Senior It Security Engineer

The Intrusion Detection & Incident Response (ID/IR) team of Digital Security & Trust (DST) seeks a highly motivated and skilled IT Security professional to become part of our great University. DST provides a wide range of security services to the entire University including its branch campuses, while operating under the direction of the University CISO in partnership with the University CIO. This position reports to the ID/IR team Lead.

In this role, you will be a senior technical member of the team, supporting ID-IR activities for local network and cloud-based systems & services. Our perfect candidate is curious about technology, someone who likes to take things apart to learn how they work and enjoys finding clues and solving puzzles by using computers and other devices. Being a Senior IT Security Engineer, job duties will be conducted with a high level of autonomy. Your tasks will vary from day-to-day, which include: monitor and report on IT Security related events by reviewing detections within tools and network & cloud services, as well as analyze activity logs and review reports & dashboards within Splunk based upon local network & account activity; investigate and gather data using EDR (Endpoint Detection and Response) and forensics tools for reported/detected IT security incidents; create investigation summaries and reports that present findings in a non-biased, evidence-based nature; work with incident stakeholders to define appropriate response actions and remediation plans for security incidents; create policies to enhance automated response capabilities within IDS/IPS (Intrusion Detection/Protection System); design dashboards and reports in Splunk to display IT security related info; gather data and contribute to regular security reports shared with University leadership.

Becoming a part of Ohio State gives you access to great benefits including no-cost education and training, as well as flexible work arrangements, including the choice of your regular work location, whether fully remote, daily within the office, or a hybrid setup.
Required Education/Experience
Bachelor's level degree with a major in Computer Science, Information Science, Mathematics, Statistics, or an equivalent combination of education and experience; at least 6 years demonstrated experience in roles within IT security/risk -OR- at least 8 years of experience performing technical roles within other IT fields; in-depth experience with analyzing system and network activity logs within Splunk or a similar log/event management tool; understanding of IT security best practices for monitoring, intrusion detection, and incident remediation; knowledge of TCP/IP networking fundamentals and experience with performing Internet protocol analysis; experience using Unix/Linux systems via a command-line interface (CLI); ability to organize and prioritize to meet established deadlines; excellent verbal and written communication skills and the ability to establish and communicate security concepts to a wide range audiences with varying levels of technical and security expertise

Desired Education/Experience
Hands-on experience in Intrusion Detection and IT Security Operations; CISSP, CRISC, CISA or other relevant security certification; advanced Splunk experience, including writing complex searches, performing field extractions, creating saved searches, and designing dashboards; understanding of AWS, Azure, and incident response of cloud-based services; experience with writing regular expressions (RegExes) for text extraction and analysis; familiarity with disk/file forensics tools such as FTK, Autopsy, and Encase; ability to write custom scripts in python, PowerShell, sh/csh/bash, etc.; use of data from external IT Security information sources including commercial threat intelligence services.