Department Information Security Office Category Information Technology Job Type Full-Time Overview The Information Security Operations Specialist is responsible for daily monitoring, analysis, and response activities within the Information Security Office (ISO). Reporting to the Manager of Security Operations, the Specialist provides expertise in security operations, digital forensics, threat hunting, and data protection.This role requires a strong understanding of information technology systems and supports the ISO mission in proactive security monitoring and response across the University's IT environments. The Specialist applies solid knowledge of network, system, and mobile device security, and attains security certifications as required. The Specialist also understands Princeton's institutional culture, policies, governance, and mission. The Specialist stays current with information security industry developments and trends related to tactics, techniques, and procedures. The Specialist participates in developing solutions and services for the University's cybersecurity programs.This position is a hybrid role. Responsibilities Security Operations - Work closely with OIT and distributed IT teams (IT@Princeton) in departments, research labs, and administrative units to investigate security events, analyze digital evidence, and strengthen the University's cybersecurity protections- Monitor automated SecOps platform, confirming playbook automation effectiveness, and when necessary, escalate issues, contact impacted individuals and/or IT@Princeton colleagues- Draft procedural documentation as needed for operational records Digital Forensics - Perform forensic acquisition and analysis of endpoints, servers, cloud workloads, and network artifacts.- Collect, preserve, and document digital evidence in accordance with legal, regulatory, and University requirements.- Analyze logs, memory images, file systems, and network traffic to determine root cause, scope, and impact.- Produce clear, defensible investigative reports for technical and nontechnical audiences.- Support coordination with the Office of the General Counsel, Audit and Compliance, and external forensic partners when needed Threat Detection and Monitoring - Serve as a proactive threat hunter by analyzing alerts from SIEM, EDR, IDS/IPS, cloud security tools, and other telemetry sources.- Assist in development of detection rules, correlation logic, and behavioral analytics to improve signal-to-noise ratio- Identify emerging threats and suspicious activity across on-premises and cloud IT environments- Collaborate with IT@Princeton colleagues to expand visibility across decentralized systems Incident Response Operations - