Network Security Ops Engineer

Reporting to the Director of Network Services, the Network Security Operations Engineer (NSOE) is a vital hybrid role that combines advanced technical skills with operational management to safeguard the university’s on-premises and cloud (Azure) network infrastructure, fulfilling comprehensive network security visibility requirements at the campus Network and Security Operations Center (NSOC). As a key liaison between Network Services, Cloud Operations, and the Information Security Office (ISO), the NSOE oversees hybrid (on-prem/Azure) network security operations, improves workflows, and manages the entire lifecycle of security incidents, service requests, and NSOC tasks—ensuring alignment with zero-trust principles and cybersecurity best practices.

The NSOE proactively monitors, investigates, and responds to threats using Azure-native and integrated security tools, including SIEM (Sentinel), CASB, Solar Winds Observability Platform, Azure Firewall, Network Security Groups for micro-segmentation, VPN gateways, Global Protect, Infoblox, and Aruba Net Edit. The role also involves optimizing configurations for firewalls, edge switches, DMZs, and secure network segmentation. Beyond technical tasks, the NSOE plays a managerial role by aligning network security with the NSOC, refining incident response protocols, and fostering collaboration between network and security teams.

• Serve as the primary network security incident coordinator at the Network and Security Operations Center (NSOC), overseeing security, event monitoring, investigation, and response in alignment with enterprise incident response protocols.
• Design and refine detection rules, alerts, and signatures based on threat intelligence, behavioral analytics (AI/ML), and attack trends.
• Conduct proactive threat hunting using SIEM analytics, endpoint telemetry (EDR/XDR), and network forensics (e.g., PCAP analysis) to identify advanced threats and stealthy attack patterns.
• Monitor and secure cloud/hybrid environments (e.g., Azure NSGs, SaaS applications) to ensure consistent visibility and policy enforcement across on-premises and cloud assets.
• Implement and enforce Zero Trust Network Access (ZTNA) policies, including micro-segmentation, identity-aware proxies, and device posture checks (e.g., via Aruba Clear Pass).
• Perform malware traffic analysis using sandboxing tools (e.g., Cuckoo, Virus Total) and correlate findings with network IDS/IPS alerts.
• Act as a liaison between Network Services, ISO, and Desktop Support to ensure security compliance across IT environments.
• Develop and report KPIs to measure security control effectiveness.
• Proactively monitor, analyze, and respond to threats using various tools, including SIEM (Microsoft Sentinel), Solar Winds, Infoblox, Aruba Net Edit, and other security tools, to ensure the rapid containment of breaches and vulnerabilities.
• Create, update, and maintain detailed internal network topology diagrams to ensure precise documentation and accurate planning.
• Proactively secure and maintain all network infrastructure devices (routers, switches, firewalls, wireless controllers) through systematic hardening of configurations, timely patching of vulnerabilities, and continuous monitoring of access controls.
• Conduct regular vulnerability assessments of network infrastructure using automated scanning tools and manual verification techniques to identify and remediate security gaps in compliance with the CIS framework control 12.
• Develop, maintain, and version-control comprehensive network architecture diagrams (including logical/physical topologies, data flows, and security zones) using industry-standard tools (e.g., Visio).
• Collaborate with network engineering and security teams to validate diagrams against real-time configurations, ensuring alignment with actual deployments and minimizing discrepancies.
• Document and audit network configurations, capturing IP/MAC addresses, VLAN assignments, and ARP tables.
• Align documentation with NIST SP 800-53 (CM-2, CM-6) and CIS Controls for audit readiness and risk management.
• Support disaster recovery and business continuity planning by ensuring network documentation reflects failover paths, redundant systems, and critical dependencies.
• Integrate diagrams with Sentinel to support real-time impact analysis during incidents and facilitate cross- team validation sessions with Security, Networks, and Operations teams to ensure accuracy and compliance.
• Operate and optimize SIEM (e.g., Microsoft Sentinel) to centralize security event alerting (CIS Safeguard 13.1), correlating logs from network devices, endpoints, and cloud services. Tune alert thresholds (CIS Safeguard 13.11) to reduce false positives and prioritize critical threats.
• Deploy and manage network/host-based IDS/IPS solutions (CIS Safeguards 13.2, 13.3, 13.7, 13.8), including NIDS, EDR, and CSP-native tools (e.g., Azure Network Watcher), to detect and block malicious activity across enterprise assets.
• Enforce traffic…