Information Technology and Computing Services (ITCS) is the central agency that supports enterprise-wide computing at East Carolina University. ITCS, through innovative information technology initiatives and service, provides opportunities for the ECU community to excel in teaching, research, and service using state-of-the-market technology and collaborative environments. ITCS is first and foremost committed to providing excellent information technology support for faculty, staff, and students. ITCS partners with campus departments, other universities, and industry to make strategic investments in information technology infrastructure that will help maintain a competitive advantage in administrative applications, faculty research, and outreach to the state and nation. We will achieve this through increasing the core functions and deploying appropriate technology throughout the university.
The Cyber Security Operations Center team detects, analyzes, and facilitates the universitys response to cybersecurity threats. This team is responsible for ITCS security incident response management, vulnerability management, sensitive data verification, cyber security threat management, security information and event monitoring (SIEM) management, and digital forensics. They also create security best practice guidelines and interface with audit and other official agencies on security related issues.Job Duties
The main responsibilities of this position include supervision of the cyber security operations center team by providing direction on the day-to-day planning and organizing of team members work and evaluations. This position functions in a high-level technical capacity which includes developing, implementing, supporting, and providing technical consultation on security issues and mentors other personnel serving as subject matter expert for security related solutions. Is directly involved in the planning, developing, implementation, monitoring, and execution of security strategies, best practices, policies, and standards to ensure the confidentiality, integrity, and availability of university IT resources.
This position will provide expert level support in assisting team members as well as other support teams and university users with identifying, addressing and/or resolving complex security related issues within information security, application security, information systems, physical security and network security areas. This position is responsible for knowledge of various security systems and technologies that are associated with incident response management; system audits; identifying and remediating potential security issues. This includes but not limited to analysis of the output of security alerting tools, and development and execution of plans to remediate issues; coordinate and collaborate with ITCS Teams and external departments to ensure their systems meet the required security standards set in place for the university; research and stay current on security technologies, trends, issues, threats and solutions; and assist with the development of security practices for the university. Proactively assesses potential items of risk and opportunities of vulnerabilities in the network. Analyzes information obtained from intrusion detection and prevention systems and works with advanced security protocols and standards including recommended blocks to apply. Evaluates, develops, recommends, and plans approaches for security initiatives.
Provides support that involves complex analysis techniques that include an in-depth understanding of security technical controls, IT networks, and systems. Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, networks and security controls, including the use of specialized software such as vulnerability scanning and/or network mapping tools. Leverages an applied understanding of IT technologies, security risks, and controls to develop effective approaches that identify the highest risk issues and advise leadership on the best approach for addressing the identified issues.
Integral to this position is maintaining broad knowledge of industry regulations and best practice frameworks including NIST, ISO, and COBIT and other guidance.
This position functions in a high-level technical capacity, facilitates and manages the identification, mitigation and neutralization of vulnerabilities. This position researches, develops and may apply or work with other teams to apply security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Oversees and/or performs network and application technical vulnerability assessments using vulnerability assessment tools. This may include configuring, maintaining and monitoring vulnerability assessment tools to ensure they are operational and performing effectively and efficiently. Ensures that proper documentation is in place regarding configuration, record of systems monitored by the vulnerability management system including system contact information. Is involved in the evaluation of threats and vulnerabilities to determine and recommend safeguards for system or application owners. Is involved in the development of corrective plans, mitigations, and full remediation actions. Understands and communicates attack chains to management and other stakeholders. Applies cyber security management where beneficial and uses a working knowledge to explain to stakeholders when traditional cyber security methods fail. Serves as the leader of the Vulnerability Management Committee.
