Security Engineer III

Primary Work Address: 4000 Jones Bridge Road, Chevy Chase, MD, 20815

Current HHMI Employees, click here to apply via your Workday account.

HHMI is focused on supporting and moving science forward in a variety of different ways ranging from conducting basic biomedical research, empowering educators, inspiring students, developing the next generation of scientists – even stretching into film and media production.  Our Headquarters is in the greater Washington, DC metro area and is home to over 300 employees with expertise in investments, communications, digital production, biomedical sciences, and everything in between.  The work housed here supports and augments the groundbreaking research conducted in HHMI labs across the nation.  As HHMI scientists continue to push boundaries in laboratories and classrooms, you can be sure that your contributions while working here are making a difference.

Summary: 

 

The Sr. Security Engineer serves as a technical lead and mentor to other security engineers in the team. The Sr. Security Engineer position is responsible for the design, development and implementation of an information security policy and the implementation of the network and support structure to support that policy.  This includes high-performance firewalls, Network Detection and Response tools (NDR), Virtual Private Networks, endpoint protection software and intelligent network sensors. An important additional responsibility includes collaborating to develop a cohesive information security environment that facilitates efficient and effective interoperability of HHMI HQ and Janelia information interfaces.  This is a highly experienced position responsible for the design, implementation, management, documentation, and support of the information security infrastructure of a complex high-performance network. This position must stay abreast of emerging technologies and solutions to continually improve the quality and effectiveness of information security.  In addition, this role will also be responsible for reporting potential threats as well as measuring the effectiveness of current systems and policies. 

In this role you will: 

• Lead other security personnel and collaborate with network engineers under the direction of the Sr. Manager of IT Security and Network Engineering to balance the security needs of the institute with the productivity needs of the user community. 

• Provide 24x7x365 support of the security infrastructure including firewalls, Intrusion Detection/Prevention devices and Endpoint Security solutions. 

• Work with network and system engineers along with management on securing HHMI resources in cloud service provider instances. 

• Develop information security policies that support Janelia and HHMI objectives  

• Develop and implement best practice firewall policies. 

• Implement and maintain Network Intrusion Detection and Prevention systems both on-premise and in cloud architecture spaces. 

• Perform seamless upgrades of existing Security infrastructure. 

• Develop security hardening policies and procedures for servers and desktops which run operating systems, including Linux, Mac OSX and Windows. 

• Lead incident response and remediation on suspected infected host systems.  

• Analyze traffic flows and patterns to identify malware, viruses and denial of service attacks impacting users and/or network resources.  

• Develop security strategy for the institute’s networks. 

• Cross train and matrix support with network engineers. 

• Administrate the F5 BigIP platform in its various functions such as SSO, load-balancing, authentication, and web server security. 

• Administrate the Splunk logging server and develop HHMI’s alerting and automated response capabilities. 

• Develop and refine systematic processes for testing, managing, monitoring, and logging upgrades, patches, and security enhancements all workstation systems and servers. 

• Proactively research emerging cybersecurity threats and advise on how to best protect HHMI’s assets  

• Proactively identify security gaps and work with both management and other staff members to address the gaps through processes, policies or technology. 

Education and Experience: 

• Graduate-level degree in information technology or cybersecurity or related experience

• Industry certifications such as GIAC, CISSP, Palo Alto Networks PCNSE or Cisco CCNP Security  

• Minimum of seven years of experience working as a security professional in an enterprise network  ​

• Seven+ years of industry experience in an implementation and support role of Enterprise level Firewall devices 

• Seven+ years of industry experience in an implementation and support role of Intrusion detection devices 

• Experience with F5 BigIP LTM, APM and ASM

• Experience in supporting network and VoIP in Lab research environment 

• Experience in auditing network traffic and equipment for security-related concerns.  

• Ability and experience in finding creative solutions for threats to data and networks.  

• Skilled in researching both commercial and open source options. Skilled in gleaning relevant information from several sources and mediums.  

• Proven skill and experience in monitoring several sources of information and properly classifying threats.

 

Skills and Abilities: 

• Refined ability to communicate security requirements to project teams based on understanding of approved security policies, standards and baselines. 

• Must be results oriented with strong customer service skill in dealing with end-users and co-workers 

• Strong analytical skills 

• Expert-level knowledge and history of supporting high performance firewalls and intrusion detection systems 

• Proven in-depth theoretical and practical knowledge of the OSI Model, TCP/IP and other networking standards and protocols.  

• Ability to effectively work in a team environment, as well as lead team initiatives 

• Excellent organizational, time management, and service delivery skills  

• Effective written and oral communication skills  

• Comfortable with working with all stratums of employees and explaining security concepts  

• Solid understand of spanning tree and layer two switching concepts 

• Solid understanding of routing protocols such as OSPF and knowledge of the Internet concepts and routing architecture 

• Expert-level skills in troubleshooting network problems.  

• Ability to work with minimum supervision 

Physical Requirements: 

Remaining in a normal seated or standing position for extended periods of time; reaching and grasping by extending hand(s) or arm(s); dexterity to manipulate objects with fingers, for example using a keyboard; communication skills using the spoken word; ability to see and hear within normal parameters; ability to move about workspace. The position requires mobility, including the ability to move materials weighing up to several pounds (such as a laptop computer or tablet).  

 

Persons with disabilities may be able to perform the essential duties of this position with reasonable accommodation. Requests for reasonable accommodation will be evaluated on an individual basis. 

 

Please Note: 

This job description sets forth the job’s principal duties, responsibilities, and requirements; it should not be construed as an exhaustive statement, however.  Unless they begin with the word “may,” the Essential Duties and Responsibilities described above are “essential functions” of the job, as defined by the Americans with Disabilities Act.  

Compensation and Benefits

Our employees are compensated from a total rewards perspective in many ways for their contributions to our mission, including competitive pay, exceptional health benefits, retirement plans, time off, and a range of recognition and wellness programs. Visit our Benefits at HHMI site to learn more. 

HHMI is an Equal Opportunity Employer