Summary
ARC’s Senior Research Infrastructure Engineer (SRIE Security) is an expert,exercising professional responsibility for the security of key and underpinning infrastructure and supporting ARC’s delivery of the specialist infrastructure and services that enable the University’s researchers to carry out world class research. They will employ an intelligent, risk-based methodology that takes a comprehensive but adaptable approach to security, appropriate to the breadth and diversity of our computational research.
The Senior RIE (Cybersecurity) is a senior technical specialist with extensive experience in Linux system administration. An expert contributor with a broad knowledge of computing (theoretical and practical) and detailed knowledge in their discipline with operational security management responsibility for installed BEAR infrastructure and its supporting services.
This role is based on the University of Birmingham’s wonderful campus. We welcome candidates looking for flexible working patterns though note that there is an expectation that candidates will spend substantial time on campus each week.
Main Duties
1. Strategic Planning and Governance: Supporting ARC’s compliance with the University's information security strategy, policies, and procedures to enable as well as protect research activity and external partnerships using the specialist compute services provided by ARC.
2. Risk Management: Identifying, assessing, and managing security risks in the ARC infrastructure and related to use of the services delivered by ARC both local and national.
3. Secure Systems Configuration: Managing the security aspects of system configurations, ensuring secure channels, appropriate access controls, proper authentication, etc.
4. Architecture: Contributing to the design, review and implementation of systems and architectures, considering the security implications, emerging threats and technological advancements.
5. Monitoring: Proactively monitor security events from systems and services to identify, investigate and manage the resolution of security issues. Take the technical lead in the event of security incidents.
6. Threat detection: Utilising sources of information from the ARC systems and infrastructure, identifying threats to cyber security and raising security incidents.
7. Incident Response: Supporting ARC’s security incident response efforts, working closely with IT Security, other IT teams and other departments to minimize the impact of security incidents.
8. Vulnerability management: Identification, verification and remediation, or collaboration with ARC and IT Services colleagues to coordinate the remediation of, vulnerabilities across infrastructure and software systems across the ARC infrastructure and service portfolio.
9. Security testing: Evaluate security features and security implications of new technologies, systems and services being considered for ARC during planning and change, and ensuring these are secure during implementation and deployment. They will conduct security-focussed testing and benchmarking across the wider ARC infrastructure.
10. Training and Awareness: Supporting the development and delivery of tailored security training for University researchers where appropriate. Provide technical expertise and real-world examples to help researchers and colleagues understand security requirements and best practices.
11. Standards and Compliance: Working with the Principal Research Infrastructure Engineer (Security & Compliance) to achieve and maintain suitable Standards, including ISO 27001, that provide assurance and demonstrate the suitability of ARC’s services to researchers and their funders, streamlining activity to ensure a responsive and reliable service, noting the frequent need to meet tight deadlines.
12. Vendor Engagement: Engaging with third-party vendors and service providers to ARC, ensuring the protection of research assets and infrastructure, and ensuring compliance with ARC and University requirements.
13. Communication and collaboration: Build and manage relationships with suppliers both internal and external to support the security of operations and the development of the infrastructure and its associated services. This will include the partnerships necessary to support collaborative research, on campus, nationally as well as internationally. Collaborate with the other IT Services teams (especially Information Security) interacting with them on security matters affecting ARC infrastructure and services.
14. Actively manages equality, diversity and inclusion through monitoring and evaluation and actively challenging unacceptable behaviour.
15. Supports the University’s sustainability agenda through resource efficient working.
16. Any other duties commensurate with the grade.
Person Specification
17. Educated to degree level (or equivalent qualifications) in a STEM subject.
18. Proven technical expertise in a relevant technical, professional or functional specialism.
19. Substantial Linux system administration experience.
20. Enthusiasm for as well as broad and up to date knowledge of information security processes and technologies.
21. Experience of information security related infrastructure systems engineering, hardening or application security.
22. Substantial experience in a complex computing environment including with significant experience of the security aspects of operations. Ideally that experience would include some involvement with academic research or HPC.
