"Cybersecurity Analyst (Digital Forensics/Incident Response)"

Position Summary

Reporting to the Manager of Cybersecurity Operations, the Cybersecurity Analyst supports Columbia University’s enterprise-wide Digital Forensics and Incident Response (DFIR) program. This role focuses on threat detection, incident handling, forensic investigation, and risk remediation. The analyst will collaborate across IT teams to strengthen security posture, improve detection and response capabilities, and mitigate cyber threats impacting the University’s systems, networks, and cloud environments.

Responsibilities

Incident Response & Forensics:

• Initiates and supports DFIR investigations, including identification, containment, eradication, and recovery from cyberattacks.
• Conducts endpoint and network forensic analysis to determine root cause and impact.
• Performs malware analysis, memory forensics, and reverse engineering as needed.
• Coordinates incident response efforts across IT teams, including phishing, DDoS, malware, and data breach events.
• Develop post-incident reports and lessons-learned documentation to improve future response efforts.

Threat Detection & Monitoring:

• Creates and optimizes SIEM alerts, dashboards, and metrics to proactively identify suspicious activity.
• Monitors intrusion detection systems, log sources, and other telemetry for security events.
• Investigates anomalies using NetFlow, packet capture, DNS logs, and endpoint data.
• Continuously refines detection logic to address evolving attacker tactics.

Security Operations & Process Improvement:

• Develops and maintains incident response playbooks, workflows, and operational documentation.
• Collaborate with campus IT departments to integrate standardized IR processes.
• Enhance operational readiness through tabletop exercises and simulation drills.
• Supports vulnerability management and assist in remediation prioritization.

Cloud Security:

• Extend incident response and monitoring capabilities into cloud environments (AWS, Azure, GCP).
• Oversees cloud configuration and vulnerability assessments to maintain security compliance.

Other Responsibilities:

• Participates in a 24/7 on-call rotation, responding to high-severity incidents as required.
• Administers endpoint security tools, including application allowlisting and data loss prevention solutions.
• Stays informed on emerging threats, vulnerabilities, and security best practices.
• Willingness to attend cybersecurity-related training and seek security certifications when offered.
• All other duties as assigned.

Minimum Qualifications

• Bachelor's degree or equivalent experience required.
• Minimum 3-5 years’ related experience.
• 2+ years of experience with endpoint forensic tools and investigation techniques.
• 2+ years of experience building alerts and dashboards in a SIEM platform.
• Hands-on experience with incident response, vulnerability management, and security monitoring at scale.
• Proficiency in analyzing NetFlow, packet data, DNS, and system logs for investigative purposes.
• Strong knowledge of exploits and attack vectors (e.g., OWASP Top 10, privilege escalation).
• Familiarity with multiple operating systems: Windows, macOS, Linux/Unix, and mobile platforms (iOS/Android).
• Excellent written and verbal communication skills.
• Demonstrated ability to work in a fast-paced, deadline driven environment.
• Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical, thinking, communication and influencing skills, and technical expertise.
• Ability to work with changing priorities and with multiple projects.
• Ability to be precise and attentive to detail is essential.
• Ability to work with minimal supervision.
• Ability to work weekends and off-hours as and when needed.

Preferred Qualifications

• Advanced degree in Computer Science, Information Security, or a related field.
• Experience scripting and automating tasks using Python, PowerShell, or similar languages.
• Familiarity with SOAR platforms and automation workflows.
• Background in penetration testing or network security engineering.
• Experience with identity and access management tools and projects.
• Security certifications (e.g., Security+, CISSP, GIAC, CISM, CEH).
• Cloud security certification (e.g., AWS Security Specialty, Azure Security Engineer, Cloud+).

Job Details:

• Posted: 15-Jan-26
• Location: New York, New York
• Type: Full-time
• Categories: Staff/Administrative
• Internal Number: 554867
• Job Type: Officer of Administration
• Hours Per Week: 35
• Salary Range: $90,000 - $100,000