The Sr. Security Engineer is responsible for the development and implementation of technical systems and controls necessary to safeguard ACC’s information and assets. The position will work directly with IT and non-IT staff to protect the confidentiality, integrity, and availability of proprietary, personal, and other sensitive data.
This position will be involved in a wide range of issues and projects including the development of secure architectures and methodologies utilizing security best practices and industry standards, with a focus on complying with major governance and regulatory standards such as PCI, SOX, & GDPR.
- Design, develop, implement, and maintain security systems and technologies while managing multiple simultaneous complex technical projects with limited guidance from security leadership.
- Assess and respond to security threats, and support other IT organizations in the diagnosis of potential security incidents
- Partner with IT teams in the design and implementation of systems, applications, processes, and/or other related technologies to adhere to security and compliance best practices, regulations, laws, and/or company programs, procedures, policies and guidelines
- Develop software and/or configure system automation framework tools to automate repetitive tasks
- Develop and maintain security documentation including diagrams, security standards, and disaster recovery manuals, and support the security strategy by outlining the requirements and benefits of specific security tools and/or
(other duties may be assigned):
- Draft, implement, maintain, and monitor enterprise security procedures, policies, & controls
- Function as the security technical SME during incident response, and perform forensic analysis of security incidents
- Design, implement, and support physical security access management and monitoring solutions
- Coordinate maintenance of security systems
- Regularly report on security program and project status, performance, and gaps
- Advise and assist developers with secure coding practices, applying modern security technologies to the design and integration of enterprise applications, and build and manage code security testing processes and systems
- Deploy and maintain enterprise encryption and endpoint protection platforms, perform forensic investigations, manage large scale security event logging and correlation systems, and maintain, enhance, and integrate enterprise identity management
- Manage and enhance an MFA system, deploy, tune, and maintain NGFWs and other network- centric security systems, and perform penetration tests and manage enterprise-wide vulnerability assessments and remediation
- Design, deploy, tune, and maintain and support EMM systems, automated inventory systems, DLP systems, web security gateway systems, email security gateway systems, and advanced malware/malops detection & response
- Develop software and manipulate security systems to automate as many tasks as possible, evaluate and advise on the applicability, effectiveness, and/or necessity of new and existing security tools, evaluate all incoming new systems for their security stature and for their compliance with internal requirements, assist other business units by providing technical security expertise, and develop comprehensive
- Interface with both technical and non-technical individuals and groups to assist with security issues and identify new security opportunities arising from advancements in security and newly defined security best
- Manage vulnerability and penetration testing services and assessments, and implement and assist with gap remediation
- Work with management and technology leads within the organization to ensure alignment with shared goals and strategies
- Support internal, customer, and independent audits, as necessary
- Maintain current knowledge of industry trends in security and compliance
- The core of American Campus culture involves everyone being fully invested in everything that we do down to picking up the smallest piece of trash. No matter their position or duration at any given property, everyone picks up trash.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Collaboration – Outstanding team player, sociable, and able to operate easily in cross- functional and cross-departmental roles
- Independence – Can fully manage a security project independently, as well as develop solution proposals
- Flexibility – Set priorities and adapt to changes in a quick, professional manner
- Technical Capacity – Deep and wide technical skills covering core IT operational security & software dev security in highly complex and integrated environments
- Thoroughness – Research, evaluate, recommend and document security solutions at the lowest cost
- Strategy – Understand & embrace a balance between security risk probability and practical application of remediation
Knowledge, Skills, and Abilities:
- Bachelor’s degree in Computer Science, Computer Engineering or Information Security / Cyber Security or equivalent combination of education and work experience
- Minimum 5 years of experience in full-time Information Security role
- Wired & wireless networking, application-aware firewalls, remote access, network-based decoy techniques, DLP, vuln management, & 1x.
- Securing Windows Server & Workstation operating systems, and enterprise Active Directory and GPO development and management
- Forensics systems and techniques using tools, NGAV & EDR technology, whole disk encryption, & security incident response
- SIEM, IDAM, email & web security gateways, MFA, & privileged account
- Microsoft & Linux operating systems
- IP based applications (WWW, SMTP, DNS, SNMP, )
- Protocol filtering, network security and packet level analysis
- Security best practices and cyber security research
- Configuring, deploying, and monitoring corporate security tools
- Standard ITIL methodologies, such as incident, problem, request, & change management
- Highly skilled in at least one programming/scripting languages and at least one DVCS
- Resolve security issues in diverse and decentralized environments
- Collaborate with the appropriate group to isolate and solve problems and ensure proper coordination in all areas of project implementation
- Write reports, business correspondence, and procedure
- Effectively present information and respond to questions from groups of managers, clients, customers, and coworkers.
Certificates and Licenses:
Desirable certifications: CCNP, CISSP, CCIE Security, ITIL, and GIAC certs. Linux & Microsoft certifications a plus.
Back to Results