The Information Security Engineer position in the Information Security Office (ISO) is responsible for leading and supporting security initiatives which mitigate risk and ensure system and data integrity at the University of Utah and University Health Care. This includes providing security guidance and technical risk assessments of new or ongoing projects, responding to and analyzing security incidents, and implementing new security technologies or processes. This is a highly collaborative position which requires strong analytical and communication skills. This position is currently hybrid, requiring the selected candidate to either reside in, or be willing to move, to the Salt Lake City area. About UIT: University Information Technology (UIT), the central IT service provider for the University of Utah, reports to the U’s Chief Information Officer and is responsible for many of the U’s shared IT services including the wired and wireless network; Campus Information Services (CIS) portal; U - Mail, telephone, and online collaboration; digital learning technologies; information security; software licensing; and a host of other IT systems and services. About the University of Utah: Located in Salt Lake City, the U is the flagship institution of the State of Utah’s system of higher education, home to arts and museum venues and a member of the BIG-12 Conference. Skiing and snowboarding opportunities are a short distance from campus, and opportunities to pursue activities from biking to hiking to fishing abound. Salt Lake City is home to the Utah Symphony and Opera, Ballet West, professional sports teams, and a wide range of other cultural and recreational activities. Responsibilities Information Security Engineer - Communicate security and operational risks, incident details, and mitigation strategies to senior management and relevant stakeholders.- Coordinate with IT teams and system administrators to ensure cohesive security strategy and control implementations.- Collaborate in the development of action plans to improve security posture.- Assist the University in meeting Information Security compliance obligations.- Contribute to incident response procedures, participate in incident response activities, and help develop strategies to prevent future occurrences.- Analyze indicators of compromise from endpoints, servers, and cloud environments to identify the root cause of breaches, malware infections, or other security issues.- Provide security evaluations and guidance regarding new technologies or processes.- Assist in legal discovery, evidence acquisition, and preservation.- Support the Security Operations Center (SOC) with tools, data, and guidance.- Stay up-to-date concerning emerging threats, vulnerabilities, and security solutions through research and industry sources. This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to the job. Minimum Qualifications EQUIVALENCY STATEMENT: 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor’s degree = 4 years of directly related work experience). Department may hire employee at one of the following job levels: Information Security Engineer, III: Requires a bachelor’s (or equivalency) 6 years or a master’s (or equivalency) 4 years of directly related work experience. Information Security Engineer, IV: Requires a bachelor’s (or equivalency) 8 years or a master’s (or equivalency) 6 years of directly related work experience. Information Security Engineer, V: Requires a bachelor’s (or equivalency) 10 years or a master’s (or equivalency) 8 years of directly related work experience. Preferences A thorough understanding of security industry standards (i.e. NIST 800-53, ISO/ IEC 27001, CIS Controls, etc.)- Experience with compliance standards including HIPAA, FISMA, PCI, and FERPA- Experience with information security in a higher-education or healthcare setting.- One or more security-specific certifications (CISSP, CISA, etc.)One or more of the following:a.) Experience with Data Security Posture Management, both on-premises and Cloud/ Saasb.) Microsoft Purview Sensitivity Labels, Email, SharePoint, and One. Drive access controlsc.) Data Loss Prevention tools, tactics, and proceduresd.) Data cataloging, classification, discovery, and governance; overall data security Type Benefited Staff