InfoSec Operations Specialist

Overview

The Information Security Operations Specialist is responsible for daily monitoring, analysis, and response activities within the Information Security Office (ISO). Reporting to the Manager of Security Operations, the Specialist provides expertise in security operations, digital forensics, threat hunting, and data protection.

This role requires a strong understanding of information technology systems and supports the ISO mission in proactive security monitoring and response across the University's IT environments. The Specialist applies solid knowledge of network, system, and mobile device security, and attains security certifications as required. The Specialist also understands Princeton's institutional culture, policies, governance, and mission. The Specialist stays current with information security industry developments and trends related to tactics, techniques, and procedures. The Specialist participates in developing solutions and services for the University's cybersecurity programs.

This position is a hybrid role.

Responsibilities

Security Operations

• Work closely with OIT and distributed IT teams (IT@Princeton) in departments, research labs, and administrative units to investigate security events, analyze digital evidence, and strengthen the University's cybersecurity protections
• Monitor automated SecOps platform, confirming playbook automation effectiveness, and when necessary, escalate issues, contact impacted individuals and/or IT@Princeton colleagues
• Draft procedural documentation as needed for operational records

Digital Forensics

• Perform forensic acquisition and analysis of endpoints, servers, cloud workloads, and network artifacts.
• Collect, preserve, and document digital evidence in accordance with legal, regulatory, and University requirements.
• Analyze logs, memory images, file systems, and network traffic to determine root cause, scope, and impact.
• Produce clear, defensible investigative reports for technical and nontechnical audiences.
• Support coordination with the Office of the General Counsel, Audit and Compliance, and external forensic partners when needed

Threat Detection and Monitoring

• Serve as a proactive threat hunter by analyzing alerts from SIEM, EDR, IDS/IPS, cloud security tools, and other telemetry sources.
• Assist in development of detection rules, correlation logic, and behavioral analytics to improve signal-to-noise ratio
• Identify emerging threats and suspicious activity across on-premises and cloud IT environments
• Collaborate with IT@Princeton colleagues to expand visibility across decentralized systems

Incident Response Operations

• Serve as a responder for cybersecurity incidents, including malware events, unauthorized access, data exposure, and compromised accounts.
• Execute containment, eradication, and recovery actions across diverse platforms and research environments.
• Maintain and improve incident response playbook workflows and communication protocols.
• Participate in after-action reviews and contribute to institutional lessons learned

Professional Development

• Participate in professional development training and conferences as approved by management to maintain and improve technical and service knowledge.
• Monitor relevant industry and higher education information security resources and bulletins to help ensure the University is current with information on perceived and existing threats to its information systems, data integrity, digital identities, networked devices; ensure this information is disseminated as outlined in operational playbooks

Qualifications

• 2+ years of experience in a security or network operations center
• Demonstrated IT security analyst skills through certification (e.g. CompTIA Security+ or GIAC Security Essentials certification or equivalent credentials or analogous proven experience)
• Critical thinking, analytical skills, and strong problem-solving skills
• Solid organizational skills, written and oral communication skills, and attention to detail
• Demonstrated commitment to professional customer service
• Ability to work in a team environment with strong collaboration and interpersonal skills
• Ability to work and communicate effectively with campus colleagues possessing various levels of IT understanding
• Ability to work in a fast-paced IT service organization, sometimes requiring re-prioritization of work and project schedules
• Ability to work non-standard hours during incident response and other IT security emergencies including evenings and weekends
• Demonstrated willingness to learn new technologies and skills as the needs of the industry and the Princeton University change
• Education: Bachelor's Degree or equivalent work experience

Preferred:

• Experience with Palo Alto Networks security solutions, including XSIAM and Cortex XDR
• Experience with IP-based networking and Windows, MacOS, and Linux computer operating systems

Standard Weekly Hours 36.25

Eligible for Overtime No

Benefits Eligible Yes

Probationary Period 180 days

Essential Services Personnel (see policy for detail) No

Physical Capacity Exam Required No

Valid Drivers License Required No

Experience Level Associate

Salary Range $79,000 to $87,000