Senior Secure Research Systems Engineer

Flexible work arrangements are available for this position, including the ability to work remotely within the United States. We would strongly prefer a candidate located in the greater Austin area as travel to campus for occasional in-person events, training, team meetings, activities, etc., will be required.

This position provides life/work balance with typically a 40-hour work week and travel limited to training (e.g., conferences/courses).

Enterprise Technology is dedicated to supporting the mission of the University of Texas at Austin of unlocking potential and preparing future leaders of the state., The Senior Secure Research Systems Engineer will lead secure research computing initiatives at UT Austin across various projects, playing an essential role in the implementation, security, and maintenance of the university's Controlled Unclassified Information (CUI) research environment. This position demands proficiency in applying security engineering principles and countermeasures within federally regulated environments, encompassing both on-premises and cloud infrastructure. The engineer will work in collaboration with multiple infrastructure, networking, and security teams to design compliant technical architectures, enforce federal security controls, resolve issues, and support the university's research compliance objectives., * Configure and maintain secure cloud infrastructure (GovCloud/GCC High), endpoint management, and SIEM tooling in alignment with CRSP-approved platform decisions. Coordinate with ISO to ensure security monitoring integrations - including log forwarding to ISO-managed platforms - are functional and maintained.

• Maintain a university wide infrastructure environment, associated resources, and provide support for research involving controlled unclassified information (CUI).
• Administer Linux and Windows servers, endpoints and other IT assets.
• Conduct security operations, monitor events, and respond to incidents across multiple enclaves.

Security & Compliance Implementation:

• Design and maintain the technical implementation of security standards, policies, procedures and controls based on CUI best practices, compliance frameworks, and audit findings.
• Support processes to bring projects into compliance with Cybersecurity Maturity Model Compliance (CMMC) 2.0 requirements.
• Implement and enforce technical controls under NIST (SP) 800-171 or NIST (SP) 800-53 or FIPS 140-2 controls, including encryption, access controls, logging, and endpoint protection.
• Design and manage cryptographic mechanisms for data at rest, data in transit, digital signatures, and message integrity (HMAC, TLS, IPSEC).
• Provide artifacts for Department of Defense audits.

Program Coordination:

• Collaborate with restricted research teams (researchers, faculty and staff) to establish secure research computing and laboratory environments in compliance with federal CUI regulations.
• Partner with the CRSP Director and Deputy Director to manage POA&Ms, SSPs, and technical remediation planning.
• Document technical processes and collect required artifacts for CUI assessments.

Risk Assessment & Compliance Monitoring:

• Engage in ongoing risk assessment across the college research environment and develop risk registers aligned to NIST controls.
• Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention).

Perform other related functions as assigned., The retirement plan for this position is Teacher Retirement System of Texas (TRS), subject to the position being at least 20 hours per week and at least 135 days in length., Employees may be required to report violations of law under Title IX and the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act). If this position is identified a Campus Security Authority (Clery Act), you will be notified and provided resources for reporting. Responsible employees under Title IX are defined and outlined in HOP-3031.

Must be authorized to work in the United States on a full-time basis for any employer without sponsorship., * Demonstrable implementation experience with NIST SP 800-171, NIST SP 800-53, FIPS 140- and DISA STIG

• Bachelor's degree in Computer Science, Engineering, Information Technology, or a related field, or equivalent experience (HS diploma + extensive experience and certifications will be considered)
• 3+ years of professional experience working in highly secure compliant hybrid environments such as CUI, NIST, ITAR.
• 3+ years of experience infrastructure engineering, including computer, storage, AD, and virtualization technologies.
• 3+ years expert experience in the IAAS cloud service model (Azure, AWS, or Google Cloud) or hybrid environments.
• 5+ years of experience in server administration with Linux (Ubuntu, RedHat) and Windows.
• Demonstrable proficiency with scripting, automation and configuration management, using automation framework tools (e.g., Ansible, Terraform, Chef, Puppet, CloudFormation).
• Deep understanding of related networking concepts like SDNs, VRFs, DNS, switch, network routing, and access control methods (ACLs, firewalls, security policies) and IPSEC.
• Able to architect and fortify research endeavors expertly
• Excellent problem-solving skills and an ability to adapt to rapidly changing technologies
• Work on-site and well under pressure with crucial timelines and accountability
• Demonstrated ability to handle multiple tasks and projects simultaneously
• Excellent oral and written communication skills, with a demonstrated ability to translate complex technical concepts for non-technical audiences including investigators, faculty, and research staff
• Ability to collaborate with cross-functional teams to design and implement solutions
• Ability to communicate effectively with investigators and research teams - explaining compliance requirements, system constraints, and onboarding processes in accessible, non-technical terms
• Demonstrated proficiency in technical writing and the production of compliance artifacts, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and Technology Control Plans (TCPs)

Equivalent combination of relevant education and experience may be substituted as appropriate., * Articulate and collaborative with the ability to make things happen

• Comprehensive understanding and appreciation of leading-edge research and security requirements
• Security clearances may be needed for some work
• Professional certifications such as CISSP, CISM, GIAC, CEH, Security+, or Microsoft Certified: Security Operations Analyst.
• DevSecOps Cloud certifications such as Microsoft AZ-500, AZ-305, SC-100, AWS Security Specialty, or (ISC)² CCSP
• Experience with advanced troubleshooting tools (e.g., Splunk)
• VMWare experience (vSphere, VSAN, NSXT, vRealize/Aria and/or Tanzu)
• Experience with AWS Elastic Load Balancing (ALB, NLB), VPC networking, Route 53, and Azure Load Balancer, Application Gateway, Traffic Manager, and Virtual Networks (VNet)
• Experience with containerization (Docker, Kubernetes)
• Experience with Git version control systems and branching strategies
• Working knowledge of ITIL processes, specifically Incident Management, Change Management, Problem Management, * May work around standard office conditions
• Repetitive use of a keyboard at a workstation
• Use of manual dexterity
• Work performed on concurrent multiple projects under pressure of rigid deadlines or time limitations, A criminal history background check will be required for finalist(s) under consideration for this position., * E-Verify Poster (English and Spanish) [PDF]
• Right to Work Poster (English) [PDF]
• Right to Work Poster (Spanish) [PDF]

The University of Texas at Austin and Enterprise Technology provide an outstanding benefits package to our staff. Those benefits include:

• Competitive health benefits (Employee premiums covered at 100%, family premiums at 50%)
• Vision, Dental, Life, and Disability insurance options
• Paid vacation, sick leave, and holidays
• Teachers Retirement System of Texas (a defined benefit retirement plan)
• Additional Voluntary Retirement Programs: Tax Sheltered Annuity 403(b) and a Deferred Compensation program 457(b)
• Flexible spending account options for medical and childcare expenses
• Training and conference opportunities
• Tuition assistance
• Athletic ticket discounts
• Access to UT Austin's libraries and museums
• Free rides on all UT Shuttle and Capital metro buses with staff ID card

The Clery Act requires all prospective employees be notified of the availability of the Annual Security and Fire Safety report. You may access the most recent report here or obtain a copy at University Compliance Services, 1616 Guadalupe Street, UTA 2.206, Austin, Texas 78701.