Job escription Post/Job Title: Principal Security ngineer Post holder: Ref: Location: School/Support Service: Group/Section: Normal hours per week: ITS67 University wide (Lansdowne Campus/Talbot Campus) IT Services Communications Team (Part of Applications & Technology) Full time Grade: 7 Accountable to: Special conditions: Communications Architect ue to the nature of role, working unsocial hours will be Staff will be required to carry a mobile phone and be contactable at reasonable times. You are required to be available to respond in a major incident within the IT service that may be impacted by the Technology Group. You may be required to be on-call on a pre-arranged rota basis, but no more frequently than one week in four. Job purpose Responsible for the maintenance of the BU production network security infrastructure to required levels of availability and for ensuring any potential issues that could significantly impact on service are acted upon proactively. nsure enhancements are appropriate and measured and do not negatively impact on the service generally. Act as 3rd line support for network security systems to resolve service issues. To identify and develop effective service improvement plans for the production portfolio within this role s area of expertise and to contribute to the design and development of the BU Production Infrastructure. Main Responsibilities 1. Be accountable for the day to day management and configuration of security systems, including firewalls and application delivery controllers across the production and development portfolio. 2. nsure compliance with BU internal processes, governance and legislative requirements. Be responsible for the effective planning and fit-for-purpose design of new and enhanced network security services. 3. Use management systems software and appropriate analysis tools to collect business critical server/appliance and application performance statistics and create reports, including proposals for improvement. All proposals will be planned, organised, designed and implemented by the jobholder, with full documentation and ultimate accountability. 4. Identify and design preventative measures and services to improve security within LAN (wired and wireless), WAN, Telephony and internet gateway services.
5. Maintain a current knowledge of legislation appropriate to the information systems involved, such as data protection and computer misuse acts. 6. Provide strategic direction to the technical response to security events that have affected IT Infrastructure. 7. Be accountable for the successful implementation of new and enhanced network security services. 8. Work with other teams and individuals to identify and record any system vulnerabilities and create strategically-focused service improvement plans. 9. valuate, esign, Configure and Install network security devices and related products in line with the IT strategy. 10. Coordinate and communicate the response to security incidents by working with the Information Security Officer, the Infrastructure Operations Manager and other members of IT Services as 11. ocument procedures and scripts for all aspects of network security infrastructure. 12. Facilitate group discussions, workshops and other meetings relevant to security. 13. evelop and deliver security services training and best-practice guidance to IT colleges as 14. Mobilise and manage virtual teams created to respond to security threats. 15. Pro-actively utilise network and security tools to investigate, diagnose and resolve problems related to security breaches, within service level agreement tolerances. 16. Manage and maintain a high availability BU network security infrastructure. 17. Continuously update and develop specialist knowledge of networking security techniques and design principles through review and evaluation of emerging technologies. 18. Translate stakeholder requirements, define and design controls and present architecture specifications to the Assistant irector of IT Services. 19. Work with Faculties and Professional Services on development projects to ensure the appropriate levels of security are adhered to through use of network security technologies. 20. Interpret installation standards to meet particular project needs and produce server, device and infrastructure components as 21. valuate potential solutions, demonstrating, installing and commissioning selected products. 22. Constructs, extends or maintains, tests, corrects and documents components within the technologies to achieve well engineered products. 23. Liaise with IT Services colleagues, Faculties, Professional Services, suppliers and agencies to implement successful live environments (as well as upgrades) using structured deployment techniques, tailored to BU requirements. 24. Maintain a personal development programme as agreed with line manager.
