Department Information
DEPARTMENT SPECIFIC TASKS AND RESPONSIBILITIES:

1. Architect, implement, and maintain the university's data loss prevention system within Microsoft Purview for Microsoft 365 and Purview for endpoints



DEPARTMENT SPECIFIC KNOWLEDGE, SKILLS, AND ABILITIES:

1. Microsoft 365 administration

2. Microsoft Defender for endpoints administration



Job Summary
Installs security measures to protect campus systems and information infrastructure. Provides timely detection, identification, and alerting of possible attacks/intrusions, or anomalous activities. Creates, monitors, and maintains safeguards to ensure the security of all systems on campus.


Responsibilities
KEY RESPONSIBILITIES:
1. Distinguishes possible attacks from benign activities within the enterprise
2. Collaborates with stakeholders to resolve computer security incidents and vulnerability
compliance
3. Receives and analyzes network alerts and determines possible causes for the alerts
4. Documents and escalates incidents (including event¿s history, status, and potential impact for
further action) that may cause ongoing and immediate impact to the environment
5. Provides daily summary reports of network events and activity relevant to cyber defense
practices
6. Identifies and analyzes anomalies in network traffic using metadata
7. Identifies network mapping and operating system (OS) fingerprinting activities
8. Monitors external data sources (e.g., cyber defense vendor sites, Computer Emergency
Response Teams, Security Focus) of cyber defense threat condition and determines which
security issues may have an impact on the enterprise
9. Validates intrusion detection system (IDS) alerts against network traffic

Required Qualifications
Educational Requirements
Bachelor's degree from an accredited institution of higher education in a related field

Other Required Qualifications
IT Security Certification

Required Experience
Four (4) years IT security experience

Preferred Qualifications
Additional Preferred Qualifications
Application security assessment experience

Preferred Experience
Experience with an enterprise log management system or SIEM (i.e., Splunk, Elastic, AlienVault, etc.), OSCP, GPEN, LPT or similar preferred
Microsoft Azure administration experience
Microsoft 365 administration experience, including Purview and Defender
Experience in the implementation of processes and procedures for cybersecurity reporting and metrics activities


Knowledge, Skills, & Abilities
ABILITIES
Able to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
Able to accurately and completely source all data used in intelligence, assessment and/or planning products
Able to handle multiple tasks or projects at one time meeting assigned deadlines

KNOWLEDGE
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Knowledge of key concepts in security management (e.g., Release Management, Patch Management)
Knowledge of scripting language (e.g. Python, PERL, BASH, PowerShell)
Knowledge of system administration, network, and operating system hardening techniques, network systems management principles, and tools
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity, defense, policies, regulations, and privacy
Knowledge of cyber threats, vulnerabilities and their impact
Knowledge of authentication, authorization, and access control methods
Knowledge of encryption algorithms and encryption methodologies Knowledge of scripting language (e.g. Python, PERL, BASH, PowerShell)

SKILLS
Excellent interpersonal, initiative, teamwork, problem solving, independent judgment, organization, communication (verbal and written), time management, project management and presentation skills
Proficient with computer applications and programs associated with the position (i.e. Microsoft Office suite)
Strong attention to detail and follow up skills
Strong customer service skills and phone and e-mail etiquette