Job: Junior InfoSec Engineer - Monitoring/Incident Response/Automation - CMU

[Ted Pham <telamon () CMU EDU>]

I'm hiring for a junior level information security engineer focusing on day to day operations and scripting & 
automation.  Some forensics experience is preferred.  But primarily I'm looking for someone with a solid understanding 
of network, web, email, application and operating system concepts; who is a quick study; has a penchant for scripting 
and who is motivated to learn on the job.

Title: Information Security Engineer, Computing Services

Job Number: 2001024

Qualifications & Apply:  https://cmu.taleo.net/careersection/2/jobdetail.ftl?job=2001024

Carnegie Mellon University, one of the world leaders in higher education and research, is searching for an Information 
Security Engineer to join the Information Security Office within the university's Computing Services division.

The Information Security Engineer (ISE) is responsible for monitoring, investigation, response and support tasks 
related to the operation of the University's information security program by:

- Monitoring and responding to network intrusion and vulnerability alerts raised by automated detection systems, 
internal & external reports and manual investigation

- Executing incident response procedures and Information Security Office (ISO) processes to identify computer security 
incidents, contain intrusions and recommend options for eradication & recovery all the while effectively communicating 
with both internal and external customers and escalating as necessary

- Assisting campus IT personnel technically and procedurally with incident handling and E-Discovery requests

- Participating in projects within the ISO to improve and automate processes and tools through evaluation, 
implementation and/or development as well as providing consulting across the division and campus

- Investigating incident root cause & scope using host and network based forensics when called for by the incident 
response plan

- Handling service support requests for certificate authority, vulnerability scanning, data loss protection and 
endpoint security

- Providing documentation and announcements for security & abuse issues and current threats

- Working with University Counsel to obtain, interpret and search forensic evidence for legal cases and subpoena 
compliance (E-Discovery)

- Participating in 24x7 on call rotations for intrusion monitoring, incident response and infrastructure maintenance 
which may necessitate coming to campus at off-hours

- Sharing responsibility for maintaining documentation on all incidents and job related procedures

- Occasionally working with other groups in the division to secure infrastructure as needed

- Potentially assessing systems for vulnerabilities in design and implementation as well as penetration testing of 
hosts and client/server & web applications

Carnegie Mellon embraces diversity as a core value - central and indivisible from the pursuit of intellectual and 
artistic excellence.


Ted Pham
Information Security Office
Carnegie Mellon University