Senior Security Engineer

Woods Hole Oceanographic Institution is currently searching for a Senior Security Engineer to join the Information Systems Department. This is a regular, full-time, exempt position, and is eligible for full benefits.  

Reporting to the Sr Manager, IS Security, the Senior Security Engineer is responsible for supporting the mission of the information security program at the Woods Hole Oceanographic Institution (WHOI).   This position is responsible for assisting in the implementation, operation and management of internal and external information security efforts, enhancing our cyber security stance. Tools to support include firewalls, multi-factor authentication (MFA), identity, vulnerability management, end point protection, compliance controls and security incident event management (SIEM). 

• Operate and maintain our cyber infrastructure to include securing perimeter, identity and cloud components 
• Works with IS staff to manage the Institution’s authentication and Identity Access Management (IAM) systems and processes (Cloud/MFA/AD/LDAP).  Ensures compliance with policies and best practices. 
• Perform vulnerability scanning and develop remediation strategies 
• Implement centralized logging and SIEM ingestion, establishing critical alerting and metrics. 
• Detect, respond and document to security incidents 
• Develop and implement appropriate controls to demonstrate compliance with a variety of frameworks and regulations. Informs and trains WHOI community about information security threats and appropriate safety measures.
• Assists in developing and recommending policies and guidelines for secure computing practices and information protection.  
• Performs other duties as required. 

• Bachelor's degree in an applicable field or equivalent experience. Additional work experience needed includes 5-8 years of IT experience and a minimum of 5+ year in cyber security roles. Demonstrate mastery and growth across the IT and security domains.  
• Demonstrated expertise in trouble shooting and monitoring across a spectrum of IT components, including data analytics. 
• Expertise in securing Azure/M365 and AWS 
• Experience monitoring, detecting and remediating security threats.   
• Solid understanding of networks and their protocols, NAC, client/server environments and information security procedures.   
• Experience in the areas of vulnerability protection, threat management and advanced firewall management is desirable. 
• Ability to handle sensitive information in a confidential manner.   
• Ability to obtain a Department of Defense security clearance at level Secret or above.   
• Ability to work with other teams and vendors on security projects and issues; deliver on project and task related deadlines. 
• Strong interpersonal skills and ability to present and communicate both in writing and verbally with both technical and non-technical personnel about computer and security matters.  
• Relevant certifications include CISSP, SANS, CISCO, Palo Alto, Juniper, Splunk, Amazon Web Services (AWS).

Ability to obtain & maintain a DoD security clearance at level Secret or above. 

WHOI has a COVID-19 vaccination policy in effect for anyone planning on participating in a cruise. Prior to boarding, all individuals sailing on WHOI vessels must be fully vaccinated against COVID-19, including applicable booster shots.

This is a mostly sedentary position with occasional standing and walking. Occupational requirements include hearing, talking, working around others, working with others and working alone.

WHOI is an Affirmative Action/Equal Opportunity Employer/Disabled/Veterans/M/F. We encourage Veterans and those with Disabilities to apply. Applications are reviewed confidentially. Applicants that require accommodation in the job application process are encouraged to contact us at (508) 289-2253 or email eeo@whoi.edu for assistance. 

 Not applicable