Advertised Summary Job Description: Reporting to the Director, Cybersecurity the Network Security Analyst will be responsible for Columbia University (CU)-wide network security incident response practice. This will include detection and monitoring of network traffic anomalies, creation and monitoring of dashboards, network security architecture implementation, and liaising with University constituents on network security risks remediation.
CHARACTERISTIC DUTIES AND ESSENTIAL RESPONSIBILITIES: -Acts as point-person for investigations of security violations through endpoint and network forensics. -Reviews computer security incident reports and anomalous activity of network and ensures ongoing proactive measures to mitigate risks. -Executes and improves the core functions of incident response including: threat detection and prevention, incident response, systems and network security monitoring, forensics and vulnerability management at enterprise scale. -Liaises with other information technology groups in investigation and resolution of security incidents. -Partners with IT departments across campus to review, select, and integrate the incident response process. -Coordinates response teams during security incidents (phishing, DDOS, malware, etc) through resolution and to lessons learned stage. -Maintains ongoing awareness of shifts in threat landscape and attacker methodologies; recommends appropriate strategic and operational changes to the security program to address new threats. -Supports CUIT's initiative to expand into cloud environments, ensuring configuration and vulnerability management is maintained. -Maintains expert level of cloud computing and security to expand incident response program into the cloud -Works with Investigation team(s) on serious security violations and conducts root cause analysis for operational security issues. -Participates in required "on-call" rotations requiring night and weekend availability as scheduled, provide additional availability 24/7 when necessary. -Performs other duties as assigned by the director of cybersecurity or the Chief information security officer -Manages SIEM alerting, dashboard and metrics creation. -Administers endpoint security suite for Application Whitelisting, Incident Response and DLP. - Reviews alerts and data from systems and responds appropriately, including documentation and escalation. -Ensures the monitoring of intrusion detection and security information management systems to discover and mitigate malicious activity on networks if any detected. -Develops tactical response procedures for security incidents. -Recommends and implements mitigating actions to contain incident related activity. -Participate in Vulnerability Management efforts as a secondary resource. -All other duties as assigned.
General Minimum Qualifications: -Bachelor's degree or equivalent required. -Minimum 3-5 years' related experience.
Additional Specific Minimum Qualifications: -3+ years' experience using endpoint forensics tools to investigate. -3+ years' experience of using SIEM to build alerts and dashboards. -Extensive operational experience with incident response, vulnerability management, network and security monitoring and network access control. -Extensive experience using netflow, packet analysis, DNS, system log file analysis, forensics tools, and other alerts to conduct incident response activities. -Expert level of knowledge of exploits (eg. Buffer Overflows and Privilege escalation). -Expert level of web application exploits (eg. SQLi, Cross-site Scripting and CSRF). -Extensive understanding of networking concepts, network security architecture and common modern operating systems, including Windows, Mac OS X, Linux, Unix, and mobile device platforms including Android and iOS. -Excellent written and verbal communication skills. -Demonstrated ability to work in a fast-paced, deadline driven environment. -Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise. -Ability to work with changing priorities and with multiple projects. -Ability to be precise and attentive to detail is essential. -Ability to work with minimal supervision. -Ability to work weekend and off-hour work as and when needed.
Preferred Qualifications: -Advanced degree in the Computer Science or technology field. -Network security and penetration testing experience. - Knowledge of various security and risk assessment tools. -Experience writing scripts, applications and APIs (eg. Perl, Python, etc.). -Diverse knowledge of information technologies and security products is preferred. -Knowledge of Active Directory and networking logging. -Experience with security/identity access management projects is desirable. -Experience in presentation of information security to diverse group of non-security professionals in IT settings and/or Stakeholders. -Knowledge of IT security regulations and best practices. -Security certifications preferred. (eg. SANS, ISC2, ISCAC and EC-Council). -Cloud security specific certification preferred (eg. AWS, GCP, Cloud+).
As a member of the National Collegiate Athletic Association (NCAA) and the Council of Ivy Group Presidents (Ivy League), it is imperative that members of the Columbia University community, in all matters related to the intercollegiate athletics program, exhibit the highest professional standards and ethical behavior with regard to adherence to NCAA, Conference, University, and Department of Intercollegiate Athletics and Physical Education rules and regulations.
Columbia University is an Equal Opportunity/Affirmative Action employer.
Internal Number: 126_172722
About Columbia University
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.