Job Posting Title:Senior Secure Research Systems Engineer
----Hiring Department:Enterprise Technology - Campus Solutions
----Position Open To:All Applicants
----Weekly Scheduled Hours:40
----FLSA Status:Exempt from FLSA
----Earliest Start Date:Immediately
----Position Duration:Expected to Continue
----Location:AUSTIN, TX
----Job Details:General NotesFlexible work arrangements are available for this position, including the ability to work remotely within the United States. We would strongly prefer a candidate located in the greater Austin area as travel to campus for occasional in-person events, training, team meetings, activities, etc., will be required.
This position provides life/work balance with typically a 40-hour work week and travel limited to training (e.g., conferences/courses).
PurposeThe Senior Secure Research Systems Engineer will lead secure research computing initiatives at UT Austin across various projects, playing an essential role in the implementation, security, and maintenance of the university's Controlled Unclassified Information (CUI) research environment. This position demands proficiency in applying security engineering principles and countermeasures within federally regulated environments, encompassing both on-premises and cloud infrastructure. The engineer will work in collaboration with multiple infrastructure, networking, and security teams to design compliant technical architectures, enforce federal security controls, resolve issues, and support the university's research compliance objectives.
ResponsibilitiesInfrastructure Management & Endpoint Security:- Configure and maintain secure cloud infrastructure (GovCloud/GCC High), endpoint management, and SIEM tooling in alignment with CRSP-approved platform decisions. Coordinate with ISO to ensure security monitoring integrations - including log forwarding to ISO-managed platforms - are functional and maintained.
- Maintain a university wide infrastructure environment, associated resources, and provide support for research involving controlled unclassified information (CUI).
- Administer Linux and Windows servers, endpoints and other IT assets.
- Conduct security operations, monitor events, and respond to incidents across multiple enclaves.
Security & Compliance Implementation:- Design and maintain the technical implementation of security standards, policies, procedures and controls based on CUI best practices, compliance frameworks, and audit findings.
- Support processes to bring projects into compliance with Cybersecurity Maturity Model Compliance (CMMC) 2.0 requirements.
- Implement and enforce technical controls under NIST (SP) 800-171 or NIST (SP) 800-53 or FIPS 140-2 controls, including encryption, access controls, logging, and endpoint protection.
- Design and manage cryptographic mechanisms for data at rest, data in transit, digital signatures, and message integrity (HMAC, TLS, IPSEC).
- Provide artifacts for Department of Defense audits.
Program Coordination:- Collaborate with restricted research teams (researchers, faculty and staff) to establish secure research computing and laboratory environments in compliance with federal CUI regulations.
- Partner with the CRSP Director and Deputy Director to manage POA&Ms, SSPs, and technical remediation planning.
- Document technical processes and collect required artifacts for CUI assessments.
Risk Assessment & Compliance Monitoring:- Engage in ongoing risk assessment across the college research environment and develop risk registers aligned to NIST controls.
- Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention).
Perform other related functions as assigned.
Required Qualifications- Demonstrable implementation experience with NIST SP 800-171, NIST SP 800-53, FIPS 140- and DISA STIG
- Bachelor's degree in Computer Science, Engineering, Information Technology, or a related field, or equivalent experience (HS diploma + extensive experience and certifications will be considered)
- 3+ years of professional experience working in highly secure compliant hybrid environments such as CUI, NIST, ITAR.
- 3+ years of experience infrastructure engineering, including computer, storage, AD, and virtualization technologies.
- 3+ years expert experience in the IAAS cloud service model (Azure, AWS, or Google Cloud) or hybrid environments.
- 5+ years of experience in server administration with Linux (Ubuntu, RedHat) and Windows.
- Demonstrable proficiency with scripting, automation and configuration management, using automation framework tools (e.g., Ansible, Terraform, Chef, Puppet, CloudFormation).
- Deep understanding of related networking concepts like SDNs, VRFs, DNS, switch, network routing, and access control methods (ACLs, firewalls, security policies) and IPSEC.
- Able to architect and fortify research endeavors expertly
- Excellent problem-solving skills and an ability to adapt to rapidly changing technologies
- Work on-site and well under pressure with crucial timelines and accountability
- Demonstrated ability to handle multiple tasks and projects simultaneously
- Excellent oral and written communication skills, with a demonstrated ability to translate complex technical concepts for non-technical audiences including investigators, faculty, and research staff
- Ability to collaborate with cross-functional teams to design and implement solutions
- Ability to communicate effectively with investigators and research teams - explaining compliance requirements, system constraints, and onboarding processes in accessible, non-technical terms
- Demonstrated proficiency in technical writing and the production of compliance artifacts, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and Technology Control Plans (TCPs)
Equivalent combination of relevant education and experience may be substituted as appropriate.
Preferred Qualifications- Articulate and collaborative with the ability to make things happen
- Comprehensive understanding and appreciation of leading-edge research and security requirements
- Security clearances may be needed for some work
- Professional certifications such as CISSP, CISM, GIAC, CEH, Security+, or Microsoft Certified: Security Operations Analyst.
- DevSecOps Cloud certifications such as Microsoft AZ-500, AZ-305, SC-100, AWS Security Specialty, or (ISC)² CCSP
- Experience with advanced troubleshooting tools (e.g., Splunk)
- VMWare experience (vSphere, VSAN, NSXT, vRealize/Aria and/or Tanzu)
- Experience with AWS Elastic Load Balancing (ALB, NLB), VPC networking, Route 53, and Azure Load Balancer, Application Gateway, Traffic Manager, and Virtual Networks (VNet)
- Experience with containerization (Docker, Kubernetes)
- Experience with Git version control systems and branching strategies
- Working knowledge of ITIL processes, specifically Incident Management, Change Management, Problem Management
Salary Range$120,000 + depending on qualifications
Working Conditions- May work around standard office conditions
- Repetitive use of a keyboard at a workstation
- Use of manual dexterity
- Work performed on concurrent multiple projects under pressure of rigid deadlines or time limitations
Work ShiftMonday - Friday, flexible between 7am-6pm; Occasional nights or weekends required on a pre-determined schedule
Required Materials- Resume/CV
- 3 work references with their contact information; at least one reference should be from a supervisor
- Letter of interest
Important for applicants who are NOT current university employees or contingent workers: You will be prompted to submit your resume the first time you apply, then you will be provided an option to upload a new Resume for subsequent applications. Any additional Required Materials (letter of interest, references, etc.) will be uploaded in the Application Questions section; you will be able to multi-select additional files. Before submitting your online job application, ensure that ALL Required Materials have been uploaded. Once your job application has been submitted, you cannot make changes.
Important for Current university employees and contingent workers: As a current university employee or contingent worker, you MUST apply within Workday by searching for Find UT Jobs. If you are a current University employee, log-in to Workday, navigate to your Worker Profile, click the Career link in the left hand navigation menu and then update the sections in your Professional Profile before you apply. This information will be pulled in to your application. The application is one page and you will be prompted to upload your resume. In addition, you must respond to the application questions presented to upload any additional Required Materials (letter of interest, references, etc.) that were noted above.
Employment Eligibility:Regular staff who have been employed in their current position for the last six continuous months are eligible for openings being recruited for through University-Wide or Open Recruiting, to include both promotional opportunities and lateral transfers. Staff who are promotion/transfer eligible may apply for positions without supervisor approval.
Retirement Plan Eligibility:The retirement plan for this position is Teacher Retirement System of Texas (TRS), subject to the position being at least 20 hours per week and at least 135 days in length.
Background Checks:A criminal history background check will be required for finalist(s) under consideration for this position.
----