Cyber Security Systems Engineer (Vulnerability Management Subject Matter Expert)
Penn State University
The Office of Information Security is seeking applications for a Cyber Security Systems Engineer. Primary duties for this position include administering the University’s central vulnerability scanning service, serving as a vulnerability management subject matter expert, working with stakeholders to mitigate vulnerabilities, researching emerging vulnerabilities to keep the IT community informed, conducting scans to comply with regulatory requirements (e.g. PCI), coordinating with units who are not meeting the defined vulnerability remediation timelines, and vetting exception requests. This person will also respond to large-scale incidents related to vulnerable software, maintain an inventory of commonly-used and commonly-vulnerable software, coordinate with other teams across the University (such as the Enterprise Firewall and Incident Detection teams) to ensure the detection and prevention of vulnerability exploitation attempts, gather metrics to discovered mitigation issues and trends, and may also assist in the administration of other infrastructure within the Office of Information Security. This job will be filled as a level 2, or level 3, depending upon the successful candidate's competencies, education, and experience. Typically requires a Bachelor's degree or higher plus two years of related experience, or an equivalent combination of education and experience for a level 2. Additional experience and/or education and competencies are required for higher level jobs. Preferred experience areas: Tenable Nessus; Tenable Security Center; Vulnerability scanning; Industrial Control Systems (ICS); Payment Card Industry (PCI) requirements; cloud; containers; Configuration Management Database (CMDB)/inventory; Scripting or programming; Splunk. Required Qualifications: Demonstrated experience working with Windows, MacOS and Linux systems; exceptional communication skills with diverse audiences; strong critical thinking and analytical skills.
These salary bands have been established to provide salary guidelines for staff positions.