Information Security Engineer

Engineering a world of possibilities

The Security Engineer is a member of the Information Security team within the Information Technology department at Mines. They are responsible for the design, review, implementation, and maintenance of security controls and configurations for Mines suite of information technology. The position is also responsible for the administration of information security tooling and will perform a critical role in the investigations into security events.

This work is done in a hybid environment with some in-office presence. For more on the department, please visit: https://it.mines.edu/.

PRIMARY RESPONSIBILITIES:

Administration

• Server: Partners with Mines infrastructure and applications teams to evaluate, implement, and maintain security practices and controls for Windows and Linux servers, ensuring that the systems are safeguarded against any potential threats. Leverages security benchmarking documentation and accompanying group policy and other techniques to ensure systems are configured to industry best practice. Provides evaluation and guidance regarding security best practice as it pertains to deployments, projects, and configurations.

• Application: Partners with Information Security team members to perform primary administrative duties for applications and other tooling directly owned and maintained by the Mines Information Security team. Collaborates with application owners for both locally and cloud hosted applications and platforms to ensure best practice configurations are implemented. Performs assessment of configurations against provider documentation and additional sources to optimize application and platform security. Works to ensure available security functions and tooling are leveraged in a manner which optimizes for security while providing consideration for user efficiencies, commensurate with Mines risk appetite.

• Network: Partners with the Mines network team to evaluate, design, and validate the implementation of appropriate network security controls, to include appropriate authentication, authorization, and accounting, and segmentation. Performs change and impact evaluation of firewall policies, access control lists, and other restrictions. Works on the development, deployment, and continuous improvement of technologies such as network access control (NAC), and strategies such as Zero Trust (ZT).

• Access Control: Partners with Identity and Access Management team to refine and implement user access control strategies that align with industry best practice and principle of least privilege (PoLP) methodologies. Collaborates on configuration assessments of directory services. Advises on the design and configuration of role-based access control (RBAC) and other access strategies commensurate with systems in scope. Participates in the design, configuration, and optimization of multi-factor authentication and other authentication technologies.

• Client Device: Partners with Mines client device team to evaluate, implement, and maintain security protocols on Windows, Mac, and Linux client devices, ensuring that the systems are safeguarded against any potential threats. Leverages security benchmarking documentation and accompanying group policy and other techniques to ensure systems are configured to industry best practice. Provides guidance on centralized device management strategy leveraging mobile device management platforms.

• Vulnerability Management: Performs configuration and maintenance of Mines vulnerability management platform. Collaborates with peers to ensure that Mines vulnerability management platform is properly configured to produce accurate and actionable outputs. The security engineer will partner with both internal and external teams to implement and validate mitigating actions as identified by Mines vulnerability management platform.

• Monitoring: Regularly monitor logs and alerts for any suspicious activities. Appropriately communicates observed events to requisite Mines Information Security and other IT team members commensurate with scope of event. Ensures immediate action is taken in response to identified events in an effort to mitigate risks to systems, users, and data within scope of events.

• Documentation: Evaluates and updates documentation for adoption, including as built and proposed configurations, on an ongoing basis to assess and maintain currency regarding information security controls.

Controls Evaluation

• Audit: With guidance from leadership and collaboration with internal and external peers, acts as a point of contact for information security configuration components of voluntary and mandatory audit efforts, to include assessment, evidence artifact collection, reports and findings evaluation, and mitigation planning and execution. Conducts internal vulnerability assessments and penetration testing to identify any security gaps and implement necessary patches or updates to safeguard the systems.

• Compliance: Evaluates existing and proposed security controls and configurations for both regulatory and non-regulatory compliance matters. Participates in efforts to assess and map current controls to formal security framework/s. Ensures proposed controls, configurations, and changes are in alignment with adopted security framework controls. Participates in gap assessment and remediation efforts as they pertain to compliance and framework requirements.

• 3rd Party Data Processor: Evaluates, documents, and provides actionable insight regarding security controls for new engagements and ongoing deployments as they pertain to the transfer, processing, or control of Mine's data with 3rd party data processors.

Service and Incident Handling

• The department of Information Technology (IT) utilizes an ITIL based support structure designed to provide friendly, fast, and accurate responses to service requests, incidents, and change requests. The Information Security Engineer fulfills 1st line support for information security related tickets originating from various sources, including the Mines service desk, managed detection and response (MDR) services , student staff security operations center (SOC), and other automated alerts.

Forensics and Incident Response Support

• Provide incident management, investigation, containment, eradication, and recovery support as needed in support of Managed Detection and Response Servers (MDR) and Security Operations Center (SOC). This support may include any phase of incident support.

• Be available outside business hours to support emergency incident response.

• Support incident planning including incident preparation, identification, containment, eradication, and recovery plans.

• Provides coverage support on an as needed basis for incident response analyst.

Salary and Benefits

$94,000 - $110,000 annaul salary

Mines takes into consideration a combination of candidate's education, training and experience as well as the position's scope and complexity, the discretion and latitude required in the role, work location, and external market and internal value when determining a salary level for potential new employees.

Colorado School of Mines offers a robust portfolio of benefits for all employees. For this role, that includes:

• Flexible health, vision, and dental care options

• Generous sick/vacation time: 13 paid holidays per year - including a week-long winter break for entire campus.