Organisation Chart & contacts imensions IT Services are growing in number, complexity, scope and coverage especially when trying to balance the increasingly complex demands from academics and the adoption of a bring your own device model against the security requirements of the University. The delivery of these systems involves a complex design and evaluation process to ensure the services are responsive, reliable, robust and secure especially in regard to mission critical data where down times due to failure are not acceptable. To deliver and maintain these services we require in-depth, wide-ranging technical knowledge and experience. Audio/Visual estate currently consists of: 13 Large Lecture Theatres 71 Large Seminar Spaces 84 Small Seminar Spaces 3 Video Conference Suites 66 igital Signage installations Technical infrastructure consists of: c500 servers running mainly RedHat Linux and Microsoft Windows c250 applications/databases c20,000 internal user accounts c5000 desktop computers c40,000 e-mail accounts Network infrastructure consists of: 70+ comms rooms Cisco routers and switches and 20000 network points 802.11(a/g/n/ac) wireless coverage throughout the University using c.1000 access points ResNet Services to approx 1700 rooms offering connection to the University network UniLet IT Services to approx 2000 students 2 Gbit connection to the Internet with 1Gbit backup VPN connectivity to partners and home workers Cisco IP Telephony System capable of supporting c5000 users 5 Cisco ASA Firewalls 2 F5 Big-IP Application elivery Controllers. Contacts Internal: All staff up to Heads of Support Services and eans of Faculties The post holder will need to work with managers within IT Services.
xternal: Professional user groups and University Partners. Software vendors, support lines and third party vendors Challenges To be seen as the focal point for authoritative specialist technical knowledge in the area of responsibility. Maintaining acceptable levels of service across a highly complex and technical service provision. Coordinating a wide range of technical personnel. elivering highly complex and technical solutions to budget and timescales. Understanding highly technical and complex issues and deciding on appropriate solutions. Planning resources to ensure service and projects and delivered as expected. Additional Information The post holder must operate at all times in accordance with legislative and regulatory requirements. In particular: o The post holder must at all times carry out their responsibilities with due regard to the University s ignity, iversity and quality Policy Statement. o The post holder must be vigilant in complying with Health & Safety regulations, to maintain a safe and secure working environment. o The post holder must actively seek and promote measure to reduce the University s carbon footprint. The purpose of the job description is to indicate the general level of responsibility and location of the position. The duties may vary from time to time without changing their general character or level of responsibility. The post-holder may be required to: Attend training courses away from the University. Carry a supplied mobile phone and be contactable at reasonable times. Will be expected to work unsocial hours as required by projects (inc weekends / bank holidays). Will be expected to supervise and manager Partners / Suppliers. (IT Services only) When on-call, staff must:- be expected to be within one hour travel time of the University be fit and available for work at all times. Be available for contact at all times and mindful of areas where mobile reception is poor November 2015
Person Specification Post / Job Title: Principal Security ngineer Post No: ITS67 School / Professional Service: IT Services ate: November 2015 SLCTION CRITRIA ssential / esirable Knowledge (including experience & qualifications) in order of importance Substantial relevant experience of delivering enterprise-level network security solutions in a structured environment Substantial experience in a production network security environment utilising the following technologies: - Firewalls - Application elivery Controllers (e.g. F5 Big-IP, NetScaler) - Vulnerability iscovery Tools (e.g. Nessus) - TCP/IP Networking - Network Monitoring for Security (e.g. NetFlow, IS) xperience of managing and mobilising virtual-teams and individuals to respond to security incidents. Significant experience of Information Security principles Cisco CCNA certification and/or training CISSP certification and/or training Appreciation of legislative frameworks relevant to the area, for example, the ata Protection Act, PRVNT, Human Rights Act or Non-disclosure Agreements. etailed knowledge and experience of at least two of the following: Cisco ASA firewalls F5 Big-IP Application elivery Controllers Cisco switches and routers Providing 3 rd + line support to business critical services xperience of Wireless network security including Bring-Your-Own-evice methodologies. Good degree in a computer related subject and/or relevant professional experience/qualifications Understanding of project management methodologies Knowledge of emerging technologies relevant to the network security industry Understanding of the IT requirements deriving from Higher ducation processes xperience of working in an ITIL v2+ environment Prince2 Foundation qualification Skills Ability to motivate others Ability to structure and deliver technical training courses to internal staff xcellent written and oral communication skills Ability to investigate and analyse problems Proactive customer support and problem resolution Providing technical support to other technical teams as required Methodical and disciplined approach Working to required timescales Ability to integrate of third party providers into support environments Attributes Team worker Ability to work on own initiative (within limits of a governance framework) Self-reliant and proactive Ability to assimilate complex customer requirements Flexible approach with the ability to multi-task Ability to work under pressure Proven customer focus