Senior Cyberinfrastructure Security Architect
With Internet2 in Ann Arbor MI USMore jobs from Internet2
Posted on May 14, 2019
About this job
Job type: Full-time
Role: System Administrator
security, sysadmin, networking
Internet2 provides the U.S. research and education community with a dynamic, innovative, world-leading set of advanced information technologies. Through collaboration with regional optical networks, international and campus partners, Internet2 provides next-generation network services and a platform for the development of new networking paradigms. With community control of the fundamental networking infrastructure, the Internet2 Network provides the scalability for its members to efficiently provision resources to address bandwidth-intensive requirements of their campuses such as collaborative applications, distributed research experiments, grid-based data analysis, and social networking.
Internet2 maintains and operates a 13,500-mile domestic coherent DWDM network infrastructure, with multiple Layer 2 and Layer 3 networks provisioned on top of it.
To help support this critical mission, we are seeking a Senior Cyberinfrastructure Security Architect to design, build, test and implement security systems within Internet2's global infrastructure programs. The Senior Cyberinfrastructure Security Architect is a senior technical position that will play a key role in the establishment and evolution of the security program for Internet2's cyberinfrastructure. Supports the business by ensuring network security is integrated into the essential project and program activities. Ensures risks are treated in a consistent and effective manner and promotes responsible security behavior. Responsible for researching, developing and driving the adoption of software security strategy, security architecture standards, design patterns, and best practices across all of Internet2 cyberinfrastructure products and services. This position requires some travel, possible on-call support, frequent community interaction, and reports to the Chief Cyberinfrastructure Security Officer.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Plans security systems by evaluating network and security technologies; developing requirements for the Internet2 production network including virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs solutions such as resource public key infrastructures (RPKI) for improving inter-domain routing security; adhering to industry standards such as MANRS.
- Contributes to the development and maintenance of the information security strategy.
- Developing project timelines for ongoing system upgrades.
- Use tools and methodology to assess the security risks associated with sensitive and mission critical systems and develop mitigation strategies to bring risk levels into an acceptable range.
- Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws.
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
- Liaise with the larger research and education community to understand needs and coordinate activities.
- Evaluates and develops secure solutions, based on approved security architectures.
- Researches, designs and advocates new technologies, architectures, and security products.
- Communicates security risks and solutions to business partners and IT staff.
- Supports ethical hacking initiatives to eliminate security risks in cyberinfrastructure products.
- Models attack vectors and design security controls to mitigate risk.
- Builds security into infrastructure and architecture designs and guides the implementation.
- Creates and delivers knowledge sharing presentations and documentation to other architects, security, developers and operations teams.
- Senior leader expected to proactively research industry trends, user requirements and translate into architectural direction.
- Working Group Leader and Facilitator in complex stakeholder environments.
- Escalation point for support and technical negotiations with vendors.
Computer Science or equivalent.
Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH).
Must be well versed in Internet routing protocols such as BGP, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network-based scanners).
Working knowledge of network telemetry techniques and sources such as netflow, ipfix, sflow, SNMP, streaming telemetry, syslog, packet captures, etc.
Familiarity with security frameworks such as ISO 27001:2013 and NIST SP800-53, with a focus on security, performance, and reliability.
Ability to provide quality deliverables on time and on budget.
Ability to mentor other employees to improve their skills and effectiveness.
Ability to design, resource, conduct, status, and complete projects independently, with minimal supervision.
Minimum 4 years hand-on experience in Network / Security.
Solid understanding of security protocols, cryptography, authentication, authorization and security.
Good working knowledge of current IT risks and experience implementing security solutions.
Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.
Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
Excellent written and verbal communication skills as well as business acumen and a commercial outlook. Should be able to work with technical and non-technical individuals alike.
Ability to conduct research into emerging technologies and study their relevance for our use.
Ability to present ideas in business-friendly and user-friendly language.
Highly self-motivated and directed.
Excellent analytical and problem-solving abilities.
Able to prioritize and execute tasks in a high-pressure environment.
Experience working in a team-oriented, collaborative environment.
Ability to travel up to 30% for community and vendor interactions.
Internet2 is a 501(c)(3) not-for-profit organization and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.