Service Operation Center Analyst I - Security - Hybrid Work

Service Operation Center Analyst I - Security - Hybrid Work Location: Midtown Org Unit: IT Operations Work Days: Monday - Friday Weekly Hours: 35.00 Exemption Status: Exempt Salary Range: $83,300.00 - $93,600.00 Position Summary The Service Operations Analyst I - Security position is an IT Operations team role responsible for determining the most effective and efficient way to conduct a range of operational activities in a high-volume, diverse environment. The ideal candidate will bring a combination of proven technical experience, a solid foundation in operating systems, and be considered an SME (subject matter expert) in Security. This role provides IT technical leadership across primary technologies to the WCM community. The Analyst is responsible for identifying incidents and events, analyzing trends, and overseeing issue management and resolution. Additional responsibilities include correlating events, identifying problems, and contributing to root cause analysis. The Analyst troubleshoots and resolves issues within the scope of Operations Center-supported services. This position requires strong technical acumen, excellent communication and troubleshooting skills, and the ability to facilitate and manage technical bridge lines across multiple domains. The Analyst must be able to quickly determine root cause, assess business impact, and drive timely resolution. Job Responsibilities Fosters close working connections with staff and management to ensure the secure operations for WCM applications and infrastructure while acquiring and retaining comprehensive working knowledge of all infrastructure and related systems. Assists with day-to-day operations of security systems including, but not limited to, Splunk, CrowdStrike, Duo Security, BeyondTrust, Palo Alto, Dell Data Protection, Proofpoint, Security Onion, bro, and others. Develops/maintains metrics and reports in Splunk related to WCM's IS posture, including vulnerability management, incident alerting and response, intrusion detection/prevention, data loss prevention, encryption, and endpoint and mobile device security. Assists in vulnerability management process and compliance, including threat analysis, vulnerability scanning, mitigation, and reporting. Maintains a strong understanding and documentation of WCM's security systems, their implementations, customizations, and operational procedures. Monitors and defines events for our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security. Assists with data acquisitions, electronic discovery, and forensic investigations. Performs security operational work in compliance with defined SLAs and operational level agreements, including firewall change requests, security operational inquiries, security incident reviews, user account management, and other operational processes. Performs other related duties as assigned Education Bachelor's Degree Experience Information security certifications, such as Security+, CEH, GIAC, SSCP Basic understanding of the legal aspects of data acquisitions and electronic discovery Strong conceptual thinking, verbal, and communication skills Strong understanding of logging or security event and incident management systems, such as Syslog, Splunk, etc. Experience using security tools, such as Metasploit, nmap, Kali, Backtrack Linux, Wireshark, netcat, etc. Responds to alerts generated by our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security Basic understanding of a variety of incidents and attack vectors, such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity. Knowledge, Skills and Abilities Fluency in navigating and using Mac OS X, Red Hat Linux, and/or Windows operating systems. Ability to create and present diagrams and reports for technical and non-technical audiences. Excellent written and verbal communication skills, on both technical and non-technical topics. Ability to produce professional-level documentation and reporting using Microsoft Office. Ability to think outside the box in terms of designing systems and solutions. Ability to think critically and make decisions independently. Ability to deliver under tight deadlines and work off-hours as needed. Must be able to work in a very demanding and high-pressure environment. Ability to promote and maintain a favorable and positive work environment for oneself and others to assist in the overall mission of the medical college and hospital. Equal Opportunity Statement Cornell welcomes students, faculty, and staff with diverse backgrounds from across the globe to pursue world-class education and career opportunities, to further the founding principle of 'any person, any study.' No person shall be denied employment on the basis of any legally protected status or subjected to prohibited discrimination involving, but not limited to, such factors as race, ethnic or national origin, citizenship and immigration status, color, sex, pregnancy or pregnancy-related conditions, age, creed, religion, actual or perceived disability (including persons associated with such a person), arrest and/or conviction record, military or veteran status, sexual orientation, gender expression and/or identity, an individual's genetic information, domestic violence victim status, familial status, marital status, or any other characteristic protected by applicable federal, state, or local law. Cornell University embraces diversity in its workforce and seeks job candidates who will contribute to a climate that supports students, faculty, and staff of all identities and backgrounds. We hire based on merit, and encourage people from historically underrepresented and/or marginalized identities to apply. Consistent with federal law, Cornell engages in affirmative action in employment for qualified protected veterans as defined in the Vietnam Era Veterans' Readjustment Assistance Act (VEVRRA) and qualified individuals with disabilities under Section 503 of the Rehabilitation Act. We also recognize a lawful preference in employment practices for Native Americans living on or near Indian reservations in accordance with applicable law. #J-18808-Ljbffr Weill Cornell Medicine