Clemson University is looking for a Security Engineer - Compliance to fulfill the following duties:
Supports the development, maintenance, and protection of systems based on identified laws, and regulations to ensure the security of University owned data.
Interfaces with departmental functions that provide the infrastructure, configuration and contractual requirements to ensure the security requirements are met.
This position requires learning how to apply NIST 800-171 controls, and applying and maintaining controls to covered information systems.
Performs other duties as assigned.
JOB DUTIES:
30% - Essential - Compliance Monitoring and Reporting: Assist with implementation of NIST 800-171 assessment objectives for the covered information system. Support change management processes, ensuring that all modifications to covered information system hardware, software, configurations, and encryption align with NIST 800-171 assessment objectives, and that all changes are requested, authorized, and documented. Track and manage hardware, software and firmware assets, according to NIST 800-171 assessment objectives.
25% - Essential - Risk Management: Conduct monthly risk and compliance reviews of covered information system to ensure adherence to regulated research policies and security practices. Track and document compliance status, identifying and mitigating non-compliance risks as they arise. Identify and document potential security risks and vulnerabilities within the University IT infrastructure. Assist in developing strategies to mitigate risk based on probability and impact.
20% - Essential - Security Assessment: Verify that all assets have proper security controls in place and are regularly updated and reviewed. Support vulnerability and risk assessments on covered systems based on regulatory and internal policy compliance. Provide technical security guidance to staff, particularly on risks and vulnerability remediations. Support periodic security attestation needs from internal audit and functional and technical leaders.
15% - Essential - Incident Response: Act as primary point-of-contact for security incidents identified in covered systems. Become familiar with the tools to detect analyze, contain, and escalate as needed. Determine path to contain/eradicate/recover affected systems, accounts, or other impacted resources.
10% - Essential - Incident Response: Act as primary point-of-contact for security incidents identified in covered systems. Become familiar with the tools to detect analyze, contain, and escalate as needed. Determine path to contain/eradicate/recover affected systems, accounts, or other impacted resources.
MINIMUM REQUIREMENTS:
Education: Bachelor's Degree in information technology systems, computer science, or related field
Work Experience: Experience in information technology systems or related area. Relevant experience may be substituted for bachelor's degree on a year-for-year basis.
PREFERRED REQUIREMENTS:
Education: Bachelor's degree in Cybersecurity, Information Technology, or Computer Science
Work Experience:
Experience working in Cybersecurity, Information System Support, or Security Engineering
Experience developing and managing secure IIT assets in accordance with DOD and NIST guidelines.
Certifications: Security Certifications such as Security +, GSEC, and/or CISSP
RESPONSIBILITIES:
JOB KNOWLEDGE Comprehensive Job Knowledge - Comprehensive knowledge of theories and practices and ability to use in complex, difficult and/or unprecedented situations
SUPERVISORY RESPONSIBILITIES No Supervisory Duties - Not responsible for supervising employees.
BUDGETARY RESPONSIBILITIES No Budget Responsibilities - No fiscal responsibility for the department's budget.
PHYSICAL REQUIREMENTS:
Education: Bachelor's degree in Cybersecurity, Information Technology, or Computer Science
Work Experience:
Experience working in Cybersecurity, Information System Support, or Security Engineering
Experience developing and managing secure IIT assets in accordance with DOD and NIST guidelines.
Certifications: Security Certifications such as Security +, GSEC, and/or CISSP
WORKING CONDITIONS:
No Work Conditions
WORK SCHEDULE:
Standard Hrs: 37.5
JOB LOCATION:
Clemson, SC
APPLICATION DEADLINE:
January 2, 2025 @ 11:59 PM
CLOSING STATEMENT:
Clemson University is an AA/EEO employer and does not discriminate against any person or group on the basis of age, color, disability, gender, pregnancy, national origin, race, religion, sexual orientation, veteran status or genetic information.
