• Communicates institution specific and industry best practices around IT security standards to internal technical leads, and external technology solution developers, partners, and providers.
• Reports findings and assessment results to both technical staff and business stakeholders clearly and effectively.
• Provides mitigation and remediation suggestions, as appropriate.
• Supports digital transformation including appropriate automation, cloud migration, stakeholder empowerment and distributed but effective security practices.
• Performs application security and, vulnerability assessments, penetration testing, and risk analyses using tools such as Tenable One, Metasploit, Burp Suite, OWASP ZAP, sqlmap, nmap, Nessus, Rapid7, Kali Linux,
• Generates reports and summaries that note security vulnerabilities and risks based on standards and frameworks such as OWASP Top Ten, NIST 800-171, and CIS Benchmarks.
• Effectively delivers these reports to technical and non-technical staff, engineers, developers, and management at manager, director and vice presidential levels.
• Collaborates with the full IT Security team as well as application administrators, vendors, and business stakeholders, as appropriate, on the operational aspects of technical solutions.
• Advises on the appropriate flow of information regarding risk identification, treatment and acceptance within the university.
• Advises and contributes recommendations on operational aspects of security vulnerability and risk assessments for current technical solutions, transition or emerging solutions and in evaluating changes to systems and services (change management) for both on-premise and cloud solutions.
• Assists team in maintaining IT security tool and capability portfolio through engaged lifecycle management of hardware and software solutions, vendor management and budget planning activities (researching and drafting business cases in a zero based budget environment) as requested
• Contributor to the identification, creation, and documentation of security processes, network security standards and procedures for both internal runbooks as well as university wide communications and awareness.
• Acts as an escalation point for and collaborates with peers throughout the institution on technical security matters.
• Provides project management for small security projects and participates in IT projects across the university

• Demonstrated experience in application security, vulnerability assessments, vulnerability management, penetration testing, and risk analysis activities across functional business areas and information technology services.
• Experience in using security testing tools such as Burp Suite, Metasploit, Tenable One, OWASP ZAP, sqlmap, nmap, Rapid7, Kali Linux, Splunk, AWS Inspector, AWS CloudTrail, AWS GuardDuty, AWS IAM, and more
• Ability to demonstrate flexibility/adaptability in applying IT Security standards, knowledge of current best practices applicable to a given environment (higher education experience in this area a plus)
• Ability to effectively translate technical vulnerabilities into business risk terminology
• Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST 800-171, NIST 800-37, CIS Benchmarks, and more to technical and non-technical staff, developers, engineers, system/network administrators, and management
• Ability to work closely with team members and independently to deliver expected results.
• Experience within a university environment is desirable.

How is pay for new employees determined at GW?

The university is an Equal Employment Opportunity/Affirmative Action employer that does not unlawfully discriminate in any of its programs or activities on the basis of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, or on any other basis prohibited by applicable law.