InfoSec Operations Specialist

About The Position

Requirements

• 2+ years of experience in a security or network operations center
• Demonstrated IT security analyst skills through certification (e.g. CompTIA Security+ or GIAC Security Essentials certification or equivalent credentials or analogous proven experience)
• Critical thinking, analytical skills, and strong problem-solving skills
• Solid organizational skills, written and oral communication skills, and attention to detail
• Demonstrated commitment to professional customer service
• Ability to work in a team environment with strong collaboration and interpersonal skills
• Ability to work and communicate effectively with campus colleagues possessing various levels of IT understanding
• Ability to work in a fast-paced IT service organization, sometimes requiring re-prioritization of work and project schedules
• Ability to work non-standard hours during incident response and other IT security emergencies including evenings and weekends
• Demonstrated willingness to learn new technologies and skills as the needs of the industry and the Princeton University change
• Education: Bachelor’s Degree or equivalent work experience

Nice To Haves

• Experience with Palo Alto Networks security solutions, including XSIAM and Cortex XDR
• Experience with IP-based networking and Windows, MacOS, and Linux computer operating systems

Responsibilities

• Work closely with OIT and distributed IT teams (IT@Princeton) in departments, research labs, and administrative units to investigate security events, analyze digital evidence, and strengthen the University’s cybersecurity protections
• Monitor automated SecOps platform, confirming playbook automation effectiveness, and when necessary, escalate issues, contact impacted individuals and/or IT@Princeton colleagues
• Draft procedural documentation as needed for operational records
• Perform forensic acquisition and analysis of endpoints, servers, cloud workloads, and network artifacts.
• Collect, preserve, and document digital evidence in accordance with legal, regulatory, and University requirements.
• Analyze logs, memory images, file systems, and network traffic to determine root cause, scope, and impact.
• Produce clear, defensible investigative reports for technical and nontechnical audiences.
• Support coordination with the Office of the General Counsel, Audit and Compliance, and external forensic partners when needed
• Serve as a proactive threat hunter by analyzing alerts from SIEM, EDR, IDS/IPS, cloud security tools, and other telemetry sources.
• Assist in development of detection rules, correlation logic, and behavioral analytics to improve signal-to-noise ratio
• Identify emerging threats and suspicious activity across on-premises and cloud IT environments
• Collaborate with IT@Princeton colleagues to expand visibility across decentralized systems
• Serve as a responder for cybersecurity incidents, including malware events, unauthorized access, data exposure, and compromised accounts.
• Execute containment, eradication, and recovery actions across diverse platforms and research environments.
• Maintain and improve incident response playbook workflows and communication protocols.
• Participate in after-action reviews and contribute to institutional lessons learned
• Participate in professional development training and conferences as approved by management to maintain and improve technical and service knowledge.
• Monitor relevant industry and higher education information security resources and bulletins to help ensure the University is current with information on perceived and existing threats to its information systems, data integrity, digital identities, networked devices; ensure this information is disseminated as outlined in operational playbooks

Benefits

• The University also offers a comprehensive benefit program to eligible employees.