Primary Work Address: 4000 Jones Bridge Road, Chevy Chase, MD, 20815
Current HHMI Employees, click here to apply via your Workday account.
HHMI is focused on supporting and moving science forward in a variety of different ways ranging from conducting basic biomedical research, empowering educators, inspiring students, developing the next generation of scientists – even stretching into film and media production. Our Headquarters is in the greater Washington, DC metro area and is home to over 300 employees with expertise in investments, communications, digital production, biomedical sciences, and everything in between. The work housed here supports and augments the groundbreaking research conducted in HHMI labs across the nation. As HHMI scientists continue to push boundaries in laboratories and classrooms, you can be sure that your contributions while working here are making a difference.
Summary:
The Sr. Security Engineer serves as a technical lead and mentor to other security engineers in the team. The Sr. Security Engineer position is responsible for the design, development and implementation of an information security policy and the implementation of the network and support structure to support that policy. This includes high-performance firewalls, Network Detection and Response tools (NDR), Virtual Private Networks, endpoint protection software and intelligent network sensors. An important additional responsibility includes collaborating to develop a cohesive information security environment that facilitates efficient and effective interoperability of HHMI HQ and Janelia information interfaces. This is a highly experienced position responsible for the design, implementation, management, documentation, and support of the information security infrastructure of a complex high-performance network. This position must stay abreast of emerging technologies and solutions to continually improve the quality and effectiveness of information security. In addition, this role will also be responsible for reporting potential threats as well as measuring the effectiveness of current systems and policies.
In this role you will:
Lead other security personnel and collaborate with network engineers under the direction of the Sr. Manager of IT Security and Network Engineering to balance the security needs of the institute with the productivity needs of the user community.
Provide 24x7x365 support of the security infrastructure including firewalls, Intrusion Detection/Prevention devices and Endpoint Security solutions.
Work with network and system engineers along with management on securing HHMI resources in cloud service provider instances.
Develop information security policies that support Janelia and HHMI objectives
Develop and implement best practice firewall policies.
Implement and maintain Network Intrusion Detection and Prevention systems both on-premise and in cloud architecture spaces.
Perform seamless upgrades of existing Security infrastructure.
Develop security hardening policies and procedures for servers and desktops which run operating systems, including Linux, Mac OSX and Windows.
Lead incident response and remediation on suspected infected host systems.
Analyze traffic flows and patterns to identify malware, viruses and denial of service attacks impacting users and/or network resources.
Develop security strategy for the institute’s networks.
Cross train and matrix support with network engineers.
Administrate the F5 BigIP platform in its various functions such as SSO, load-balancing, authentication, and web server security.
Administrate the Splunk logging server and develop HHMI’s alerting and automated response capabilities.
Develop and refine systematic processes for testing, managing, monitoring, and logging upgrades, patches, and security enhancements all workstation systems and servers.
Proactively research emerging cybersecurity threats and advise on how to best protect HHMI’s assets
Proactively identify security gaps and work with both management and other staff members to address the gaps through processes, policies or technology.
Education and Experience:
Graduate-level degree in information technology or cybersecurity or related experience
Industry certifications such as GIAC, CISSP, Palo Alto Networks PCNSE or Cisco CCNP Security
Minimum of seven years of experience working as a security professional in an enterprise network
Seven+ years of industry experience in an implementation and support role of Enterprise level Firewall devices
Seven+ years of industry experience in an implementation and support role of Intrusion detection devices
Experience with F5 BigIP LTM, APM and ASM
Experience in supporting network and VoIP in Lab research environment
Experience in auditing network traffic and equipment for security-related concerns.
Ability and experience in finding creative solutions for threats to data and networks.
Skilled in researching both commercial and open source options. Skilled in gleaning relevant information from several sources and mediums.
Proven skill and experience in monitoring several sources of information and properly classifying threats.
Skills and Abilities:
Refined ability to communicate security requirements to project teams based on understanding of approved security policies, standards and baselines.
Must be results oriented with strong customer service skill in dealing with end-users and co-workers
Strong analytical skills
Expert-level knowledge and history of supporting high performance firewalls and intrusion detection systems
Proven in-depth theoretical and practical knowledge of the OSI Model, TCP/IP and other networking standards and protocols.
Ability to effectively work in a team environment, as well as lead team initiatives
Excellent organizational, time management, and service delivery skills
Effective written and oral communication skills
Comfortable with working with all stratums of employees and explaining security concepts
Solid understand of spanning tree and layer two switching concepts
Solid understanding of routing protocols such as OSPF and knowledge of the Internet concepts and routing architecture
Expert-level skills in troubleshooting network problems.
Ability to work with minimum supervision
Physical Requirements:
Remaining in a normal seated or standing position for extended periods of time; reaching and grasping by extending hand(s) or arm(s); dexterity to manipulate objects with fingers, for example using a keyboard; communication skills using the spoken word; ability to see and hear within normal parameters; ability to move about workspace. The position requires mobility, including the ability to move materials weighing up to several pounds (such as a laptop computer or tablet).
Persons with disabilities may be able to perform the essential duties of this position with reasonable accommodation. Requests for reasonable accommodation will be evaluated on an individual basis.
Please Note:
This job description sets forth the job’s principal duties, responsibilities, and requirements; it should not be construed as an exhaustive statement, however. Unless they begin with the word “may,” the Essential Duties and Responsibilities described above are “essential functions” of the job, as defined by the Americans with Disabilities Act.
Compensation and Benefits
Our employees are compensated from a total rewards perspective in many ways for their contributions to our mission, including competitive pay, exceptional health benefits, retirement plans, time off, and a range of recognition and wellness programs. Visit our Benefits at HHMI site to learn more.
HHMI is an Equal Opportunity Employer
Similar Positions
-
It Security Analyst, RMIT University, Australia, about 4 hours ago
Overview: RMIT University Commitment RMIT is committed to the rights of students and staff to be safe, respected, valued, and treated as an equal in their place of study and work. All staff are e...
-
Systems Administrator, Adler University, United States, 16 days ago
Description Under the general guidance of the Manager, IT Infrastructure, the System Administrator manages peak performance, availability and security of Adler University information systems, tele...
-
Network Engineer, Central Queensland University, Australia, 5 days ago
Network Engineer Apply now » Date: 8 Apr 2024 Job Location: Rockhampton, QLD, AU Company: Central Queensland University About this Opportunity Continuing, Full Time Digital Services Directorate CQ...
-
Information Security Intern, Villanova University, United States, 8 days ago
Posting Details Do you have questions about the application process? If so, please refer to the Applicant FAQ’s. Position Information Posting Number: 20244997V Position Title: Information Security...
-
Network Core Team Manager, University of Colorado, United States, about 16 hours ago
Network Core Team Manager - 33309 University Staff Description University of Colorado | CU Anschutz Medical Campus Department: Office of Information Technology Job Title: Network Core Team Manager...
-
Instructor Information Systems Security, SAIT Polytechnic, Canada, about 18 hours ago
Instructor - Information Systems Security Calgary, AB Academic – School for Advanced Digital Technology / SAFA Casual – Approved Program / On-site Apply for this job SAIT's School for Advanced Dig...