Senior Secure Research Systems Engineer

Job Posting Title:

Senior Secure Research Systems Engineer

----

Hiring Department:

Enterprise Technology - Campus Solutions

----

Position Open To:

All Applicants

----

Weekly Scheduled Hours:

40

----

FLSA Status:

Exempt

----

Earliest Start Date:

Immediately

----

Position Duration:

Expected to Continue Until Apr 25, 2028

----

Location:

AUSTIN, TX

----

Job Details:

General Notes

This is a fixed term position that may end after three years from the employee’s start date.
 

Flexible work arrangements are available for this position, including the ability to work 50% remotely. We would prefer a candidate located in the greater Austin area as frequent travel to campus is required as well as for in-person events, training, team meetings, activities, etc., will be required.

This position provides life/work balance with typically a 40-hour work week and travel limited to training (e.g., conferences/courses).

Enterprise Technology is dedicated to supporting the mission of the University of Texas at Austin of unlocking potential and preparing future leaders of the state.

Your skills will make a difference.

You’ll be working for a university that is internationally recognized for research and the work you do will make a difference in the lives of our students, faculty and staff. If you’re the type of person that wants to know your work has meaning and impact, you’ll like working for our campus.

The University of Texas at Austin and Enterprise Technology provide an outstanding benefits package to our staff. Those benefits include:

• Competitive health benefits (Employee premiums covered at 100%, family premiums at 50%)
• Vision, Dental, Life, and Disability insurance options
• Paid vacation, sick leave, and holidays
• Teachers Retirement System of Texas (a defined benefit retirement plan)
• Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)
• Flexible spending account options for medical and childcare expenses
• Training and conference opportunities
• Tuition assistance
• Athletic ticket discounts
• Access to UT Austin's libraries and museums
• Free rides on all UT Shuttle and Capital metro buses with staff ID card

For more details, please see: https://hr.utexas.edu/prospective/benefits and https://hr.utexas.edu/current/services/my-total-rewards

Must be authorized to work in the United States on a full-time basis for any employer without sponsorship.

This position requires you to maintain internet service and a mobile phone with voice and data plans to be used when required for work.

Purpose

The Senior Secure Research Systems Engineer will lead secure research computing initiatives at UT Austin across various projects, playing an essential role in the implementation, security, and maintenance of the university’s Controlled Unclassified Information (CUI) research environment. This position demands proficiency in applying security engineering principles and countermeasures within federally regulated environments, encompassing both on-premises and cloud infrastructure. The engineer will work in collaboration with multiple infrastructure, networking, and security teams to design compliant technical architectures, enforce federal security controls, resolve issues, and support the university’s research compliance objectives.

Responsibilities

Infrastructure Management & Endpoint Security

• Configure and maintain Microsoft GovCloud (GCC High), Intune, and Azure Sentinel SIEM. Coordinate with third party partners to ensure compliance.
• Maintain a university wide infrastructure environment, associated resources, and provide support for research involving controlled unclassified information (CUI).
• Administer Linux and Windows servers, endpoints and other IT assets.
• Conduct security operations, monitor events, and respond to incidents across multiple enclaves.

Security & Compliance Implementation

• Design and maintain the technical implementation of security standards, policies, procedures and controls based on CUI best practices, compliance frameworks, and audit findings.
• Support processes to bring projects into compliance with Cybersecurity Maturity Model Compliance (CMMC) 2.0 requirements.
• Implement and enforce technical controls under NIST (SP) 800-171 or NIST (SP) 800-53 or FIPS 140-2 controls, including encryption, access controls, logging, and endpoint protection.
• Design and manage cryptographic mechanisms for data at rest, data in transit, digital signatures, and message integrity (HMAC, TLS, IPSEC).
• Provide artifacts for Department of Defense audits.

Program Coordination

• Collaborate with restricted research teams (researchers, faculty and staff) to establish secure research computing and laboratory environments in compliance with federal CUI regulations.
• Partner with the Associate Director of Restricted Research to manage POA&Ms and technical remediation planning.
• Document technical processes and collect required artifacts for CUI assessments

Risk Assessment & Compliance Monitoring

• Engage in ongoing risk assessment across the college research environment and develop risk registers aligned to NIST controls.
• Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention).

Other related functions as assigned.

