NORC at the University of Chicago is seeking a Security Engineer (SE) to join our Information Security team. The successful candidate will plan, engineer and support the security and compliance program. The SE will provide risk assessment and remediation to enhance the security and availability of all NORC systems. The SE will provide ongoing security and compliance consultation and education for the end user community as well as IT teams and management.
NORC recognizes that talented and skilled staff live throughout the U.S. and actively supports remote work arrangements.
As a condition of employment, all NORC employees and contractors - including those working remotely - must be fully vaccinated (as defined by current CDC guidance) against COVID-19.
DEPARTMENT: INFORMATION TECHNOLOGY
NORC's Information Technology department provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to delivering professional, high-quality solutions to achieve our collective goal of advancing social science research.
- Develop information security and IT security requirements for project and work efforts, based on NORC policies and SOPs.
- Implement security controls for the monitoring NORC endpoints
- Assist with security incident response through investigation and analysis
- Monitor security threats feeds to ensure security updates, patches and preventive measures are in place.
- Develop and maintain baseline configuration and documentation.
- Automate collection and reporting of security information from systems.
- Maintaining an accurate inventory across all security tools.
- Validate technical controls are designed and implemented to protect NORC digital assets.
- Work closely with the Engineering and Technical Support teams on security and operational issues, projects and improvements
- Participate in security audits, risk analysis, vulnerability testing, and security reviews on all program systems.
- Support the maintenance of FISMA compliant security programs. This includes contributing to the creation of Security Authorization packages and oversight of annual continuous monitoring assessments and re-authorizations which include vulnerability scanning, interviews and documentation of system testing
- Support the assessment of NORC system security risks and vulnerabilities and recommending remediation options.
- Execute and deliver regular vulnerability scans using vulnerability management tools
- Assess, gather, and evaluate client application requirements and complete security impact analysis as well as provide security requirements.
- Coordinating remediation efforts with developers, testers, operations, engineers, and clients for outstanding security flaws and vulnerabilities.
- Bachelor's in Computer Science or a related field required or equivalent work experience
- 5+ years of professional experience supporting security in an enterprise Windows environment.
- Strong understanding of designing secure networks, systems and application architectures
- In depth knowledge of securing Microsoft Operating Systems, Office applications and databases
- Experience in securing cloud technologies
- Experience with threat detection technology tools and techniques
- Requires experience working with Identity and Access Management including creating policies, alerting and reporting on all types of accounts
- Experience working with FISMA and NIST 800-53
- Requires previous experience working in a security administration role with related duties such as system hardening, development of audit reports, creating secure baseline device configurations and conducting penetration testing.
- Demonstrated experience with SIEM tools and system event monitoring
- Direct experience with anti-virus software, intrusion detection, firewalls and content filtering
- Knowledge of risk assessment tools, technologies and methods
- Knowledge of disaster recovery, computer forensic tools, technologies and methods
- Experience planning, researching and developing security policies, standards and procedures
- Professional experience in a system administration role supporting multiple platforms and applications
- Ability to communicate security issues to technical peers and management
- Security Professional designation such as CISSP (highly desirable) and Security+ is desired.
WHAT WE DO:
NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.
WHO WE ARE:
For over 75 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we're known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.
NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, and other legally- protected characteristics.