Position Classification Description

Position Class Code / Title: E3060 / Cybersecurity Engineer 3
Recruitment Tier: Tier 1
FLSA: Exempt
Grade: 15
HR Review/Approval:RVIEW

This is a description of a Staff Position Classification. It is not an announcement of a position opening. To view descriptions of current openings, please go to UNMJobs and Search Postings to view positions that are currently accepting applications.

The following statements are intended to describe, in broad terms, the general functions and responsibility levels characteristic of positions assigned to this classification. They should not be viewed as an exhaustive list of the specific duties and prerequisites applicable to individual positions that have been so classified.

Summary

Under minimal supervision, supports all components of UNM's cybersecurity programs including design, implementation, and support. Requires expert knowledge of security regulations and practices as well as compliance activities required of UNM. May supervise or provide functional direction to assigned staff and/or student employees. Positions in this classification are reserved for units reporting to the Chief Information Officer.

Duties and Responsibilities

  1. Develops and updates routine cybersecurity activities to ensure reasonable and appropriate safeguards of University information and information systems as required by laws, regulations, and University policies and procedures.
  2. Researches and develops projects and oversees the deployment of technologies to address cybersecurity risks.
  3. Develops and implements University cybersecurity processes and systems.
  4. Researches, implements, tests, and oversees the monitoring and maintenance of various technologies including but not limited to firewalls, intrusion detection systems, extended detection and response tools, vulnerability scanning tools, security threat intelligence services and tools, and security information and event management tools.
  5. Assesses and recommends cybersecurity processes, guidelines, standards, and institutional policies. Implements improvements.
  6. Leads cybersecurity incident and data breach response activities.
  7. Provides support for authorized investigations, as assigned.
  8. Oversees the development and maintenance of, and reviews efficacy of, cybersecurity education/awareness programs.
  9. Maintains expert knowledge of relevant cybersecurity laws and regulations, and corresponding technologies. Recommends and leads efforts to align University practices with changes in laws and regulations.
  10. Identifies and develops effective working relationships and lines of communication with internal and external partners.
  11. Researches and recommends improvements to the effectiveness and efficiency of cybersecurity services and solutions.
  12. Performs miscellaneous job-related duties as assigned.

Minimum Job Requirements

  • Bachelor's degree; at least 5 years of progressively responsible experience directly related to the duties and responsibilities specified.
  • Completed degree(s) from an accredited institution and/or experience that is directly related to the duties and responsibilities specified may be interchangeable on a year-for-year basis.

Knowledge, Skills and Abilities Required

  • Maintain currency of knowledge with respect to relevant laws and regulations related to cybersecurity.
  • Demonstrated verbal and written communication skills for both technical and non-technical audiences.
  • Ability to supervise and train assigned staff and/or lead cross-functional teams.
  • Demonstrated expertise in the design, development, implementation, maintenance, and testing of complex cybersecurity solutions according to organizational requirements.
  • Expert problem analysis and resolution skills as applied to cybersecurity concepts and services.
  • Expert knowledge of one or more scripting languages such as BASH, PowerShell, Python, or Ruby.
  • Proficiency and expert experience with various system administration knowledge domains including but not limited to operating systems (i.e. GNU/Linux and/or Windows Server): DNS, DHCP, IPAM; routing and switching; event monitoring; directory services; and infrastructure as code tools.
  • Expertise in the assessment and development of security controls of existing and/or proposed systems.
  • Ability to communicate and/or develop technical documentation for capacity planning, training, and security architecture and design.
  • Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community.
  • Skill in organizing resources and establishing priorities.
  • Strategic planning and advanced leadership skills.
  • Ability to act independently and provide leadership at an advanced level of technical expertise.
  • Advanced knowledge and understanding of concepts, principles, methods, and techniques within a prescribed area of professional specialty.

Distinguishing Characteristics

    a) Includes rotating on-call primary cybersecurity incident and breach response duties; b0 Ability to operate on a scheduled 24-hour on-call basis; c) Expertise includes cybersecurity process design and corresponding technologies; d);Ability to effectively implement, manage, and oversee complex projects; e) Provides effective leadership to lower level staff and guidance to staff in other departments/units; and f) Knowledge of relevant state-of-the-art cybersecurity technologies.

Conditions of Employment

  • Must pass a pre-employment criminal background check.
  • Requires expert-level cyber security certification.
  • Must maintain certification status.

Working Conditions and Physical Effort

  • No or very limited physical effort required.
  • No or very limited exposure to physical risk.
  • Work is normally performed in a typical interior/office work environment.

The University of New Mexico provides all training required by OSHA to ensure employee safety.

Revised Date: 02/01/2024