Required Qualifications

• Demonstrable implementation experience with NIST SP 800-171, NIST SP 800-53, FIPS 140- and DISA STIG
• Bachelor's degree in Computer Science, Engineering, Information Technology, or a related field, or equivalent experience (HS diploma + extensive experience and certifications will be considered)
• 3+ years of professional experience working in highly secure compliant hybrid environments such as CUI, NIST, ITAR.
• 3+ years of experience infrastructure engineering, including computer, storage, AD, and virtualization technologies.
• 3+ years expert experience in the IAAS cloud service model (Azure, AWS, or Google Cloud) or hybrid environments.
• 5+ years of experience in server administration with Linux (Ubuntu, RedHat) and Windows.
• Demonstrable proficiency with scripting, automation and configuration management, using automation framework tools (e.g., Ansible, Terraform, Chef, Puppet, CloudFormation).
• Deep understanding of related networking concepts like SDNs, VRFs, DNS, switch, network routing, and access control methods (ACLs, firewalls, security policies) and IPSEC.
• Able to architect and fortify research endeavors expertly
• Excellent problem-solving skills and an ability to adapt to rapidly changing technologies
• Work on-site and well under pressure with crucial timelines and accountability
• Demonstrated ability to handle multiple tasks and projects simultaneously
• Excellent oral and written communication skills and strong commitment to technical documentation and training
• Ability to collaborate with cross-functional teams to design and implement solutions

Equivalent combination of relevant education and experience may be substituted as appropriate.

Preferred Qualifications

• Articulate and collaborative with the ability to make things happen
• Comprehensive understanding and appreciation of leading-edge research and security requirements
• Security clearances may be needed for some work
• Professional certifications such as CISSP, CISM, GIAC, CEH, Security+, or Microsoft Certified: Security Operations Analyst.
• DevSecOps Cloud certifications such as Microsoft AZ-500, AZ-305, SC-100, AWS Security Specialty, or (ISC)² CCSP
• Experience with advanced troubleshooting tools (e.g., Splunk)
• VMWare experience (vSphere, VSAN, NSXT, vRealize/Aria and/or Tanzu)
• Experience with AWS Elastic Load Balancing (ALB, NLB), VPC networking, Route 53, and Azure Load Balancer, Application Gateway, Traffic Manager, and Virtual Networks (VNet)
• Experience with containerization (Docker, Kubernetes)
• Experience with Git version control systems and branching strategies
• Working knowledge of ITIL processes, specifically Incident Management, Change Management, Problem Management

Salary Range

$125,000 + depending on qualifications

Working Conditions

• May work around standard office conditions
• Repetitive use of a keyboard at a workstation
• Use of manual dexterity
• Work performed on concurrent multiple projects under pressure of rigid deadlines or time limitations

Work Shift

• Monday – Friday, flexible between 7am-6pm; Occasional nights or weekends required on a pre-determined schedule

Required Materials

• Resume/CV
• 3 work references with their contact information; at least one reference should be from a supervisor
• Letter of Interest

Important for applicants who are NOT current university employees or contingent workers: You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications. Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded.  Once your job application has been submitted, you cannot make changes.

Important for Current university employees and contingent workers: As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs. If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume. In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above.

----

Employment Eligibility:

Regular staff who have been employed in their current position for the last six continuous months are eligible for openings being recruited for through University-Wide or Open Recruiting, to include both promotional opportunities and lateral transfers. Staff who are promotion/transfer eligible may apply for positions without supervisor approval.

----

Retirement Plan Eligibility:

The retirement plan for this position is Teacher Retirement System of Texas (TRS), subject to the position being at least 20 hours per week and at least 135 days in length.

----

Background Checks:

A criminal history background check will be required for finalist(s) under consideration for this position.

----

Equal Opportunity Employer:

The University of Texas at Austin, as an equal opportunity/affirmative action employer, complies with all applicable federal and state laws regarding nondiscrimination and affirmative action. The University is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race, color, national origin, age, marital status, sex, sexual orientation, gender identity, gender expression, disability, religion, or veteran status in employment, educational programs and activities, and admissions.

----

Pay Transparency:

The University of Texas at Austin will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

----

Employment Eligibility Verification:

If hired, you will be required to complete the federal Employment Eligibility Verification I-9 form.  You will be required to present acceptable and original documents to prove your identity and authorization to work in the United States.  Documents need to be presented no later than the third day of employment.  Failure to do so will result in loss of employment at the university.

----

E-Verify:

The University of Texas at Austin use E-Verify to check the work authorization of all new hires effective May 2015. The university’s company ID number for purposes of E-Verify is 854197. For more information about E-Verify, please see the following:

• E-Verify Poster (English) [PDF]
• E-Verify Poster (Spanish) [PDF]
• Right To Work Poster (English) [PDF]
• Right To Work Poster (Spanish) [PDF]

----

Compliance:

Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act). If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in HOP-3031.

The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may access the most recent report here or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701.