• Propose, install, configure, integrate, and maintain cybersecurity tools across multiple environments (CorpsNet, SIPRNet, cloud, DMZ, boundary networks). • Manage the operation and continuous tuning of cybersecurity tools supporting endpoint, network, email, data, and web protection. • Monitor resource utilization and system performance, ensuring tools remain operational, efficient, and securely configured. • Support deployment of new cybersecurity solutions and upgrade existing toolsets. • Maintain secure configurations, backups, and documentation for all security tools. • Develop and maintain cybersecurity security plans, diagrams, and related artifacts. • Integrate SIEM data, ensuring logs and telemetry flow properly and support threat detection and incident response. • Support vulnerability scanning capabilities and defensive cyberspace operations infrastructure. • Maintain and update network architecture diagrams and configuration baselines. • Collaborate with cybersecurity, network, and incident response teams to ensure tool effectiveness and alignment with mission needs.

Advertising Summary: Virginia Commonwealth University (VCU) Technology Services is a central IT organization supporting the academic, research, and administrative missions of the university. Technology Services provides scalable, secure, and innovative technology solutions to all VCU units. We are seeking an IT Security Engineer to join our team. This position is part of the Technology Services Information Security team, providing technical and administrative expertise in the support, integration, and modernization of VCU’s enterprise architecture. The role focuses on identity modernization, SSO integration, certificate lifecycle automation, and overall application administration across university systems and units. Unit: Technology Services MBU Department: Information Security Department Summary: Virginia Commonwealth University (VCU) Technology Services is a central IT organization supporting the academic, research, and administrative missions of the university. Technology Services provides scalable, secure, and innovative technology solutions to all VCU units. We value people and empower one another through collaboration and trusted partnerships, and unequaled innovation to provide a secure, accessible, reliable, adaptable, and modern IT environment that enables the success of VCU as a leading public research institution. The Office of the CIO supports the development and promotion of campus-wide IT initiatives, strategies, and projects established by the Chief Information Officer. We work with University and VCU Health System stakeholders to promote consistency of best practices, shared processes, and collaboration. To view more of our work and initiatives, visit our site: https://cio.ts.vcu.edu This position is part of the Technology Services Information Security team, providing technical and administrative expertise in the support, integration, and modernization of VCU’s enterprise architecture. The role focuses on identity modernization, SSO integration, certificate lifecycle automation, and overall application administration across university systems and units. Duties & Responsibilities This position is part of the Technology Services Information Security team, providing technical and administrative expertise in the support, integration, and modernization of VCU’s enterprise architecture. The role focuses on identity modernization, SSO integration, certificate lifecycle automation, and overall application administration across university systems and units. Identity & Authentication Modernization - Support the migration of applications from legacy CAS and Shibboleth authentication platforms to Entra ID (Azure AD) Enterprise Applications using SAML. - Assist application owners with SAML integration, metadata configuration, attribute mapping, certificate management, and cutover planning. - Troubleshoot SSO issues across authentication stacks including SAML assertions, claims transformations, application metadata errors, and token‑related failures. TLS Certificate & Web Security Infrastructure - Monitor expiration timelines for TLS/SSL certificates used across enterprise applications, F5 load balancers, and internal web services. - Contribute to a university‑wide initiative to automate certificate issuance and renewal using tooling such as ACME clients, Enterprise Certificate Managers, F5 automation frameworks, or scripting tools. - Work with central and unit IT teams in the design and implementation of ingress traffic decryption architecture. - Support certificate lifecycle tasks including CSR generation, installation, trust chain validation, and deployment to application endpoints. - Support central and distributed units in migrating their technology stack to a certificate automation platform. Application Administration & Support - Provide operational support for centrally managed applications, identity platforms, and web services. - Monitor application performance, availability, and security posture. - Collaborate with server, network, security, and application teams to ensure reliable delivery of enterprise services. - Participate in patching, provisioning, and decommissioning of application environments. - Participate in an on‑call rotation for after‑hours enterprise application or authentication‑related issues. Automation & Scripting - Develop and maintain scripts and tooling (e.g., PowerShell, Python, Bash) to automate repetitive processes, streamline integration workflows, and support application lifecycle management. - Contribute to automation associated with certificate renewal, application onboarding, metadata management, and environment validation. The summary outlines the primary duties of this role. However, other duties may be assigned as needed. Minimum Qualifications - Demonstrated knowledge of application integration concepts and identity technologies. - Experience supporting applications using SAML, OAuth, or other modern authentication systems. - Ability to troubleshoot enterprise applications, SSO integrations, and certificate‑related issues. - Demonstrated knowledge of applied cryptography as it relates to Transport Layer Security (TLS). - Demonstrated ability to automate technical tasks using scripting languages such as PowerShell or Python. - Ability to communicate complex technical concepts to both technical and nontechnical stakeholders. - Ability to work independently and collaboratively within a central IT team. - Strong organizational skills with the ability to manage multiple projects simultaneously. - Foundational understanding of IT security concepts including access management, encryption, certificates, and secure application integration. - Demonstrated ability to work in and foster an environment of respect, professionalism and civility with a population of faculty, staff, and students from all backgrounds and experiences, or a commitment to do so as a staff member at VCU. Preferred Qualifications - Graduate degree in Information Systems, Computer Science, Engineering, Business, or a related field. Or an equivalent combination of training and experience. - Hands‑on experience with Entra ID Enterprise Applications, CAS/Shibboleth management and migrations, or other identity modernization efforts. - Experience with TLS certificate automation, certificate management systems, or F5 LTM/GTM certificate workflows. - Experience with automation tools, CI/CD pipelines, API integrations, or configuration-as-code approaches. - Networking and security certifications (Network+, Security+, MCSE, GSEC, CISSP) preferred. Salary Range: $80,000 - $92,000 Benefits: All full-time university staff are eligible for VCU’s robust benefits package that includes comprehensive health benefits, paid annual and holiday leave, generous tuition benefits, retirement planning and savings options, tax-deferred annuity and cash match programs, employee discounts, well-being resources, abundant opportunities for career development and advancement, and more. FLSA Exemption Status: Exempt Hours per Week: 40 Restricted Position: No ORP Eligible: Yes Flexible Work Arrangement: Fully Remote University Job Title: 24822Y - IT Security Engineer 2

