Cybersecurity Senior Engineer

$121,100 - $147,900/Yr

Columbia University - New York, NY

posted 4 months ago

Full-time - Mid Level
New York, NY
Educational Services

About the position

The Cybersecurity Senior Engineer at Columbia University Irving Medical Center (CUIMC) plays a pivotal role in enhancing the institution's cybersecurity posture. Reporting directly to the Chief Information Security Officer, this position is integral to fostering best practices across the university's cybersecurity framework. The engineer will be responsible for the detection and monitoring of network traffic anomalies, the creation and oversight of dashboards, and the implementation of security architecture across network, application, and cloud environments. This role also involves collaboration with various university constituents to address cybersecurity concerns, manage incident responses, and remediate risks effectively. In this capacity, the Cybersecurity Senior Engineer will act as a technical lead, utilizing security event information feeds and ticketing systems to promptly identify and respond to information security incidents that may impact CUIMC. The engineer will recommend and implement actions to mitigate incident-related activities, ensuring a proactive approach to cybersecurity. As a subject matter expert in security tools for M365, the engineer will guide the institution towards achieving Zero Trust standards, enhancing the overall security framework. The role encompasses executing and improving core incident response functions, including threat detection, incident response, systems and network security monitoring, and vulnerability management at an enterprise scale. The engineer will conduct threat hunting activities, develop operational scripts for security operations, and prepare security metrics for leadership based on various analyses. Additionally, the engineer will liaise with IT departments to integrate incident response processes and coordinate response teams during security incidents, ensuring a comprehensive approach to cybersecurity management. Maintaining an ongoing awareness of the evolving threat landscape and attacker methodologies is crucial, as the engineer will recommend strategic and operational changes to the security program to address new threats. The position also supports CUIMC IT's initiatives to expand into cloud environments, ensuring that configuration and vulnerability management practices are upheld. Overall, the Cybersecurity Senior Engineer will be a key player in safeguarding the university's information assets and ensuring compliance with relevant security standards and regulations.

Responsibilities

  • Act as technical lead to monitor and evaluate data from security event information feeds and ticketing systems to identify, evaluate, and respond to information security incidents.
  • Subject matter expert in security tools for M365 to bring the institution closer to Zero Trust standards.
  • Execute and improve core functions of incident response including threat detection and prevention, incident response, systems and network security monitoring, and vulnerability management at enterprise scale.
  • Conduct threat hunting by monitoring activities and traffic across the network and investigate possible anomalies.
  • Develop operational scripts required for security operations and tactical response procedures for security incidents.
  • Prepare and provide accurate and useful security metrics to leadership based on event feeds and ISO activity, threat intelligence, and other analysis.
  • Liaise with other information technology groups in investigation and resolution of security incidents.
  • Partner with IT departments across campus to review, select, and integrate the incident response process.
  • Coordinate response teams during security incidents (phishing, DDOS, malware, etc.) through resolution and to lessons learned stage.
  • Maintain ongoing awareness of shifts in threat landscape and attacker methodologies; recommend appropriate strategic and operational changes to the security program to address new threats.
  • Support CUIMC IT's initiative to expand into cloud environments, ensuring configuration and vulnerability management is maintained.
  • Perform all other duties as assigned.

Requirements

  • Bachelor's degree or equivalent in education and experience, plus seven years of related experience.
  • Minimum 3-5 years' related experience in cybersecurity.
  • 2-5 years' experience using endpoint security tools to investigate.
  • 2-5 years' experience using SIEM to build alerts and dashboards.
  • Operational experience with incident response, vulnerability management, network and security monitoring, and network access control.
  • In-depth understanding of the HITRUST CSF based on practical working experiences and functional knowledge of security standards such as HIPAA/HITECH, PCI-DSS, ISO 27001/2, NIST.
  • Experience using NetFlow, packet analysis, DNS, system log file analysis, forensics tools, and other alerts to conduct incident response activities.
  • Knowledge of exploits (e.g. Buffer Overflows and Privilege escalation) and web application exploits (e.g. SQL, Cross-site Scripting and CSRF).
  • Understanding of networking concepts, network security architecture, and common modern operating systems, including Windows, Mac OS X, Linux, Unix, and mobile device platforms including Android and iOS.
  • Excellent written and verbal communication skills.
  • Demonstrated ability to work in a fast-paced, deadline-driven environment.
  • Demonstrated excellence in teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.
  • Ability to work with changing priorities and multiple projects.
  • Ability to be precise and attentive to detail is essential.
  • Ability to work with minimal supervision.
  • Ability to work weekend and off-hour work as needed.

Nice-to-haves

  • Advanced degree in the Computer Science or technology field.
  • Experience working in a HIPAA/HITECH/OMNIBUS-regulated environment.
  • Functional knowledge of other relevant compliance regulations (PCI, FERPA, Data Breach Acts, FISMA) and security standards (HITRUST, PCI-DSS, ISO 27001/2, NIST).
  • Experience working in an academic medical center or hospital environment.
  • General experience in application installation, configurations, and deployments in enterprise environments.
  • ISACA, ISC2, or any relevant GIAC certifications highly preferred.
  • Experience writing scripts, applications, and APIs (e.g. Python, Javascript, Powershell, etc.).
  • Experience with SOAR (Security Orchestration, Automation, and Response).
  • Knowledge of Software Composition Analysis (SCA), Static & Dynamic Application Security Testing (SAST/DAST).
  • Firewall Experience, including network & web application (WAF).
  • Security certifications preferred (e.g. SANS, ISACA, ISC2, ISCAC and EC-Council).
  • Cloud security specific certification preferred (e.g. AWS, GCP, Cloud+).
  • Network security and penetration testing experience.
  • Knowledge of various security and risk assessment tools.
  • Diverse knowledge of information technologies and security products is preferred.
  • Knowledge of Active Directory and networking logging.
  • Experience with security/identity access management projects is desirable.
  • Experience in presentation of information security to diverse groups of non-security professionals in IT settings and/or stakeholders.

Benefits

  • Health insurance coverage
  • Dental insurance coverage
  • Life insurance coverage
  • 401k benefit for retirement savings plan
  • Paid holidays
  • Flexible scheduling options
  • Professional development opportunities
  • Tuition reimbursement for further education
  • Employee discount programs
  • Mental health days
  • Wellness programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service