Under general supervision of the Cybersecurity Research manager, responsible for the planning,
engineering, developing, implementing, and compliance monitoring of organization-wide research
programs including, but not limited to, Controlled Unclassified Information (CUI) management;
Cybersecurity Maturity Model Certification (CMMC); Research Electronic Data Capture System
(REDCap); and Electronic Research Administration (ERA). Performs analysis to ensure security controls are consistently implemented, integrating new technology with IT research security standards; developing and executing plans for monitoring, assessing, and verifying security controls across all major information systems; and developing, evaluating, and exercising IT survivability and contingency plans to protect the University’s information assets
Monitors real-time data, discovers security events, analyzes qualified incidents, executes documented resolutions for common incidents, recommends remediation steps for new incidents, and escalates major security incidents for the Research Security Enclave.
Provides assistance with governance, risks, and compliance by 1) coordinating the development of University Research information security technical standards, guidelines, and procedures, based on a recognized framework of best practices and in support of Auburn University policies and regulations, such as Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and NIST 800-53; 2) assisting with risk analysis and risk management; 3) assisting with security and compliance reviews; 4) preparing and maintaining system security plans (SSPs) for various research projects on campus; 5) creates and manages standard operating procedures (SOPs) for various projects.
Assists with communication, reporting, and alerting on general information security issues as well as on specific assignments within Information Security tool sets of the Research Security Enclave.
Develops scripts and tooling to verify security platforms and automate security team operations.
Implements and evaluates new technology deployments, integration testing, information security products, services, and procedures to enhance productivity and effectiveness while maintaining compliance.
Provides assistance for the Research Security Enclave, to include network security and 1) maintaining cybersecurity firewalls and web application firewalls for on-premise network and cloud environments that support research; 2) managing security monitoring systems for network server, firewall, and network anomalies within the Research Security Enclave; 3) maintaining infrastructure designs of current and future network designs and incorporating appropriate mitigation of existing and emerging threats; and 4) assisting with identifying security design gaps in existing and proposed network architecture and recommending changes and enhancements.
Stays fully informed of current security information and issues, as well as regulatory changes affecting industry research and higher education at the state and national level. Engages in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Performs other related duties as assigned by the supervisor