Cybersecurity Engineer

The Talent Acquisition department hires qualified candidates to fill positions which contribute to the overall strategic success of Howard University. Hiring staff “for fit” makes significant contributions to Howard University’s overall mission.

At Howard University, we prioritize well-being and professional growth.

Here is what we offer: 

• Health & Wellness: Comprehensive medical, dental, and vision insurance, plus mental health support
• Work-Life Balance: PTO, paid holidays, flexible work arrangements
• Financial Wellness: Competitive salary, 403(b) with company match 
• Professional Development: Ongoing training, tuition reimbursement, and career advancement paths
• Additional Perks: Wellness programs, commuter benefits, and a vibrant company culture

Join Howard University and thrive with us! 

https://hr.howard.edu/benefits-wellness

BASIC FUNCTION:

The Cybersecurity Engineer is responsible for protecting the organization's information systems and digital assets by developing, implementing, and maintaining technical security controls. This role includes conducting security assessments, monitoring systems for vulnerabilities or intrusions, and ensuring that the organization’s IT environment remains compliant with industry and regulatory standards such as NIST, ISO/IEC 27001, HIPAA, PCI DSS, and GDPR. The engineer also plays a critical role in incident detection, response, and prevention.

SUPERVISORY AUTHORITY:

NONE

NATURE AND SCOPE:

Operating in a dynamic threat landscape, the Cybersecurity Engineer reports to the Senior Director of Cybersecurity and works with other IT, compliance, and business stakeholders. Although not a supervisory role, the Cybersecurity Engineer may guide junior staff or external contractors and lead technical implementation efforts on security-related projects. The role demands staying up to date on emerging threats, tools, and best practices, and proactively evolving the organization's defenses accordingly.

This position is both hands-on and strategic, requiring expertise in secure system design, threat intelligence, monitoring tools, and risk mitigation. It encompasses environments spanning on-premises data centers, hybrid infrastructures, and public clouds (e.g., Azure, AWS).

PRINCIPAL ACCOUNTABILITIES:

• Conduct vulnerability scans, penetration tests, and security configuration reviews.
• Evaluate system and application hardening measures using CIS benchmarks and STIGs.
• Monitor networks and endpoints using tools like SIEM, EDR, and IDS/IPS (e.g., CrowdStrike, Sentinel).
• Analyze security events and logs to detect, triage, and respond to threats.
• Deploy, configure, and maintain security tools, including:
  • Firewalls
  • Network Access Control (NAC)
  • Antivirus/Endpoint Protection
  • DLP, CASB, and vulnerability management platforms
• Develop and enforce cybersecurity policies, standards, and operating procedures.
• Ensure system compliance with internal policies and external frameworks such as NIST 800-53, ISO/IEC 27001, and PCI DSS.
• Develop and deliver training on phishing, password hygiene, and secure computing practices.
• Support tabletop exercises and simulation drills to test security readiness.
• Work with DevOps and infrastructure teams to embed security into system architecture.
• Participate in project reviews to identify and mitigate risks early in the system development lifecycle.

CORE COMPETENCIES:   

• Experience in the following:
  • Windows Server Operating Systems, VMware
  • Core enterprise roles such as Active Directory, Group Policy, RAIDUS\NPS, CAs
  • Bare metal servers and data center configurations
  • Falcon Crowdstrike
  • Microsoft Azure (IaaS, PaaS, SaaS), Office 365, Entra ID, Azure Sentinel
  • Hybrid cloud integrations
  • Authentication protocols
  • Threat Intelligence, Threat Hunting
• Proficient in securing firewalls, VPNs, and virtual environments (VMware/Hyper-V).
• Hands-on experience with Microsoft Defender Suite, Cisco DNA, and Cisco ISE
• Familiar with scripting for automation (e.g., PowerShell, Python) to streamline security operations
• Deep knowledge of secure software development lifecycle (SSDLC), DevSecOps principles, and CI/CD pipeline security
• Experience implementing TLS, SSL, VPN encryption, HSMs, and certificate lifecycle management
• Deep understanding of encryption, PKI, authentication, secure networking, and operating system security across Linux and Windows environments.
• Proficient in analyzing logs, threat intelligence, and indicators of compromise (IOCs) to drive timely threat mitigation.
• Ability to translate complex technical findings into actionable recommendations for technical and non-technical audiences.
• Methodical and responsive approach to detecting, responding to, and remediating security incidents.
• Works cross-functionally with IT, audit, compliance, and legal to promote enterprise-wide security awareness and enforcement.
• Careful review of systems, code, and configurations to identify small changes that may indicate large risks.
• Able to shift priorities rapidly in response to new vulnerabilities, threat campaigns, or business requirements.

MINIMUM REQUIREMENTS:

A Bachelor's degree from a four-year college or university in computer science/ Information Technology with a security concentration. A master’s degree in business administration is highly desirable. Must have 7–10 years of progressive experience in information security, including a minimum of 5 years in a security engineering role. One or more industry-recognized certifications such as CISSP, CISM, CCSP, SABSA, TOGAF, AWS Certified Security – Specialty, or Azure Security Engineer Associate is required or strongly preferred. The candidate should demonstrate hands-on expertise in network and application security architecture, cloud security controls across platforms like Azure, AWS, or GCP, identity and access management (including IAM, SSO, and MFA), and security monitoring tools such as SIEM, SOAR, and EDR. Experience with Zero Trust architecture and secure DevSecOps practices is essential. A solid understanding of key regulatory frameworks and compliance requirements—including GDPR, HIPAA, FERPA, and FISMA—is also required. In addition to technical capabilities, the candidate should possess strong collaboration and critical thinking skills, a sharp attention to detail, and the ability to effectively manage multiple priorities in a fast-paced environment.

Compliance Salary Range Disclosure

$130,000-$140,000