• Own and evolve the internal audit program aligned to FedRAMP Moderate and related frameworks • Maintain and enhance the Information Security and Privacy Framework, including policies and standards • Conduct NIST 800-53 assessments and provide actionable recommendations based on FedRAMP controls and best practices • Lead monthly FedRAMP Continuous Monitoring (ConMon) activities and submissions • Partner with engineering and operations teams to deliver compliance requirements and meet key milestones • Act as a key liaison with external auditors, clearly articulating control implementation in a cloud environment • Support certification initiatives (FedRAMP and others) and drive compliance strategy • Manage audit documentation, evidence, and reporting within a GRC system • Develop audit plans, reports, and continuous monitoring approaches • Support and facilitate internal and external audits

• Execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5) • Assess control implementation status using standardized criteria and validation methodologies (NIST SP 800-53A Rev. 5) • Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls • Apply consistent judgment to determine evidence sufficiency and appropriateness • Maintain organized evidence repositories using secure collaboration platforms • Draft standardized assessment narratives and findings • Contribute to assessment workbooks, reports, and presentations using approved templates and language standards • Adhere strictly to defined assessment methodologies, scope boundaries, and validation standards • Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking • Support quality assurance reviews by addressing feedback and ensuring accuracy and clarity of deliverables • Escalate ambiguities, inconsistencies, or control interpretation questions to senior team members • Participate in client interviews and working sessions in a professional, structured manner • Communicate assessment expectations and evidence needs clearly to stakeholders • Collaborate effectively with Lead Assessors and peers to meet delivery timelines