Location:
Home » Professional Development » Job Opportunities » University Ethical Hacker / Penetration Engineer
Professional Development

University Ethical Hacker / Penetration Engineer (University of Michigan-Ann Arbor) [ARCHIVED]

The employment listings in this section provide information on current openings in the broad field of information technology in higher education. The service also enables EDUCAUSE member organizations to publicize such openings free of charge. This complimentary service is a benefit of EDUCAUSE membership.

University Ethical Hacker / Penetration Engineer (University of Michigan-Ann Arbor) [ARCHIVED]

Title: University Ethical Hacker / Penetration Engineer
Job Type: Other Technical/Programmatic/Customer Service Positions
Organization: University of Michigan-Ann Arbor
Location: Ann Arbor, MI (Midwestern U.S.)
Carnegie Classification: DR EXT - Doctoral/Research Universities-Extensive
Description:

To apply for this position through 09/30/2008 , please visit www.UMjobs.org. Once you have established your profile, go to Search for Jobs, click Start Here and enter Job ID #23623. For more information about building your career at the University of Michigan, please go to www.UMjobs.org and select *Why U-M*. A Non-Discriminatory/Affirmative Action Employer.

Working Title: University Ethical Hacker / Penetration Engineer
Market Title: Data Security Analyst Senior /Intermediate
Job Code: 102322
Department: Information Technology Security Services
FLSA Status: Exempt
Salary Range: **$68,462-97,900
Appointment: 100 % /40 hours per week
Posting Begins: 07/25/08
Posting Ends: 09/30/08

This position may be underfilled as an Intermediate depending on the qualifications and experience of the selected candidate. The salary range for an Intermediate is $61,154 - $87,450

A cover letter and resume are required for consideration for this position. The cover letter should be included as a page of your resume. Please specifically address your interest in the position and outline your particular skills and experience that directly relate to this position.

Position Description:
The Ethical Hacker / Penetration Engineer will work independently and in teams. This individual will perform ethical hacking assessments on multi-protocol University network and application systems (e.g., network, OS, web applications, etc.). This individual will be responsible for finalization and delivery of reports outlining test results; prepare formal presentations for technical management; and develop and maintain methodologies and software tools to enhance the University*s infrastructure and web application security testing services.

Duties:
The individual in this position will be assigned to tasks of a highly technical nature that require an expert understanding of security technologies and strategies. On routine tasks, this individual will work independently but may be expected to coordinate efforts of others on complex projects.

This individual will:
*Provide technical direction in the identification of software vulnerabilities in operating systems, applications, and network infrastructure.

*Develop state-of-the-art techniques and tools to exploit and control of hosts and networks, including VoIP.

*Reverse engineer malware in both static and dynamic environments to understand capabilities and the threat it poses.

*Provide training, guidance and assistance to systems security staff to successfully accomplish objectives. Serve as a technical resource for other unit staff.

*Participate in the evaluation of proposed systems, applications and network software to determine security or data integrity implications. Assess risks to University systems and identify countermeasures; plan and implement technologies.

*Facilitate the timely dissemination of security information to team members.

*Attend training, seminars and conferences.

to the organization.

Requirements:

Department Qualifications:
Bachelor*s degree in Computer Science or Computer Engineering or an equivalent combination of education and
experience is necessary.

This individual must possess:

*Minimum of 7 years experience in information systems security.

*Extensive exposure to and knowledge of network security technologies, such as firewalls, IDS, IPS, and application proxies.

*Strong programming skills in C, C++, and/or Java for software application development. Strong ability to comprehend various assembly architectures (Intel/AMD are a must).

*Expert knowledge of scripting languages, Perl, Python, Ruby, etc.

*Experience in system design and specification, analysis, simulation implementation, communications protocols, including network protocols (TCP/IP), packet switching, routing, and OSI model is essential.

*Software reverse engineering, and telephony tools and architectures is highly valuable. Experience with specific standards including VoIP, SIP, OSPF and MPLS.

*Vulnerability and penetration testing experience including hands-on experiential base and deep knowledge in identification and exploitation of software vulnerabilities.

*Detailed understanding of common technologies used in n-tier web applications: Perl, Java, JavaScript, Active Server Pages, Oracle and SQL Server.

*Experience testing web applications for common web application security vulnerabilities as defined by OWASP including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.

*Experience with multiple operating systems (internals, especially network stacks): Windows, Linux, OS X,*nix, and Virtual Machines.

*Ability to work independently and proactively.

*Ability to contribute and collaborate effectively as a lead member of a highly-functioning and productive team.

*Excellent organizational, analytical and independent problem-solving skills.

*Ability to communicate effectively, both verbally and in writing.

*Demonstrated successful performance in giving presentations, and coordinating and completing multiple tasks within established and changing deadlines. Demonstrated leadership with project deadlines and motivating others.

*Highly desirable to hold one or more of the following certifications:

oCEH - Certified Ethical Hacker
oGPEN - GIAC Certified Penetration Tester
oCEPT - Certified Expert Penetration Tester

*The mission of the University of Michigan*s Information Technology Security Services (ITSS) is to provide the University community with a robust, scalable information technology security framework to enable the appropriate protection of University information technology resources and services. For more information about ITSS, please go to http://safecomputing.umich.edu/

Benefits at the University of Michigan
http://www.umich.edu/~jobs/benefits.html

QUALITY, VARIETY AND PEACE OF MIND

In addition to a career filled with purpose and opportunity, The University of Michigan offers a comprehensive benefits package including:
* generous time-off
* a retirement plan that provides matching contributions with immediate vesting
* many choices for comprehensive medical insurance
* life insurance
* a long-term disability option

In additional to the University of Michigan benefits, you will be eligible for consideration for additional financial incentives through the ITSS/MAIS Rewards and Recognition program which is designed to encourage and reward work efforts and results that are exceptional and beneficial to the organization.
More Information: http://www.umich.edu/~jobs/
Posted:August 21st, 2008
Closed:September 30th, 2008
 
© Copyright 1999-2009 EDUCAUSE
  Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.