Research Cyber Risk and Compliance Engineer

Job Description SummaryOrganization Summary Statement:
Research computing organizations at the University of Maryland need to have dedicated cyber security resources to ensure compliance with the new landscape of University and its funding agency security requirements but also any legal requirements necessary for industrial partners. The Institute for Advanced Computer Studies (UMIACS) and Institute for Health Computing (IHC) both have extensive advanced cyber infrastructures, elevating their needs to have personnel dedicated to and focused on these areas to be competitive as leaders in research computing.

This position focuses on the following areas to help the two units stated above identify and maintain advanced secure cyber infrastructure while also managing risk and working to find innovative cost effective solutions for our research computing requirements.

- Vulnerability scanning and management
- Network based security compliance and risk assessment
- Research security design
- Dataset security, management and monitoring
- Penetration Testing

Duties include:
- Managing vulnerability scanning infrastructure and remediation requirements for UMIACS and IHC (20%)
- Interfacing with UMD Division of IT to address UMIACS and IHC network based security compliance and risk assessments. Interfacing with third-party security vendors and auditors to ensure compliance, coordinate security assessments and address findings for HPC systems. (20%)
- Designing, implementing and monitoring compliance of cyber security systems designed to meet high performance research computing requirements and secure computing requirements for both UMIACS and IHC (20%)
- Helping to manage data inventories in UMIACS and IHC including research data sets and their potential encumbrances and approvals through the UMD ORA (20%)
- Developing and executing penetration tests and help identify and remediate with stakeholders systems in UMIACS and IHC (15%)
- Completing other duties as assigned by supervisor (5%)

Preferences:
- Bachelor's degree in Computer Science, Information Technology, or a Cybersecurity related field.
- 5 years experience working in cyber security position(s) performing incident response, log analysis, forensics and/or threat hunting/intelligence
- Expertise and knowledge in Linux, Windows and macOS operating systems and configurations
- Experience with risk assessment and the design of infrastructures with security control frameworks CMMC Level 2 and NIST SP 800-171
- Experience with vulnerability scanning platform(s) and penetration testing framework(s)
- Ability to work independently while be highly effective at troubleshooting and problem solving
- Able to effectively communicate with multiple stakeholders including staff, faculty and other campus IT professionals
- Working network security experience in university research computing environments
- Proficiency in Security Information and Event Management log analysis platforms

Physical Demands:
Most work is in a standard office environment; however, the incumbent must be able to lift up to 35 lbs. and be capable of executing some minimal hardware relocation tasks.

Minimum QualificationsEducation: Bachelor’s degree from an accredited college or university. Experience: Five (5) years of professional information technology experience in the fields of security, audit, compliance, or education. Other: Additional work experience as defined above may be substituted on a year for year basis for up to four (4) years of the required education. Knowledge of GLBA, HIPAA, FERPA, PCI/DSS, NIST 800-171, IT-USM Security Standards. Knowledge of Higher Education Community Vendor Assessment Tool Kit and SOC 2. Skill in oral and written communication. Skill in the use of Google Office Suite. Ability to interpret and apply policies, procedures, regulations, and laws. Ability to multitask while demonstrating a commitment to customer service and sensitivity to a culturally and ethnically diverse community.

Additional Job Details

This position will split time between working in the Brendan Iribe Building on the UMCP campus and in the Institute for Health Computing building, which is located in North Bethesda, MD.

Required Application Materials: cover letter, resume, and list of three references

 

Best Consideration Date: June 27, 2025

 

Open Until Filled: Yes

Job RisksNot Applicable to This Position

Financial Disclosure Required

For more information on Financial Disclosure, please visit Maryland's State Ethics Commission website.

DepartmentCMNS-Institute for Advanced Computer Studies

Worker Sub-Type Staff Regular

Salary Range$120,000 to $145,000

Benefits Summary

For more information on Regular Exempt benefits, select this link.

Background Checks

Offers of employment are contingent on completion of a background check. Information reported by the background check will not automatically disqualify anyone from employment. Before any adverse decision, the finalist will have an opportunity to provide information to the University regarding disclosable background check information. The University reserves the right to rescind the offer of employment or otherwise decline or terminate employment if the information reported by the background check is deemed incompatible with the position, regardless of when the background check is completed.

Employment Eligibility

The successful candidate must complete employment eligibility verification (on Form I-9) by presenting documents that establish identity and work authorization within the timeframe required by federal immigration law, and where applicable, to demonstrate renewed employment authorization.  Failure to complete employment eligibility verification or reverification within the timeframe set forth by law may result in suspension or termination of employment.

EEO Statement

The University of Maryland, College Park is an Equal Opportunity Employer. All qualified applicants will receive equal consideration for employment. Please read the University’s Equal Employment Opportunity Statement of Policy.

Title IX Non-Discrimination Notice

Resources

• Learn how military skills translate to civilian opportunities with O*Net Online

Search Firm Managed Recruitment

There are some positions that are not advertised on this career site as the search is being managed by a Search Firm.

Please visit the link below to see these available opportunities:

Search Firm Managed Vacancies