Internet2, a non-profit organization, provides high-performance networking, trust and identity infrastructures, cloud services brokering, and related services to its research and education member institutions and beyond. Internet2 represents an exceptional partnership spanning U.S. and international institutions that are leaders in the worlds of research, academia, industry and government. The organization is an equal opportunity employer and welcomes and seeks diverse candidates for all of its positions.
InCommon, the Internet2-community developed identity federation, provides the U.S. higher education and research community with the common framework for trustworthy access to online resources. InCommon facilitates the development of community-based common trust fabrics – SAML Federation, Certificate Services, and other services and activities – that enable participants to access protected online resources. For more information about InCommon visit www.incommon.org.
The Trust and Identity Services Security Lead and Systems Administrator acts as part of a highly collaborative cross-functional technical service delivery team to securely, reliably and scalably deliver mission critical InCommon and related Internet2 Trust and Identity IT Services to InCommon’s customers. The position reports to the Director of Technology and Strategy, InCommon and works closely with the Trust and Identity Services DevOps Manager to address operational and security-related technical service delivery needs in the InCommon Federation, Certificate, eduroam and other services. The position collaborates with Internet2 technical architects, Internet2 project managers, and colleagues in Internet2’s Technical Services Group to design, develop, implement and deliver InCommon services including the SAML federation and other related service components.
The Security Lead and Systems Administrator works in the hands-on, day-to-day implementation, maintenance, troubleshooting, and technical delivery of services which InCommon operates, and is the primary person responsible for ensuring the security of the services that InCommon offers. The successful candidate will have experience delivering highly secure services in a complex IT environment. The position requires a high degree of collaboration with community groups including the InCommon participant community, and security advisory committees, frequently participating in efforts to meet requirements defined by these national and international groups. The position requires a background in IT security, familiarity with standard systems administration tasks as well as some familiarity with working in a “DevOps” environment, where systems engineers, architects and developers collaborate to deliver services using modern, collaborative approaches.
Areas of work include:
Risk Management - Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range.
Compliance - Determine applicability and scope of various regulations; interpret and implement technical requirements to ensure compliance.
Incident Response - Carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities.
System and Application Hardening - Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws.
Network Monitoring and Protection - Detect and prevent intrusions using IDS/IPS tools; Implement firewall policies and monitor effectiveness.
Vulnerability Management - Detect and/or assess the impact of reported vulnerabilities; implement mitigation strategies based on severity.
Subject Matter Expert - Participate as an information assurance subject matter expert in the analysis and design of new systems and services; Participate in the design, implementation, and continuous improvement of security service offerings.
This staff position is full-time, ideally based in Ann Arbor, MI, Denver CO, West Hartford CT, Emeryville CA, or Washington, DC. Other locations will be considered. The job requires some schedule flexibility, ability to travel up to 20% of the time for work, and to act as part of a 24x7x365 shared on-call rotation with other staff members in support of Internet2 Trust and Identity services.
Minimum of a bachelor’s degree or equivalent in IT systems security, IT systems engineering, or equivalent combination of education and work experience
An ISC2 CISSP certification or similar evidence of in-depth IT security knowledge and practice
Ability to develop and sustain an information security program
Experience with IT security incident handling, incident response/coordination, root cause analysis, remediation and reporting
Demonstrated ability to work with a team of diverse skillsets and backgrounds to achieve shared goals in IT service delivery
Excellent written and verbal communication skills including handling vendor, customer, peer and leadership relationships with a high degree of diplomacy, and communicating freely and appropriately with colleagues as well as with community members (for example, when serving on community technical working groups)
Excellent documentation skills including writing technical requirements, implementation and maintenance instructions, documenting change plans and other staff-facing work instructions in a clear, understandable and repeatable way
Experience implementing complex, highly reliable, high performance, verifiable/testable and secure IT systems
Experience with hosting highly secure open source software-based application clusters in secure environments
Strong experience with *nix-like environments including command line, shell scripting, scripting in other miscellaneous environments, cron jobs, systems security practices, etc.
Logging of systems, applications and other related data, and familiarity with advanced log aggregation and reporting tools
Analysis of security events via logs, forensics, netflows and other security tools
Experience with active and passive security tools such as firewalls, client management, application security scanning, network event collection and alerting, etc.
Manipulation of highly complex configurations in a documented and repeatable manner
Familiarity with multilateral SAML-based trust federations
Familiarity with identity management concepts and tools including LDAP, person registry, group/role/permissions management, role-based access control, etc.
Experience with highly secure networking concepts in support of the delivery of security services such as X.509 Certificate Authorities, SAML federations, banking transactions, payment systems, or similar environments
Experience with hardware security modules for use in signing and encryption operations
Familiarity with one or more programming languages/frameworks
XML skills including working with XSLT, DTD, XML digital signature, etc.
Self-managing; able to work on a fast-changing team and be accountable
Sees the big picture (the community’s goals and needs), not just the task
Willing to keep learning new tools, skills, techniques
Cares about doing good work; likes to improve practices
Strong communicator; able to help community representatives and teammates make good decisions
Able to work constructively in a group; not led by ego
Top-notch interpersonal, collaboration and organizational skills, including the ability to work across areas with multiple levels of management, staff and community members.
Passion for customer service
Internet2 is a 501(c)(3) not-for-profit organization and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
Internet2® is a member-owned advanced technology community founded by the nation's leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve common technology challenges, and to develop innovative solutions in support of their educational, research, and community service missions.