanding these problems. Network Security risks are abstract in nature and require a balanced response that mitigates risks without disrupting services. This is the second level of a three tiered Network Security Engineer position. Technical competence is expected to be at a highly knowledgeable level across multiple platforms. Tasks and projects are complex in nature. Position includes project and technical leadership along with mentoring and assistance with development of other staff. Decisions recommended and made by incumbent affect and impact enterprise systems and operations. Position works in a highly independent manner under limited supervision.
The responsibilities listed below are typical examples of the work performed by this position. Not all duties assigned to this position are included, nor is it expected that everyone in this position will be assigned every job responsibility.
- Implements and supports systems and processes to reduce the security threats to Hopkins Network and IT infrastructure. These include but are not limited to data loss, exposure of private data, inappropriate systems access, denial of service, computer viruses and Trojans or any other indication of compromised systems
- Provides network security risk and vulnerability assessments, and provides recommendations to mitigate risks for small to large systems that are complex in nature.
- Represents network security in IT and business projects for network security evaluations and risk assessments.
- Researches specific elements of regulatory compliance requirements (HIPPA, FERPA, PCI, Sarbanes Oxley, FISMA) and develops recommendations for network security compliance
- Directs junior level engineers for compliance follow-up activities
- Provides risk management consulting services to Hopkins business units, partners and affiliates on cyber security and network vulnerability and risk mitigation for projects that are moderate to complex in nature.
SYSTEMS ANALYSIS AND DESIGN
- Develops and executes highly technical and/or complex project plans and systems that are based on knowledge of the business and information security needs of the Johns Hopkins enterprise community.
- Provides network security analysis and design consulting services to Hopkins business units, partners and affiliates on cyber security and network vulnerability and risk mitigation for projects that are moderate to complex in nature.
- Develops technical security systems and procedures for IT systems that process all classification levels of electronic information (see JH electronic information classification levels at [ Link removed ] - Click here to apply to Network Security Engineer II). These Enterprise wide network information security efforts include: wired and wireless networking; telecommunications; secure messaging; enterprise clinical information systems (e.g., EPR, POE); student information systems (e.g., ISIS); and enterprise business solutions (e.g., Enterprise Business Solution (SAP)).
- Provides knowledgeable technical and project management (full life-cycle) responsibilities in at more than one enterprise focused information security discipline, including, but not limited to: risk management; network intrusion detection and prevention; security event / incident response; security policy; vulnerability management; regulatory compliance; and encrypted and secure remote access for Hopkins staff, Hopkins remote entities, and business partners.
- Designs enterprise network information security systems and services in support of the mission of Johns Hopkins Institutions.
- Independently determines or interprets complex requirements for existing or new network information security systems; identifies and/or develops and tests solutions to meet requirements; develops recommendation for implementation; implements and develops documentation for monitoring and maintenance.
INSTALL AND CONFIGURE
- Implements and configures technical security systems and procedures for IT systems that process all classification levels of electronic information (see JH electronic information classification levels at [ Link removed ] - Click here to apply to Network Security Engineer II). These Enterprise wide network information security efforts include: wired and wireless networking; telecommunications; secure messaging; enterprise clinical information systems (e.g., EPR, POE); student information systems (e.g., ISIS); and enterprise business solutions (e.g., Enterprise Business Solution (SAP)).
- Installs and configures medium to large size security appliances and solutions by using established procedures.
- Works with JH management and staff to communicate and ensure compliance with enterprise network information security policies ([ Link removed ] - Click here to apply to Network Security Engineer II).
- Implements changes by adhering to the change management policies and procedures for any given project. Communicates to all parties the nature, significance, and risk factors of the solution.
- Installs, configures, and/or interprets results of network security analyzers and log events.
- Works with other technical engineers in administration of enterprise network information security systems and services in support of the mission of the Johns Hopkins Institutions.
- Represents network security in IT and business projects for network security evaluations and risk assessments.
- Directs the efforts of other engineers in large scope/complex systems installations
- Works with Enterprise infrastructure support services for data center logistics; coordinate enterprise network security system changes with affected JH customers and staff at one or more JH institution campus or location.
- Manages one or more network security platforms (Firewalls, IDS, IPS, Security Assessment tools).
- May provide oversight to vendors, affiliates and lower level Engineers and systems administrators.
- Coordinates activities with customers and other IT organizations
- Provides guidance and training to junior level engineers.
- Works with external law enforcement organizations to assist with investigations or threats that are related to the Johns Hopkins Network.
MAINTAIN AND TROUBLESHOOT
- Monitors network for emerging threats across the cyber security landscape and makes recommendations to reduce and/or eliminate the threats to the Hopkins Enterprise Network.
- Maintains and troubleshoots technical security systems and procedures for IT systems that process all classification levels of electronic information (see JH electronic information classification levels at [ Link removed ] - Click here to apply to Network Security Engineer II). These Enterprise wide network information security efforts include: wired and wireless networking; telecommunications; secure messaging; enterprise clinical information systems (e.g., EPR, POE); student information systems (e.g., ISIS); and enterprise business solutions (e.g., Enterprise Business Solutions (SAP)).
- Independently manages one or more network security platforms (Firewalls, IDS, IPS, Security Assessment tools).
- Leads and/or participates in confidential security incident and event investigations. Conducts forensic investigations of security breaches and compromises. Identifies root causes, develops and implements alternatives to eliminate the source of the compromise and potential for re-occurrence.
- Analyzes data from enterprise information security events (including, but not limited to: technical forensic data, incident records, analysis of network traffic). Provides reports and recommended response actions to the Network Security Architect and/or security manager.
