The Information Security Engineer will report to the Information Security Operations Manager within the Information Security Office (ISO).
This security engineer will conduct reviews of complex information systems, platforms, and processes in accordance with established regulations and organizational standards. The candidate will be the principal development resource responsible for the integration of existing and future systems into a coherent security architecture for use by the Information Security Office of Columbia University Medical Center.
They will also perform IT security operational tasks, incident response, deployment of managed systems, and drive process improvements through the effective use of deployed systems, especially between Information Security Operations and Information Security Risk Assessment, Networking, IT Help Desk, IT Stakeholders, and other business process owners.
Translate complex technology requirements to technical security objectives that adhere to the standards of our security program 20%
Validate the efficacy of defensive mechanisms, as well as, the engineering adherence to security policies 10%
Planning, architecting, designing and implementing enterprise grade information security solutions into a large, decentralized and complex environment with multiple platforms and hardware, and solutions include IT-GRC software, email/endpoint DLP, IDS/IPS, SIEM, NAC, IPAM, Vulnerability software, email MTA relays 20%
Process improvement through the effective use of deployed systems, coordinating with Information Security Operations and Information Security Risk Assessment, CORE Networking, IT Help Desk, Other IT Stakeholders, and other business process owners 10%
Participating in coordinated incident response, including a) identifying and analyzing events and alerts for harm, b) executing containment actions, c) providing detailed direction to desktop analysts on eradication and recovery, d) concluding incidents with appropriate reporting and documentation, e) participating in lessons learned activities 20%
Leading and mentoring other members of team on information systems design issues and processes 10%
Additional duties as assigned 10%
Bachelor's degree or equivalent in education, training, and experience, plus four years of related experience
Proficiency in determining the root cause of security issues and a solid understanding of exploits and vulnerabilities
Familiarity with web application security vulnerabilities such as XSS, SQLi, CSRFs
Good understanding of Microsoft enterprise environments and integration to secure applications and cloud systems
Strong knowledge of security controls on both Windows and Unix-based operating systems
Extensive experience in applying appropriate security principles in a dynamic environment that prevents unauthorized access to the network or parts of the network
Experience coding/scripting with common languages such as Python & Perl, Bash scripting
Knowledge of cryptography as it relates to application and network security
Ability to prepare both executive and detailed reports on risk findings and status. Ability to develop remediation plans and guide departments with remediation strategy. Strong service commitment, and verbal, writing, and reporting skills
High level of integrity, and sound judgment concerning security and privacy
Good written and verbal communication skills a must. Technical writer capable of producing technical documentation, incident reports, and risk documentation for non-technical executives
Ability to understand and work with healthcare professionals, educators and researchers
Ability to work independently with minimal supervision as well as be creative and innovative at conducting a high volume of risk analyses while reporting accurate and relevant risks to the appropriate constituents
Strong background information security practices with significant experience in a complex, multi-platform, higher education or healthcare IT environment
Equal Opportunity Employer / Disability / Veteran
Columbia University is committed to the hiring of qualified local residents.
Internal Number: 504690
About Columbia University
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.