Senior Microsoft Security Engineer

Summary The Senior Microsoft Security Engineer will be responsible for identifying potential threats to the IT infrastructure, recommending enhancements accordingly and implementing those technologies. The Senior Microsoft Security Engineer provides support to ensure applicable information protection policies, procedures, guidelines, best practices are followed. Performs Security Risk Assessments (SRAs) and performs compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures. The Microsoft Senior Security Engineer will be expected to demonstrate all of these skills while demonstrating specific emphasis on the application of Microsoft's security product suite along with other best in class industry security tools. Educates stakeholders in the assessment process and lead both pre- and post-assessment meetings.Duties and Responsibilities Fully leverage the educational institutions Microsoft A5 license suite of products; in particular as it pertains to the industry leading suit of security products, processes, and strategiesLead the educational institutions Microsoft security “cloud first” strategy leading to fully leverage SDN (Software Defined Networking) Zero Trust, and Least Privilege strategiesDesign, implement, and maintain Microsoft security solutions for the educational institution's infrastructureEnsure that Microsoft operating systems are configured securely and that security patches are regularly appliedManage the configuration and effective use of Microsoft security products, including Microsoft Defender ATP, Azure Security Center, and Microsoft Information ProtectionImplement Microsoft security best practices to maintain the security posture of the educational institution's infrastructureCollaborate with Infrastructure/ITSM/Technical teams to implement security requirements in new and existing technology solutionsStay up-to-date with the latest security threats and industry trends, and apply this knowledge to improve security protocols within the educational institutionServe as a security expert in network efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practicesLead and execute projects on our security roadmapAdhere to existing risk management frameworks, such as COBIT, ITIL, and ISO 27002Manage incident response for network security eventsDevelop and maintain IT security policiesResearch, design, and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendorsSupport vulnerability assessments on various types of networks and topologiesExecute risk and vulnerability assessments and remediation activitiesAnalyze output from network vulnerability assessments, recommend mitigation strategies and resolve any security incidents through work with pertinent business departmentsReview and provide feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs, as applicableReview and provide input into network designs to ensure compliance with security and enterprise architectureProvide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branchBuild/enhance security architecture and configure network to enhance the security posture of the enterpriseReview in-house and 3rd-party applications/code for security vulnerabilities and best practicesParticipate in Software Development Lifecycle: code review, QA security testing, launches, etc.Develop and/or implement automated security testing tools where possibleParticipate in the development of security-related tools and applications, such as multi-platform cookie-based authentication and internal security libraries/frameworksTrain engineers on common security problems and best practices for writing secure codeProvide security input on overall software architecturePerform hands-on testing of applications, as well as build and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practicesSkills Secure solutions developmentMiddleware securityN-tier apps dev infrastructureCompliance – PCI, GLB, GLBA, CMMCGDPR, etc.Risk management and security risk assessmentsCode reviewReverse engineering API's and protocolsAuthentication and authorizationSSO (Single Sign On)MFA (Multi- Factor Auth.)Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.)Recognized as a strategic thinker and results orientedDemonstrated effective strong team player and self-motivatorAbility to work and interface internally with a IT and other functional support groups with minimal guidanceDemonstrated successful experience in a customer-facing roleDemonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitationDemonstrated effective time management, organizational and documentation skillsGood analytical and troubleshooting skills with strong attention to detailEducation & Experience Requirements Experience: 10 years or more of professional experience with 7 or more years in IT security including security policy development, security architecture models, and information security regulatory complianceMust have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and the interest and experience to work on security policy and architectureHands-on experience with the following technologies: enterprise system administration across multiple operating systems, IPS management (i.e., Cisco ASA, Palo Alto), vulnerability scanning applications, SplunkExperience in engineering and enterprise system administration rolesExperience developing a standard set of metrics that measure our security posture on a monthly/weekly basisProven experience developing security policies, procedures, risk registers and incident response plansIntermediate to advanced knowledge of information security conceptsExperience with one or more applications development languages such as Ruby on Rails, Java, C/C++, .NETSolid knowledge of and experience with secure web architectures, tools and processesKnowledge of network architecture and design, network Security, wireless Security and client/server securityVery strong computer networking skills and understanding of networking protocolsSecurity of virtual machine environments is highly desirableKnowledge of vulnerability assessment/network discovery and associated toolsUnderstands infrastructure monitoringKnowledge of securing Linux and Windows systemsExperience with various types of firewalls and technologiesDemonstrated process improvement experiencePrevious application development experience is very helpful for secure code reviewsHands-on experience using multiple Amazon Web Services technologies to support an enterprise environmentPrior experience as a team lead or role mentoring junior team membersExperience with threat detection and incident management for web applications that deal with PIPreferred Experience Requirements Education: Bachelor's degreeCertifications Possessing at least one professional security certification such as CISSP, CISM, CISA or similarEqual Opportunity Employer The University of Maryland Global Campus (UMGC) is an equal opportunity employer and complies with all applicable federal and state laws regarding nondiscrimination. UMGC is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, ancestry, political affiliation or veteran status in employment, educational programs and activities, and admissions.Workplace Accommodations UMGC is committed to creating and maintaining a welcoming and inclusive working environment for people of all abilities. UMGC is dedicated to the principle that no qualified individual with a disability shall, based on disability, be excluded from participation in or be denied the benefits of the services, programs, or activities of the University, or be subjected to discrimination. For information about UMGC's Reasonable Workplace Accommodation Policy or to request an accommodation, applicants/candidates can contact Employee Accommodations via email at employee-accommodations@umgc.edu.Benefits Package Highlights Generous Time Off: 22 days of paid vacation, 15 days of sick leave, 3 personal days, and 16 paid holidays (17 during general election years). For part-time employees, time off rates will be prorated based on the number of hours worked.Comprehensive Health Coverage: Access to health care, medical with vision, dental, and prescription plans for both individuals and families, effective from the 1st of the month following your hire date.Insurance Options: Term Life Insurance, Accidental Death and Dismemberment Insurance, and Long-Term Disability (LTD) Insurance. Part-time employees working less than 0.5 FTE are not eligible for LTD.Flexible Spending Accounts: Available for medical and dependent care expenses.Retirement Plans: Choose between the Optional Retirement Program (ORP) or the Maryland State Retirement and Pension System (MSRPS).Supplemental Retirement Plans: 401(k), 403(b), 457(b), and various Roth options. The university does not provide matching funds.Tuition Remission: Immediate availability for Regular Exempt Staff. Spouses and dependent children are eligible for undergraduate tuition remission after two years of service. For part-time employees (at least 50 percent of the time), tuition remission benefits are prorated.Hiring Range $116,000.00 - $131,000.00#J-18808-Ljbffr

Summary The Senior Microsoft Security Engineer will be responsible for identifying potential threats to the IT infrastructure, recommending enhancements accordingly and implementing those technologies. The Senior Microsoft Security Engineer provides support to ensure applicable information protection policies, procedures, guidelines, best practices are followed. Performs Security Risk Assessments (SRAs) and performs compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures. The Microsoft Senior Security Engineer will be expected to demonstrate all of these skills while demonstrating specific emphasis on the application of Microsoft's security product suite along with other best in class industry security tools. Educates stakeholders in the assessment process and lead both pre- and post-assessment meetings.Duties and Responsibilities Fully leverage the educational institutions Microsoft A5 license suite of products; in particular as it pertains to the industry leading suit of security products, processes, and strategiesLead the educational institutions Microsoft security “cloud first” strategy leading to fully leverage SDN (Software Defined Networking) Zero Trust, and Least Privilege strategiesDesign, implement, and maintain Microsoft security solutions for the educational institution's infrastructureEnsure that Microsoft operating systems are configured securely and that security patches are regularly appliedManage the configuration and effective use of Microsoft security products, including Microsoft Defender ATP, Azure Security Center, and Microsoft Information ProtectionImplement Microsoft security best practices to maintain the security posture of the educational institution's infrastructureCollaborate with Infrastructure/ITSM/Technical teams to implement security requirements in new and existing technology solutionsStay up-to-date with the latest security threats and industry trends, and apply this knowledge to improve security protocols within the educational institutionServe as a security expert in network efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practicesLead and execute projects on our security roadmapAdhere to existing risk management frameworks, such as COBIT, ITIL, and ISO 27002Manage incident response for network security eventsDevelop and maintain IT security policiesResearch, design, and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendorsSupport vulnerability assessments on various types of networks and topologiesExecute risk and vulnerability assessments and remediation activitiesAnalyze output from network vulnerability assessments, recommend mitigation strategies and resolve any security incidents through work with pertinent business departmentsReview and provide feedback on security plans and procedures regarding all aspects of LAN, WAN or MANs, as applicableReview and provide input into network designs to ensure compliance with security and enterprise architectureProvide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT security branchBuild/enhance security architecture and configure network to enhance the security posture of the enterpriseReview in-house