This position is responsible for overseeing the monitoring, detection and alerting of security events from logs sent to tools such as a Security Information and Event Management (SIEM) solution by critical IT assets. This includes ensuring of the tracking and managing adverse security events, and security incidents or threats affecting stakeholders on the network and to assist when their expertise is requested. Monitoring to ensure that the latest alerts are reviewed to determine relevancy and urgency within the security solutions utilized by the university. This includes but not limited to (Intrusion Prevention / Detection System) IPS/IDS, SIEM, vulnerability systems, and other security related solutions. Creates new trouble tickets for alerts that signal an incident and require further investigation. Leverages emerging threat intelligence to identify affected systems and the scope of the attack. Reviews and collects asset data (configurations, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts. Runs vulnerability scans and reviews vulnerability assessment reports. Utilizes security monitoring tools (NetFlows, IDS/IPS, correlation rules, etc.) to identify, address, and automate discovery of security related incidents as well as to analyze traffic trends and system logs and propose security policy and practice changes. This position may be responsible for maintaining and managing the SIEM and its related components.
This position is responsible for overseeing and/or performing as a technical resource involved in the digital forensic investigations. Evaluates, manages and maintains digital investigation resources including but not limited to resource recommendations and implementations. Assists Internal Audit with the use and integration of the solution within their investigation workflow. Ensures users are provided with an update on resource changes as they may impact use. Identify product enhancements to provide efficiencies and effectiveness for digital forensic investigations. Communicates with users regarding the enhancements and provides guidance to assist with implementing changes. This position works with legal and compliance teams investigating a variety of matters which are information security related. Assists or may be requested to assist in investigations as requested by forensically preserving and analyzing digital evidence and presenting the findings in an objective manner. This may include but not limited to carrying out deep dives on digital devices on laptops, desktops, servers, phones and other electronic devices that may contain ECU data. Analyze systems after compromise to provide insight. This position creates, manages and maintains the processes and procedures for forensic investigations.
Security Incident Response
This position is responsible for overseeing and/or performing as a part of the core security incident response team. This position may be responsible for creating and maintaining incident response plans and will manage IT Security Incidents during their scheduled on-call rotation. This includes incident level determination, incident activation, initiating the Security Incident Response Team, notification to appropriate personnel, maintaining communication levels throughout the incident, coordinating remediation efforts when multiple groups are involved, and documenting the incident.
Sensitive Data Verification
This position is responsible for overseeing and/or performing sensitive data analysis and verification by utilizing resources to scan, analyze, and cull sensitive data by conducting a careful review for sensitive data, checking for quality, consistency and gaps in treatment of sensitive data and report on e-discovery findings.
New Technology Exploration
Researches, evaluates and implements new technologies. Identifies and develops enterprise guidelines for implementation of new security best practices, processes and procedures as well as security products and services. Communicates with others, including but not limited to vendors and other support personnel, in developing solutions that that will offer efficiencies and enhancements for an evolving security processes and practices.
Project management is a major responsibility for this position. This person regularly meets with their Manager to confirm progress on projects that impact ITCS and University objectives including but not limited to existing and new resources for Network Analysis. This position develops and manages highly complex project plans that require directing the work of the team and vendor assets with some authority on actions and decisions. Also, provides project status reports to senior level management throughout the year. This position is responsible for consulting with clients and other technicians providing quotes and recommending for various infrastructure equipment and installation services for critical university projects and operating problems. Demonstrate ability to manage projects that have high complexity and large in scope, often involving multifaceted changes to the environment or design and implementing new technologies. Projects may require detailed planning with other teams throughout the organization or supporting vendors for technical support and recommendations. Demonstrate the ability for maintaining accurate project documentation, project priorities, providing status updates and ensuring projects are completed according to schedule. Develop goals and objectives and proactively research and identify methods to attain them. Function as a project team leader for projects of high complexity, and at times perform as a project team member for other complex projects of different functional teams. Assist management with developing project budgets. Utilization of project management software and methodologies is required to manage projects.
