Incidence Response Coordinator 
Position #: 106537

 Reporting to Security Office, Division of Information Technology, the position is responsible for determining that IT systems and networks (including: mainframe, applications servers, enterprise servers, and desktops/laptops) are protected against security threats, are in compliance with federal and state law, are in compliance with State/University policies, and are in conformance with accepting auditing principles. Participate in the evaluation of emerging vulnerabilities and attack vectors. Member of Computer Security Incident Response Team (CSIRT) to assure superior data confidentiality, integrity, and availability. This position is at the frontline of our computer security incident response process and will be responsible for Tier 1 triage of incoming support tickets and emails. The successful candidate will need to become SANS GSEC certified within 9 months of starting this position.

Minimum qualifications

Bachelor’s degree from an accredited college or university in computer science, IT or related field; or an equivalent combination of education and experience in an IT related field (Associates degree and 5 years related experience or H.S. diploma/GED and 7 years related experience.)

2 years of network operations center, system administration, or IT support experience.

Excellent problem solving and analytical skills.
Working knowledge of security best practices.
Understanding of core network principles (TCP/IP, DNS, DHCP).
Understanding of general system administration and desktop management (Windows, macOS, and/or Linux).
Ability to troubleshoot technical issues.
Ability to communicate effectively including written and oral communication skills.
Able to handle high pressure situations.
Excellent customer service skills.
Able to handle an on call rotation and possible work outside of normal business hours.

Preferences 

1+ year of demonstrated experience in computer/network forensics, eDiscovery, intrusion detection and response, threat hunting, firewall administration, vulnerability scanning, or other information security experience.

SANS GSEC certification or Security+ certification.

Experience with vulnerability scanning tools like nmap, Nessus, Rapid7 Nexpose.
Experience with host-based and network-based firewalls, intrusion detection, and next-generation firewalls such as iptables, Trend Micro Deep Security, snort, Palo Alto, Cisco Firepower.
Experience with endpoint detection and response (EDR) and NGAV tools like FireEye, Crowdstrike, Cylance.
Experience with log management and SIEM tools like Splunk, Elastic/ELK.
Experience with packet analysis and tools like tcpdump, Wireshark.
Experience with forensic and eDiscovery tools like EnCase, FTK, Intella.
Experience with IT and/or IT security in a higher education institution.


Physical demands: work is performed in an office environment and requires the ability to operate standard office equipment and keyboards. The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Must have the ability to lift and carry small parcels, packages and other items, and to walk short distances. Be available for periodic shifts outside of normal working hours and be a member of an on call rotation.

Best consideration date: 02/02/2021 or open until filled

Please apply at: https://ejobs.umd.edu/postings/80655