and 3rd-party applications/code for security vulnerabilities and best practicesParticipate in Software Development Lifecycle: code review, QA security testing, launches, etc.Develop and/or implement automated security testing tools where possibleParticipate in the development of security-related tools and applications, such as multi-platform cookie-based authentication and internal security libraries/frameworksTrain engineers on common security problems and best practices for writing secure codeProvide security input on overall software architecturePerform hands-on testing of applications, as well as build and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practicesSkills Secure solutions developmentMiddleware securityN-tier apps dev infrastructureCompliance – PCI, GLB, GLBA, CMMCGDPR, etc.Risk management and security risk assessmentsCode reviewReverse engineering API's and protocolsAuthentication and authorizationSSO (Single Sign On)MFA (Multi- Factor Auth.)Enterprise aware (change control, downstream impacts, understanding of cause and effect, change windows, etc.)Recognized as a strategic thinker and results orientedDemonstrated effective strong team player and self-motivatorAbility to work and interface internally with a IT and other functional support groups with minimal guidanceDemonstrated successful experience in a customer-facing roleDemonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitationDemonstrated effective time management, organizational and documentation skillsGood analytical and troubleshooting skills with strong attention to detailEducation & Experience Requirements Experience: 10 years or more of professional experience with 7 or more years in IT security including security policy development, security architecture models, and information security regulatory complianceMust have the knowledge of IT security technologies such as firewalls, intrusion detections systems, antivirus, patch management, etc., and the interest and experience to work on security policy and architectureHands-on experience with the following technologies: enterprise system administration across multiple operating systems, IPS management (i.e., Cisco ASA, Palo Alto), vulnerability scanning applications, SplunkExperience in engineering and enterprise system administration rolesExperience developing a standard set of metrics that measure our security posture on a monthly/weekly basisProven experience developing security policies, procedures, risk registers and incident response plansIntermediate to advanced knowledge of information security conceptsExperience with one or more applications development languages such as Ruby on Rails, Java, C/C++, .NETSolid knowledge of and experience with secure web architectures, tools and processesKnowledge of network architecture and design, network Security, wireless Security and client/server securityVery strong computer networking skills and understanding of networking protocolsSecurity of virtual machine environments is highly desirableKnowledge of vulnerability assessment/network discovery and associated toolsUnderstands infrastructure monitoringKnowledge of securing Linux and Windows systemsExperience with various types of firewalls and technologiesDemonstrated process improvement experiencePrevious application development experience is very helpful for secure code reviewsHands-on experience using multiple Amazon Web Services technologies to support an enterprise environmentPrior experience as a team lead or role mentoring junior team membersExperience with threat detection and incident management for web applications that deal with PIPreferred Experience Requirements Education: Bachelor's degreeCertifications Possessing at least one professional security certification such as CISSP, CISM, CISA or similarEqual Opportunity Employer The University of Maryland Global Campus (UMGC) is an equal opportunity employer and complies with all applicable federal and state laws regarding nondiscrimination. UMGC is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, ancestry, political affiliation or veteran status in employment, educational programs and activities, and admissions.Workplace Accommodations UMGC is committed to creating and maintaining a welcoming and inclusive working environment for people of all abilities. UMGC is dedicated to the principle that no qualified individual with a disability shall, based on disability, be excluded from participation in or be denied the benefits of the services, programs, or activities of the University, or be subjected to discrimination. For information about UMGC's Reasonable Workplace Accommodation Policy or to request an accommodation, applicants/candidates can contact Employee Accommodations via email at employee-accommodations@umgc.edu.Benefits Package Highlights Generous Time Off: 22 days of paid vacation, 15 days of sick leave, 3 personal days, and 16 paid holidays (17 during general election years). For part-time employees, time off rates will be prorated based on the number of hours worked.Comprehensive Health Coverage: Access to health care, medical with vision, dental, and prescription plans for both individuals and families, effective from the 1st of the month following your hire date.Insurance Options: Term Life Insurance, Accidental Death and Dismemberment Insurance, and Long-Term Disability (LTD) Insurance. Part-time employees working less than 0.5 FTE are not eligible for LTD.Flexible Spending Accounts: Available for medical and dependent care expenses.Retirement Plans: Choose between the Optional Retirement Program (ORP) or the Maryland State Retirement and Pension System (MSRPS).Supplemental Retirement Plans: 401(k), 403(b), 457(b), and various Roth options. The university does not provide matching funds.Tuition Remission: Immediate availability for Regular Exempt Staff. Spouses and dependent children are eligible for undergraduate tuition remission after two years of service. For part-time employees (at least 50 percent of the time), tuition remission benefits are prorated.Hiring Range $116,000.00 - $131,000.00#J-18808-Ljbffr

• 

• Government Careers