Documentation, Professional Development and Administration
This position has substantial knowledge in developing, documenting and maintaining security processes, procedures and standards. This position is responsible for security related documentation for distribution/use within ITCS, as well as individual end-users and departments. Delivery methods will include web pages, documents, and formal and informal training sessions. Documenting recurring activities so that when the person in the position is not available, essential duties can be performed by another team member. Documentation must be precise and detailed to allow other team members to implement the procedures in the absence of the primary team member. Investigates and maintains in depth technical knowledge of current and future products and services by reading trade publications, meeting with vendors about road maps for future products, optimizing current product utilization with vendor technical staff and seeks opportunities for professional growth. Seek out and participate in professional development activities designed to enhance employee skills including a continuing awareness of current state-of-the-art technology. Identifies needed knowledge, seeks out and applies that knowledge to changing client and campus needs. Assist Manager with administrative duties and miscellaneous functions including the routing of problems to the appropriate technical support level. Assists Manager in developing short and long-term plans for security related needs. The individual in this position may also be called upon to supervise student workers. This includes time management and quality of work supervision.
The employee in this position is responsible for forming and maintaining strategic technology contacts and partnerships with university departments, key technology suppliers, vendors and contractors. This position is responsible for the planning, cost containment, configuration, optimization, maintenance, security, and implementation of current and emerging technologies. It is also responsible for negotiating, procuring, and maintaining various support agreements and contracts.
Disaster Recovery/Business Continuity (DR/BC)
Lead the DR/BC planning, implementation, documentation and testing of all cyber security operations center systems. Develops goals and actions in the implementation of DR/BC processes. Reviews the DR/BC processes with their Manager on a quarterly basis. Oversees the required disaster recovery testing on an annual basis to ensure testing is performed effectively and appropriate documentation is submitted on a timely basis.
Supervision, Planning and Organizing
Provides supervision and leadership in long term planning for cyber security operations center team. Recruits, selects, develops, counsels, and evaluates performance and develops career development plans for team members. Observes and assess work performed on a day-to-day basis providing feedback and direction for planning and organization of the work of the cyber security operations center team members and vendor resources.
Other duties as assigned.
Employees are required to adjust their standard work schedule to meet the requirements of their position, which includes and not limited to evening and weekend hours to perform scheduled and unscheduled workload requirements to maintain University operations.
Duties require On-Call responsibilities.Minimum Education/Experience
Bachelors degree or an equivalent combination of education and experience and additional two years of experience. All degrees must be received from appropriately accredited institutions.License or Certification Required by Statute or Regulation
N/APreferred Experience, Skills, Training/Education
Bachelors degree in Computer Science or Computer Engineering from an appropriately accredited institution and four or more years of experience with security activities such as SIEM event, log management, and reporting, system administration, vulnerability management, incident response, daily monitoring and analysis of security related activities within an IPS/IDS solution, knowledgeable and experienced in digital forensic investigation processes and procedures. Broad knowledge of data network concepts, protocols, practices, and procedures. Demonstrate fundamental understanding of system and network security principles and technology of Networking TCP/IP and other protocols and common network device functions, such as routers, switches, hubs, etc. Knowledge and experience with the following is also desired: security frameworks such as ISO 27002, National Institute of Standards and Technology (NIST) or Control Objectives for Information and Related Technologies (COBIT); log management and monitoring tools; anti-malware, encryption and password auditing practices. Security related experience with operating systems (Windows, Linux, or Apple) is preferred. Possesses the ability to successfully manage short and long-term projects with medium to high complexity that includes coordination with internal and external resources. Individual possesses excellent oral and written communication skills; and the ability to work as an independent, productive, responsible, self-motivated individual in high-pressure situations. Ability to assess business impact of issues, prioritize them and act to rectify. Be familiar with common security device functions, such as IDS/IPS, Network and Host-based firewalls, DLP (Data Leakage Protection), Web proxy and DDOS (Distributed Denial of Service). Having an earned Security+, CCNA, or CCSP certification within the last 4 years is a plus.
Excellent technical knowledge of mainstream operating systems (for example, Microsoft Windows and AIX UNIX ) and a wide range of security technologies, such as network security appliances, identity and access management systems, cryptography, anti-malware solutions, automated policy compliance and desktop security tools. Substantial knowledge in developing, documenting and maintaining security policies, processes, procedures and standards. Substantial knowledge in strategic planning, implementation and maintenance of information security programs. Detailed understanding of technical issues to design architecture for new or emerging technologies. Detailed understanding of technical, substantive, and methodological issues and theories to direct technical staff. Substantial knowledge of other work specialties.