Reporting to the Chief Information Security Officer (CISO), the main responsibilities of this position center on providing technical expertise and leadership in driving ECU's CSOC team initiatives, processes and day-to-day functions for ensuring/improving the overall cyber security posture for the University. The position functions in a high-level technical capacity which includes developing, implementing, supporting, and providing technical consultation on security issues. The position mentors other personnel and functions as subject matter expert for complex cyber security related solutions. The CSOC Supervisor advises and provides recommendations to the CISO on the planning, development, execution, monitoring, and evaluation of cyber security strategies, policies, procedures, and standards to ensure the confidentiality, integrity, and availability of university IT resources and data.
The position's duties include supervision of the Cyber Security Operations Center team, providing direction on the day-to-day planning and organizing of team members' work, and conducting performance evaluations. The individual in this position may also be called upon to supervise student interns. Supervision duties includes time management and quality of work supervision. Observes and assesses work performed on a day-to-day basis providing feedback and direction for planning and organization of the work of the CSOC team members and vendor resources. Holds team meetings and one-to-one meetings with individual team members.
This position will provide expert level support in assisting team members as well as other support teams and university users with identifying, addressing and/or resolving complex security related issues concerning endpoints, servers, applications, information systems, network infrastructure, and physical security. This position is responsible for knowledge of various security systems and technologies that are associated with incident response management; system audits; and identifying and remediating potential security issues. This includes but is not limited to analysis of the output of security alerting tools, development and execution of plans to remediate issues; coordinate and collaborate with ITCS teams and external departments to ensure their systems meet the required security standards set in place for the university; research and stay current on security technologies, trends, issues, threats and solutions; and assist the CISO with the development of security practices for the university, while recommending appropriate security initiatives.
Proactively assesses the implications of vulnerabilities on the network and potential risk to IT systems and data. Analyzes information obtained from intrusion detection and prevention systems and works with security protocols and standards including recommended blocks to apply.
Provides support that involves complex analysis techniques that include an in-depth understanding of security technical controls, IT networks, and systems. Performs detailed evaluations of technical controls and configuration of networks and systems requiring a deep knowledge of a wide variety of IT systems, security controls, and security tools. Leverages an applied understanding of IT technologies, security risks, and controls to develop effective approaches that identify the highest risk issues and advise the CISO and other team members on the best approach for addressing the identified issues. Provides information to management regarding the negative impact on the university caused by cyber incidents that may disrupt, damage, or deny access to IT systems or data.
Integral to this position is maintaining broad knowledge of industry standards and best practice security frameworks including ISO 27002, NIST, and CIS 20.
This position functions in a high-level technical capacity and facilitates and manages the identification and remediation of vulnerabilities. Of particular emphasis is overseeing the university's vulnerability management processes for servers, working with the Enterprise Systems team to provide technical oversight of campus-wide vulnerability management goals, while steering system administrators toward remediating issues. Oversees and/or performs vulnerability scanning using vulnerability assessment tools including Rapid7 InsightVM. The position provides analysis on which vulnerabilities may potentially be exploited, especially in a higher education IT environment. Ensures that proper documentation is in place regarding configuration of the vulnerability management system, record of systems monitored, and contact information for system or application administrators.
Is involved in the evaluation of vulnerabilities and threats and to determine and recommend safeguards for system or application owners. Is involved in the development of corrective plans, mitigations, and full remediation actions. Understands and communicates attack chains to management and other stakeholders. Serves as the Chair of the Vulnerability Management Committee.
This position is responsible for overseeing the monitoring, detection, and analysis of security events from logs and alerts generated by critical IT assets such as network devices and applications sent to tools such as a Security Information and Event Management (SIEM) solution. Supervises CSOC team members in regular monitoring of security alerts to determine relevancy and urgency. Provides expertise and leadership to utilize threat intelligence and reporting capabilities to analyze data from multiple feeds to better detect and respond to cyber attacks and decrease risk to assets or data.
Oversees the tracking and managing of adverse security events or threats affecting the university's network, and manages processes for creating trouble tickets for security incidents that require further investigation. Provides technical expertise in identifying affected systems and the scope of potential compromise, conducts further technical investigation, and determines and directs remediation and recovery efforts.
This position is responsible for overseeing and/or performing as a technical resource for digital forensic investigations. Evaluates, manages and maintains digital investigation resources. Assists Internal Audit with the use and integration of the solution within their investigation workflow. Ensures users are provided with an update on resource changes as they may impact use.
This position works with legal and compliance teams investigating matters which are information security related. Assists or may be requested to assist in investigations as requested by forensically preserving and analyzing digital evidence and presenting the findings in an objective manner. This may include but is not limited to carrying out deep dives on digital devices on laptops, desktops, servers, mobile phones and other electronic devices that may contain ECU data. Analyze systems after compromise to provide insight. This position manages the maintenance of processes and procedures for forensic investigations.
Security Incident Response
This position is responsible for overseeing and performing as a part of the core security incident response team. Responsible for ensuring that security incident standard operating procedures are consistently followed while maintaining procedures and process documents so that they're revised if necessary and kept up-to-date. Oversees the progress of investigations pertaining to security incidents, ensures quality control for security incident report documentation. Conducts access control reviews for incident response document repositories containing data pertaining to security incidents or vulnerabilities.
To be a national model for student success, public service and regional transformation, East Carolina University uses innovative learning strategies and delivery methods to maximize access; prepares students with the knowledge, skills and values to succeed in a global, multicultural society; develops tomorrow's leaders to serve and inspire positive change; discovers new knowledge and innovations to support a thriving future for eastern North Carolina and beyond; transforms health care, promotes wellness, and reduces health disparities; and improves qualify of life through cultural enrichment, academics, the arts, and athletics. We accomplish our mission through education, research, creative activities, and service while being good stewards of the resources entrusted to us. East Carolina University delivers on the promise of opportunity. We open doors. We improve lives. We transform the present, and we discover the future. In these ways and more, we serve our community, our state, our nation and our world as together we reach toward our greatest potential. Tomorrow starts here.