• Job Type: Officer of Administration
• Bargaining Unit:
• Regular/Temporary: Regular
• End Date if Temporary:
• Hours Per Week: 35
• Standard Work Schedule:
• Building:
• Salary Range: $121,100-$147,900

Position Summary

Reporting to the to the Chief Information Security Officer; the Cybersecurity Senior Engineer will work with the Cybersecurity team to foster Columbia University Irving Medical Center (CUIMC)-wide cybersecurity best practices. This will include detection and monitoring of network traffic anomalies, creation and monitoring of dashboards, network/application/cloud security architecture implementation, and liaising with University constituents on cybersecurity, incident response, and risks remediation

Responsibilities

• Act as technical lead to monitor and evaluate data from security event information feeds and ticketing systems in order to promptly identify, evaluate and respond to information security incidents impacting Columbia University Irving Medical Center. Recommends and implements mitigating actions to contain incident related activity. 20%
• Subject matter expert in security tools for M365 for the medical center to bring the institution closer to Zero Trust standards. 10%
• Executes and improves the core functions of incident response including: threat detection and prevention, incident response, systems and network security monitoring, and vulnerability management at enterprise scale. 10%
• Conduct threat hunting by monitoring activities and traffic across the network and investigate possible anomalies 10%
• Develops operational scripts required for security operations and tactical response procedures for security incidents. 10%
• Prepares and provides accurate and useful security metrics to leadership, based on event feeds and ISO activity, threat intelligence and other analysis. 5%
• Liaises with other information technology groups in investigation and resolution of security incidents. 5%
• Partners with IT departments across campus to review, select, and integrate the incident response process. 5%
• Coordinates response teams during security incidents (phishing, DDOS, malware, etc.) through resolution and to lessons learned stage. Works with Investigation team(s) on serious security violations and conducts root cause analysis for operational security issues. 5%
• Maintains ongoing awareness of shifts in threat landscape and attacker methodologies; recommends appropriate strategic and operational changes to the security program to address new threats. 5%
• Supports CUIMC IT's initiative to expand into cloud environments, ensuring configuration and vulnerability management is maintained. 5%
• All other duties as assigned. 10%

Minimum Qualifications

• Bachelor's degree or equivalent in education and experience, plus seven years of related experience.
• Minimum 3-5 years' related experience.
• 2-5 years' experience using endpoint security tools to investigate.
• 2-5 years' experience of using SIEM to build alerts and dashboards.
• Operational experience with incident response, vulnerability management, network and security monitoring and network access control.

• The ideal candidate will have an in-depth understanding of the HITRUST CSF based on practical working experiences and a functional knowledge of security standards such as HIPAA/HITECH, PCI-DSS, ISO 27001/2, NIST
• Experience using NetFlow, packet analysis, DNS, system log file analysis, forensics tools, and other alerts to conduct incident response activities.
• Knowledge of exploits (e.g. Buffer Overflows and Privilege escalation).
• Knowledge of web application exploits (e.g. SQL, Cross-site Scripting and CSRF).
• Understanding of networking concepts, network security architecture and common modern operating systems, including Windows, Mac OS X, Linux, Unix, and mobile device platforms including Android and iOS.

• Excellent written and verbal communication skills.
• Demonstrated ability to work in a fast-paced, deadline driven environment.
• Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical. thinking, communication and influencing skills, and technical expertise.
• Ability to work with changing priorities and with multiple projects.
• Ability to be precise and attentive to detail is essential.
• Ability to work with minimal supervision.
• Ability to work weekend and off-hour work as and when needed.

Preferred Qualifications

• Advanced degree in the Computer Science or technology field.
• Experience working in a HIPAA/HITECH/OMNIBUS-regulated environment. Functional knowledge of other relevant compliance regulations (PCI, FERPA, Data Breach Acts, FISMA) and security standards (HITRUST, PCI-DSS, ISO 27001/2, NIST).
• Experience working in an academic medical center or hospital environment a plus.
• General experience in application installation, configurations, and deployments in enterprise environments.
• ISACA, ISC2 , or any relevant GIAC certifications highly preferred.
• Experience writing scripts, applications and APIs (e.g. Python, Javascript, Powershell, etc.).

• Experience with SOAR (Security Orchestration, Automation, and Response).
• Experience with Security Information and Event Management (SIEM)
• Knowledge of Software Composition Analysis (SCA), Static & Dynamic Application Security Testing (SAST/DAST)
• Firewall Experience, including network & web application (WAF)
• Security certifications preferred. (e.g. SANS, ISACA, ISC2, ISCAC and EC-Council).
• Cloud security specific certification preferred (e.g. AWS, GCP, Cloud+).
• Network security and penetration testing experience.
• Knowledge of various security and risk assessment tools.
• Diverse knowledge of information technologies and security products is preferred.
• Knowledge of Active Directory and networking logging.
• Experience with security/identity access management projects is desirable.
• Experience in presentation of information security to diverse group of non-security professionals in IT settings and/or Stakeholders.

Other Requirements