- Produces ad-hoc and recurring reports on network security system measurement statistics.
- Reviews abstract information regarding network traffic flow and access for anomalies and potential breaches to network security. Develops processes for others to follow in reviewing the information.
- Troubleshoots highly complex network and security problems, involving switching, routing and security policy issues.
Bachelor’s degree in IT or related field. Advanced degree in IT or related field and/or professional security training and certification (e.g. SANS/GIAC, CISA, CISM, CISSP) preferred.
Additional experience may substitute for education.
Minimum of five years full time at an Enterprise level information security work in 2 or more information security domains. (Enterprise Firewall Management, Intrusion Detection and Prevention, Network Forensics, Technical Risk Assessment, etc.)
Three years of project management and project team participation skills.
Five years of progressively responsible experience in at least two or more of the following: enterprise networking (wired and wireless); enterprise information or network security; computer system management & administration; project management;
Additional education may substitute for experience.
Equivalency Formula: 30 undergraduate degree credits or 18 graduate degree credits = 1 year of experience. For jobs where equivalency is permitted, up to two years of non-related college coursework may be applied towards the total minimum education/experience required for the respective job.
Preferred Job Qualifications:
Knowledge in the assigned IT environments.
Knowledge, Skills, & Abilities (KSA’s):
- Must possess all requisite knowledge, skills, and abilities as posted in the supplemental section.
- Must demonstrate strong critical thinking and analytical reasoning skills.
- Ability to work on multiple priorities effectively.
- Ability to prioritize conflicting demands.
- Ability to execute assigned project tasks within established schedule.
- Ability to work collaboratively in a team environment.
- Ability to communicate effectively in the service of users and colleagues.
- Writes and communicates clearly and concisely.
- Possesses sound documentation skills.
- Ability to maintain confidentiality
- Must demonstrate exemplary customer service skills.
- Work requires a strong understanding and extensive work experience with at least two of the ten (ISC) Information Security Domains (Access Control; Application Development Security; Business Continuity and Disaster Recovery Planning; Cryptography; Information Security Governance and Risk Management; Legal, Regulations, Compliance and Investigations; Operations Security; Physical (Environmental) Security; Security Architecture and Design; Telecommunications and Network Security).
- In depth knowledge of complex firewall environments. This includes multi access perimeter, enterprise red zones and specialty firewall configurations. Development of complex firewall access policies, policy groupings, access control lists and firewall interface management.
- Expert knowledge and experience with information security technologies, methodologies, and practices including, but not limited to: risk assessment and management; intrusion detection and prevention; vulnerability assessment and management; system administration (Windows, OS X, Linux, Unix, etc.); security policy, standards, and best practices; security incident response; auditing and security administration of network security systems and operating systems; access control; encryption; firewalls; secure proxies; networking; database and application security; security event log analysis; virus prevention and remediation; and custom programming/scripting.
- Thorough understanding of the use of open source network security tools (i.e. NMAP, Snort).
- Thoroughly familiar with network vulnerability assessments and processes.
- Comprehensive knowledge of network interconnect practices and the use of both public (internet) and private network interconnect services.
- Capable of troubleshooting highly complex network and security problems, involving switching, routing and security policy issues.
- Complete understanding of the interoperability of Network Security systems.
- Strong understanding of TCP/IP, the OSI model, and appropriate standards and practices associated with a secure enterprise technical framework are required.
Classified Title: Network Security Engineer II
Starting Salary Range: $69,140 - $95,005 annually (commensurate with experience)
Employee group: Full Time
Schedule: Mon-Fri 8am-5:30pm
Exempt Status: Exempt
Location: Hybrid - Johns Hopkins Bayview
Department Name: IT@JH Networking, Telecom and Data Ctr
Personnel Area: University Administration
The successful candidate(s) for this position will be subject to a pre-employment background check.
If you are interested in applying for employment with The Johns Hopkins University and require special assistance or accommodation during any part of the pre-employment process, please contact the HR Business Services Office at [ Link removed ] - Click here to apply to Network Security Engineer II. For TTY users, call via Maryland Relay or dial 711.
Johns Hopkins has mandated COVID-19 and influenza vaccines, as applicable. Exceptions to the COVID and flu vaccine requirements may be provided to individuals for religious beliefs or medical reasons or because the individual is pregnant or attempting to become pregnant. Requests for an exception must be submitted to the JHU vaccination registry. For additional information, applicants for SOM positions should visit [ Link removed ] - Click here to apply to Network Security Engineer II and all other JHU applicants should visit [ Link removed ] - Click here to apply to Network Security Engineer II.
The following additional provisions may apply depending on which campus you will work. Your recruiter will advise accordingly.
The pre-employment physical for positions in clinical areas, laboratories, working with research subjects, or involving community contact requires documentation of immune status against Rubella (German measles), Rubeola (Measles), Mumps, Varicella (chickenpox), Hepatitis B and documentation of having received the Tdap (Tetanus, diphtheria, pertussis) vaccination. This may include documentation of having two (2) MMR vaccines; two (2) Varicella vaccines; or antibody status to these diseases from laboratory testing. Blood tests for immunities to these diseases are ordinarily included in the pre-employment physical exam except for those employees who provide results of blood tests or immunization documentation from their own health care providers. Any vaccinations required for these diseases will be given at no cost in our Occupational Health office.
Equal Opportunity Employer
Note: Job Postings are updated daily and remain online until filled.
EEO is the Law
[ Link removed ] - Click here to apply to Network Security Engineer II
- Access Control List
- Access Controls
- Apple Ios
- Application Security