Cybersecurity Analyst; Digital Forensics​/Incident Response

Reporting to the Manager of Cybersecurity Operations, the Cybersecurity Analyst supports Columbia University’s enterprise-wide Digital Forensics and Incident Response (DFIR) program. This role focuses on threat detection, incident handling, forensic investigation, and risk remediation. The analyst will collaborate across IT teams to strengthen security posture, improve detection and response capabilities, and mitigate cyber threats impacting the University’s systems, networks, and cloud environments.

• Initiates and supports DFIR investigations, including identification, containment, eradication, and recovery from cyberattacks.
• Conducts endpoint and network forensic analysis to determine root cause and impact.
• Performs malware analysis, memory forensics, and reverse engineering as needed.
• Coordinates incident response efforts across IT teams, including phishing, DDoS, malware, and data breach events.
• Develop post-incident reports and lessons-learned documentation to improve future response efforts.
• Creates and optimizes SIEM alerts, dashboards, and metrics to proactively identify suspicious activity.
• Monitors intrusion detection systems, log sources, and other telemetry for security events.
• Investigates anomalies using Net Flow, packet capture, DNS logs, and endpoint data.
• Continuously refines detection logic to address evolving attacker tactics.

• Develops and maintains incident response playbooks, workflows, and operational documentation.
• Collaborate with campus IT departments to integrate standardized IR processes.
• Enhance operational readiness through tabletop exercises and simulation drills.
• Supports vulnerability management and assist in remediation prioritization.
• Extend incident response and monitoring capabilities into cloud environments (AWS, Azure, GCP).
• Oversees cloud configuration and vulnerability assessments to maintain security compliance.

• Participates in a 24/7 on-call rotation, responding to high-severity incidents as required.
• Administers endpoint security tools, including application allow listing and data loss prevention solutions.
• Stays informed on emerging threats, vulnerabilities, and security best practices.
• Willingness to attend cybersecurity-related training and seek security certifications when offered.
• All other duties as assigned.

• Bachelor's degree or equivalent experience required.
• Minimum 3-5 years’ related experience.
• 2+ years of experience with endpoint forensic tools and investigation techniques.
• 2+ years of experience building alerts and dashboards in a SIEM platform.
• Hands‑on experience with incident response, vulnerability management, and security monitoring at scale.
• Proficiency in analyzing Net Flow, packet data, DNS, and system logs for investigative purposes.
• Strong knowledge of exploits and attack vectors (e.g., OWASP Top 10, privilege escalation).
• Familiarity with multiple operating systems:
  Windows, macOS, Linux/Unix, and mobile platforms (iOS/Android).
• Excellent written and verbal communication skills.
• Demonstrated ability to work in a fast‑paced, deadline‑driven environment.
• Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical, thinking, communication and influencing skills, and technical expertise.
• Ability to work with changing priorities and with multiple projects.
• Ability to be precise and attentive to detail is essential.
• Ability to work with minimal supervision.
• Ability to work weekends and off‑hours as and when needed.

• Advanced degree in Computer Science, Information Security, or a related field.
• Experience scripting and automating tasks using Python, Power Shell, or similar languages.
• Familiarity with SOAR platforms and automation workflows.
• Background in penetration testing or network security engineering.
• Experience with identity and access management tools and projects.
• Security certifications (e.g., Security+, CISSP, GIAC, CISM, CEH).
• Cloud security certification (e.g., AWS Security Specialty, Azure Security Engineer, Cloud+).

Equal Opportunity Employer / Disability / Veteran

Columbia University is committed to the hiring of qualified local residents.