The Division of Information Technology (it.gwu.edu) is the chief provider of technology infrastructure, services and applications at GW. The Division partners with stakeholders across GW to equip students, staff and faculty with the technology know-how and tools necessary to achieve academic excellence. Reporting to the Director of Information Security Services, the Senior Security Engineer works within the Division’s Information Security & Compliance Services department. The Senior Security Engineer is responsible for the following:
• Performs technical security assessments, penetration testing, and vulnerability assessments on various platforms including analysis of networks, servers, appliances, applications, business processes, and cloud integrations.
• Demonstrates proficiency in a variety of penetration testing tools such as Kali Linux, Burp Suite, OWASP ZAP, Metasploit, Wireshark, sqlmap, and Nmap. The candidate is capable of conducting custom fuzzing and scripting to automate security analysis
• Performs thorough web application security assessments using guidelines such as the OWASP Top Ten to discover web vulnerabilities such as broken access control, insecure business processes, content/directory enumeration, logic flaws, session management flaws, code injection (XSS, /SQL Injection, Command Injection, etci), and and authentication/authorization bypass
• Documents testing results and creates clear, structured deliverables. Communicates technical findings and remediations to internal groups in a way that relates to all levels of technical competence
• Performs testing and research to identify previously undocumented vulnerabilities outside of the security assessment process. Leads actively in the information security community and stays current on new vulnerability research, trends, and tools
• Reviews system architectures and application functions to make recommendations to enhance security for projects
• Provides technical input to continuously improve university security posture
• Performs other related duties as assigned.
The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.
This position is primarily located on the GW Virginia Science and Technology Campus (VSTC) in Ashburn, Virginia, however time may be split between this location and the Foggy Bottom Campus in Washington DC as required.
Qualified candidates will hold a Bachelor’s degree in an appropriate area of specialization plus 5 years of relevant professional experience, or, a Master’s degree or higher in a relevant area of study plus 3 years of relevant professional experience. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience.
• Professional experience in operation and installation of security systems along with a minimum of two years of UNIX, Windows, and ORACLE system administration experience
• Excellent interpersonal and communication skills.
• Experience within a university environment preferred
The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.