Service Operations Analyst II - Security

Weill Cornell Medicine•New York, NY

54d•$95,000 - $117,300

About The Position

The Service Operations Analyst II - Security position is a senior IT Operations team member who can determine the most effective and efficient way to conduct a series of operational activities in a high-volume diverse environment. The ideal candidate will have a combination of proven technical experience, a solid foundation in operating systems, and considered to be a SME (subject matter expert) in a specific domain such as Network, Security, or Infrastructure (including Cloud). This role will provide IT technical leadership across the primary technologies to the WCM community. They are responsible for identifying incidents, events, and analyzing problem trends, overseeing the management and resolution of issues. The role is responsible for correlating events, identifying event trends, identifying problems and contributing to root cause analysis. They troubleshoot and resolve discovered issues under the scope of Operations Center-supported services. This role equires technical acumen, excellent communication skills, troubleshooting skills, and the ability to facilitate and manage technical bridge lines that cross multiple domains. They need to quickly determine root cause, business impact, and resolve issues as quickly as possible.

Requirements

Bachelor's degree in a related field, or five years of equivalent technical experience required.
Experience with LDAP, Active directory, DNS and DHCP technologies.
Experience with monitoring tools, various operating systems, backup, and cloud technologies.
Experience with PowerShell, Bash, Python, and Perl scripting.
Information security certifications, such as Security+, CEH, GIAC, SSCP
Basic understanding of the legal aspects of data acquisitions and electronic discovery
Strong conceptual thinking, verbal, and communication skills
Strong understanding of logging or security event and incident management systems, such as Syslog, Splunk, etc.
Experience using security tools, such as Metasploit, nmap, Kali, Backtrack Linux, Wireshark, netcat, etc.)
Responds to alerts generated by our security event and incident management (SEIM) and log management platform, Splunk Enterprise Security
Basic understanding of a variety of incidents and attack vectors, such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity.
Excellent written and verbal communication skills.
Results driven individual who enjoys working in a fast paced and challenging environment.
Capable of working independently with little supervision or direction.
Excellent operations, troubleshooting, and critical thinking skills.
Technical acumen and the ability to facilitate and manage technical bridge lines that cross multiple domains.
Ability to quickly determine root cause, business impact and resolve issues as quickly as possible.

Nice To Haves

ITIL v3 Foundations highly desired.
Advanced Linux, Microsoft, VMware, Network, Cisco, AWS, Azure, Security certification preferred.

Responsibilities

Responsible for monitoring and troubleshooting of processes, system triage and recovery for all infrastructure, applications, and data center(s) environments. Identifies operational risks and proposes alternative solutions.
Participates in technical escalation of IT issues, collaborating with both application and operational teams through systems analysis, diagnosis, trouble-shooting, performance analysis and resolution.
Drives problem analysis and incident trending improvement opportunities. Works with Service Owners and Operational Management to drive continual improvement initiatives.
Documents and represents operational requirements in service forums.
Drives problem management initiatives and serves as a point of contact for the management of critical incidents.
Serves as the primary contact for Service Owners to ensure operational readiness during service transition.
Serves as escalation point for junior analysts in monitoring and troubleshooting of all SOC-monitored services, including Infrastructure, Networks, applications and monitored applications. Performs triage and remediation of detected issues.
Provides training and guidance for junior team members.
Provides backup for junior analysts in responding to tickets and phone queue for Service Operations Center.
Provides backup for junior analysts in monitoring event console, identifying patterns of activity that could warrant technical intervention to resolve prior to a production outage.
Administers servers, storage, and/or backup technologies.
Assists with data acquisitions, electronic discovery, and forensic investigations.
Works collaboratively with engineering team to provide continuing service management and support on all production and test/development systems. Provides support and maintenance for all current and new systems.
Provides ongoing support and management of monitoring tools. Participates in an on-call and/or shift rotation that provides 24x7x365 coverage, including management and monitoring of mission critical systems and networks.
Ensures that service requests are fulfilled as per the operational level agreement and committed fulfillment time.
Develops knowledge base articles and work instructions for inclusion into knowledge base of record. Follows WCM ITIL process work flows to ensure operational tasks and activities are being followed for incident, request, change and event management.
Follows the change management process for operational change tasks to ensure compliance for change management. Ensures all change management tasks are complete.
Occasionally assists with data center(s) activities such as shipping, delivery, inventory, and operational tasks.