• Fully vested retirement plan on first day of employment, with generous employer contribution

• Tuition benefits (6 credits per year for employees, 50 percent discount for dependents)

• Free RTD Ecopass

All Mines employees also have access to discount programs through the State of Colorado and free tickets for Mines Athletics home games, as well as access to the on-campus Recreation Center (fitness classes and training, swimming pool and more), equipment rentals through the Outdoor Rec Center, the Colorado State Employee Assistance Program (CSEAP), and backup child and elder care. Coming soon is an on-campus daycare center. For more information about benefits at Mines, go to mines.edu/human-resources/benefits.

Minimum Qualifications

• Bachelor's degree from a four-year college or university in computer science, information technology, engineering, or equivalent advanced technical training and experience. Individuals without a related degree may be considered if they possess the same knowledge level found in a degree but have attained advanced knowledge through a combination of work experience and intellectual instruction using a 1:1 substitution.

• 5+ years of experience working in the field of information technology system administration.

• 3+ of experience working directly in a security engineering or equivalent role.

• Must have previous experience independently supporting at least half of the following as a system administrator or security analyst or security engineer:

• Windows Server

• Linux Server

• Network

• End User Client Devices

• Endpoint Detection and Response

• Managed Detection and Response

• Certificate issuance and management systems

• Centralized password vault administration

• Active Directory / Azure

• Cloud / SaaS Platforms

• Virtualization

• Vulnerability Management

• Security Framework (NIST/CIS)

• Compliance (Cybersecurity Maturity Model Certification (CMMC / NIST-171), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA)

• Excellent written and verbal communication skills.

• Excellent critical thinking and decision-making capabilities.

• Ability to work autonomously within boundaries of established goals and objectives.

• Ability to work effectively as part of a cross-functional collaborative problem-solving or design team.

• Ability to work effectively, balancing work for multiple projects and priorities at the same time.

• Previous work experience using an IT ticketing system.

Preferred Qualifications

• Master's Degree in information security or a related field.

• Security certification/s including such as ISSEP, GDSA, CEH, GIAC, or equivalent

• Demonstrable Experience with one or more of the following:

• Okta

• DUO

• Palo Alto Networks

• Extreme Networks

• Office365

• GSuite

• AWS Cloud Services

• Arctic Wolf

• F5

• Essential security tools such as BurpSuite, wireshark, nmap, Zed Attack Proxy (ZAP), metasploit or equivalent

How to Apply

Applicants must:

• Complete an online application (personal information, demographic information, veteran status)
• Upload a resume or CV
• Upload a cover letter

This posting will close June 24, 2024. For full consideration, apply by 11:59 p.m. on June 23, 2024.

References will not be contacted until later in the selection process and you will be informed before that contact is made.

Visa Sponsorship is not available for this position.

Mines welcomes everyone to our team; in your application, please feel free to note which pronouns you use (For example - she/her/hers, he/him/his, they/them/theirs, etc). If you need reasonable accommodation at any point in the application or interview process, please let us know.

Successful Completion of a Background Investigation is Required for this Position.

About Mines & Golden, CO

When the world looks for answers, the world looks to Mines.

Colorado School of Mines is a top-ranked public university solving the grand challenges facing our society, particularly those related to the Earth, energy and the environment. Founded in 1874 with specialties in mining and metallurgy, Mines' scope and mission have continually expanded to meet the needs of industry and society. Today, we are the No. 38 public university in the nation, recognized for our innovation and undergraduate teaching in science, technology engineering and math (U.S. News and World Report, 2023).

Mines graduates are change makers, boundary breakers and problem solvers. Since our earliest days, a Mines education has been and continues to be a transformational opportunity, with one of the strongest returns on investment out there for talented STEM students of all backgrounds.

At the same time, Mines faculty members are pushing their fields in new directions, whether that's manufacturing, space resources, quantum engineering, carbon capture or more. Mines was recently classified as a R1 "Very High Activity" research institution by Carnegie, a notable feat for any university but particularly one of our size.

That size - roughly 7,000 undergraduate and graduate students - also translates to a close-knit campus community, where employees have opportunities to get involved in multiple ways, continued professional learning is valued and everyone can make an impact.

Community Alliance groups bring together employees for professional development, networking, cultural awareness and community involvement, and all Mines employees also have access to the wealth of activities happening every day on campus - nationally-renowned speakers, special events and Mines traditions like Engineering Days, just to name a few.

And don't get us started on our hometown. We are located in the heart of Golden, Colorado --with its charming historic downtown and nearby hiking trails - and in close proximity to all that Denver and the Rocky Mountains have to offer. That includes the sunny, high-altitude climate and outstanding outdoor recreation opportunities that make the Denver area an ideal place to live, work and play.

Are you looking for an inspiring, mission-driven workplace where you can contribute to solving the world's problems and educating the next generation of change makers? Are you an individual who values a diverse and inclusive community, where our different perspectives, experiences and cultures enrich the educational and work experience?

Look to Mines.

Equal Opportunity

Colorado School of Mines is committed to equal opportunity for all persons. Mines does not discriminate on the basis of age, sex, gender (including gender identity and gender expression), ancestry, creed, marital status, race, ethnicity, religion, national origin, disability, sexual orientation, genetic information, veteran status or current military service. Further, Mines does not retaliate against community members for filing complaints regarding or implicating any of these protected statuses.

Mines' commitment to nondiscrimination, affirmative action, equal opportunity and equal access is reflected in the administration of its policies, procedures, programs and activities and in its efforts to achieve a diverse student body and workforce.

Through its policies, procedures and resources, Mines complies with federal law, Colorado state law, administrative regulations, executive orders and other legal requirements to prevent discrimination (including harassment or retaliation) within the Mines campus community and to address potential allegations of inequity or concerns for safety.

Colorado's premier engineering and applied science university for 150 years and counting