23. Substantial experience scripting or programming.
24. Familiarity with CI/CD tools such as Git, GitLab and associated PR/MR workflows.
25. Excellent communications skills - able to document solutions, communicate effectively to peers as well as convey difficult concepts to novice users.
26. Ability to exercise a substantial degree of independent professional responsibility and discretion and apply an expert understanding of their specialism to the needs of the University.
27. Proven ability to work as part of a team to deliver services.
28. A self-motivated learner with a track record of continually updating skills.
29. Excellent organizational skills with an ability to research and plan own work.
30. Evidence of literacy and numeracy.
31. Demonstrable capacity to independently solve problems.
32. Experience of championing Equality, Diversity and Inclusion in own work area.
33. Ability to monitor and evaluate the extent to which equality and diversity legislation, policies, procedures are applied.
34. Ability to identify issues with the potential to impact on protected groups and take appropriate action.
Desirable Knowledge, Skills, Qualifications, Experience
35. Experience of security or infrastructure operations in a compliance-driven environment,. ISO 27001 or NIST CSF.
36. Experience of supporting colleagues and service users to support a security aware culture.
37. Experience in having dealt successfully with information security incidents.
38. Demonstrated ability and experience reducing information security risk, ideally in an academic research environment.
39. Able to articulate a clear understanding of information security processes and the key differences between the needs of enterprise IT and research computing.
40. Some knowledge of relevant national and international information security and digital data standards, legislation and guidance relevant to the academic and research sectors.
41. Experience with NHS information security policies, standards and regulations including NHS IG toolkit would be an advantage.
42. Experience of using a configuration management tool such as Ansible, Salt or Puppet.
43. Professionally active within the research computing or cyber security sector.
Role context
Roles at this level will either be technical specialists operating at a very high specialist level as expert contributors or experienced functional/technical professionals with a broader knowledge across their discipline with managerial responsibility for the delivery or ownership of a service.
Core competencies/transferable skills
Working at this level you will be able to develop and successfully demonstrate the core competencies/transferable skills outlined in each of the areas shown below. You will be expected to take ownership for getting things done, including calling on or joining others to assist. You will be expected to be flexible as required in supporting your department and wider University.
Planning and organising
44. lead and manage a technical/IT/specialist team to deliver a service, balancing short term delivery with longer term planning horizons;
45. determine priorities and allocate resources to meet planned objectives and requirements;
46. monitor performance standards, taking appropriate actions to ensure service delivery is uniformly excellent
47. ensure health and safety of the area and equipment/hardware;
48. carry out project work including planning and delivering programmes of work to budget and deadline;
49. advise on future requirements of, for example, equipment, apparatus, furniture and fittings, space;
50. make a major contribution to the development of policies and procedures to ensure that all legislative and University requirements are met within the laboratories/workshops and work areas.
or
51. make significant contributions to the design/development/application of services, techniques, specialist equipment or materials;
52. design, plan and deliver programmes of specialist work;
53. operate as a high-level specialist – initiating and developing ideas/approaches, promoting and delivering innovative solutions.
Problem solving and decision making
54. use analytical and problem-solving skills to resolve specialist and technical issues; may be one of the few able to provide solutions in a specialised field;
55. provide comprehensive advice and make innovative contributions.
Organisational understanding
56. has an excellent understanding of own working area and a broad understanding of the contribution other areas make to the success of the University;
57. has an excellent understanding of how the University operates, together with an understanding of how academia operates in the UK;
58. demonstrates empathy with the academic endeavour and seeks to encourage others to do so.
Relationships and communication
59. communicate clearly on technical or professional issues to non-specialists and senior level audiences and command their respect;
60. represent the department at internal and external meetings/events/network with colleagues in other institutions to share best practice.