Service Operation Center Analyst I - Security - Hybrid Work

Title: Service Operation Center Analyst I - Security - Hybrid Work

Location: Midtown

Org Unit: IT Operations

Work Days: Monday - Friday

Weekly Hours: 35.00

Exemption Status: Exempt

Salary Range: $83,300.00 - $93,600.00

*As required under NYC Human Rights Law Int 1208-2018 - Salary range for this role when Hired for NYC Offices

Ensures the secure operation of Weill Cornell Medicine (WCM) systems. This position works closely with the security engineering team to develop procedures and solutions to advance security operations and mature WCM incident response process. This position's primary responsibility is to aid in the management and monitoring of endpoint security, IPS, firewall, data loss, log management, and other security solutions.This is a hybrid position.

• Fosters close working connections with staff and management to ensure the secure operations for WCM applications and infrastructure while acquiring and retaining comprehensive working knowledge of all infrastructure and related systems.
• Assists with day-to-day operations of security systems including, but not limited to, Splunk, CrowdStrike, Duo Security, BeyondTrust, Palo Alto, Dell Data Protection, Proofpoint, Security Onion, bro, and others.
• Develops/maintains metrics and reports in Splunk related to WCM’s IS posture, including vulnerability management, incident alerting and response, intrusion detection/prevention, data loss prevention, encryption, and endpoint and mobile device security.
• Assists in vulnerability management process and compliance, including threat analysis, vulnerability scanning, mitigation, and reporting.
• Maintains a strong understanding and documentation of WCM’s security systems, their implementations, customizations, and operational procedures.
• Monitors and defines events for our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security.
• Assists with data acquisitions, electronic discovery, and forensic investigations.
• Performs security operational work in compliance with defined SLAs and operational level agreements, including firewall change requests, security operational inquiries, security incident reviews, user account management, and other operational processes.
• Performs other related duties as assigned

• Bachelor's Degree

• Information security certifications, such as Security+, CEH, GIAC, SSCP
• Basic understanding of the legal aspects of data acquisitions and electronic discovery
• Strong conceptual thinking, verbal, and communication skills
• Strong understanding of logging or security event and incident management systems, such as Syslog, Splunk, etc.
• Experience using security tools, such as Metasploit, nmap, Kali, Backtrack Linux, Wireshark, netcat, etc.)
• Responds to alerts generated by our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security
• Basic understanding of a variety of incidents and attack vectors, such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity.

• Fluency in navigating and using Mac OS X, Red Hat Linux, and/or Windows operating systems.
• Ability to create and present diagrams and reports for technical and non-technical audiences.
• Excellent written and verbal communication skills, on both technical and non-technical topics.
• Ability to produce professional-level documentation and reporting using Microsoft Office.
• Ability to think outside the box in terms of designing systems and solutions.
• Ability to think critically and make decisions independently.
• Ability to deliver under tight deadlines and work off-hours as needed.
• Must be able to work in a very demanding and high-pressure environment.
• Ability to promote and maintain a favorable and positive work environment for oneself and others to assist in the overall mission of the medical college and hospital.

Cornell welcomes students, faculty, and staff with diverse backgrounds from across the globe to pursue world-class education and career opportunities, to further the founding principle of “any person, any study.” No person shall be denied employment on the basis of any legally protected status or subjected to prohibited discrimination involving, but not limited to, such factors as race, ethnic or national origin, citizenship and immigration status, color, sex, pregnancy or pregnancy-related conditions, age, creed, religion, actual or perceived disability (including persons associated with such a person), arrest and/or conviction record, military or veteran status, sexual orientation, gender expression and/or identity, an individual’s genetic information, domestic violence victim status, familial status, marital status, or any other characteristic protected by applicable federal, state, or local law.

Cornell University embraces diversity in its workforce and seeks job candidates who will contribute to a climate that supports students, faculty, and staff of all identities and backgrounds. We hire based on merit, and encourage people from historically underrepresented and/or marginalized identities to apply. Consistent with federal law, Cornell engages in affirmative action in employment for qualified protected veterans as defined in the Vietnam Era Veterans’ Readjustment Assistance Act (VEVRRA) and qualified individuals with disabilities under Section 503 of the Rehabilitation Act. We also recognize a lawful preference in employment practices for Native Americans living on or near Indian reservations in accordance with applicable law.