Cyber Security Ops Engineer
Harvard Medical School
Boston, MA
Job posting number: #7138884 (Ref:hh-61944BR)
Posted: April 9, 2023
Application Deadline: Open Until Filled
Job Description
Position Description
Reporting to the Harvard Medical School (HMS) Director of Security Operations and Cyber Defense, the Cyber Security Operations Engineer will help design, build, and manage an enterprise level security operations center (SOC) and program. This role will also collaborate with HMS security and IT to build strong network security, OS security, and cloud security programs, help identify top areas of risk, shape mitigation strategies, and have a part in the security architecture of HMS. As you identify threats and opportunities, you will define appropriate risk reduction strategies and technologies and work cross-functionally to implement the appropriate security controls and strategies you define. This position will require an experienced security engineer who is familiar with Security Operations, Network Security, and Device Security controls.
Key responsibilities include the following:
- Performing log analysis, Cyber investigations, event monitoring, threat hunting, and other security operations activities.
- Perform security alert and event monitoring across HMS / HSDM and other entities on the network.
- Work with the Network team on managing and auditing Firewall rules.
- Form repeatable processes for prioritizing and responding to alerts and helping develop playbooks.
- Work with products and concepts in the Endpoint and Server protection space such as: Exploit mitigation, Attack surface reduction, Anti-virus/malware, EDR, and DLP.
- Assist with network monitoring, intrusion detection analysis, log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
- Ensure the delivery of Network Security solutions in accordance with the organization’s network architecture, best practices, and regulatory or compliance requirements.
- Ensure the proper implementation and use of SIEM (Splunk or other) and proper alerts/correlations.
Basic Qualifications
- Minimum of seven years’ post-secondary education or relevant work experience
Additional Qualifications and Skills
- BA or BS in Computer Science, Information Management, or equivalent experience.
- Six or more years of progressive experience in the information security field, in a hands-on technical role.
- Excellent written and verbal communication skills and can translate security objectives to cross-functional partners.
- Ability to understand business needs and develop solutions.
- Must be able to work in a collaborative team environment.
- Ability to multi-task and work cooperatively with a diverse range of people. Must have strong interpersonal skills.
- Solid understanding of enterprise security principles and best practices.
- Working knowledge of endpoint/server security and network security.
- Experience in supporting a Security Operations Center as a Security Operations or Cyber Defense team member or leader.
- Experience with Splunk, Elastic, or other products as a SIEM
- Experience with products and concepts in the Endpoint and Server protection space such as: Exploit mitigation, Attack surface reduction, EDR, and DLP.
- Track record of deploying and supporting enterprise level security solutions.
- Track record of maturing security capabilities to proactively identify security threats and develop detections.
- Experience with ensuring effective signal/log correlations and alerts
- Experience responding to incidents to drive containment and remediation.
- Proficient in many with deep expertise in several cybersecurity technologies, IT concepts, strategies and methodologies, as well as security aspects of multiple platforms, operating systems, software, communications and network protocols.
- Understanding of the mechanics of OS exploits, and methods for preventing and/or detecting OS exploits as well as tactics, techniques, and procedures (TTPs) used by threat actors against endpoints
- Experience with CASB
- Experience with Secure Enclaves
Additional Information
Please note that we are currently conducting a majority of interviews and onboarding remotely and virtually. We appreciate your understanding.
The Harvard Medical School is not able to provide visa sponsorship for this position.
Not ready to apply? Join our talent community to keep in touch and learn about future opportunities!
Commitment to Equity, Diversity, Inclusion, and Belonging
We are committed to cultivating an inclusive workplace culture of faculty, staff, and students with diverse backgrounds, styles, abilities, and motivations. We appreciate and leverage the capabilities, insights, and ideas of all individuals. Harvard Medical School Mission and Community ValuesEEO Statement
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.Harvard Medical School strives to cultivate an environment that promotes inclusiveness and collaboration among students, faculty and staff and to create new avenues for discussion that will advance our shared mission to improve the health of people throughout the world.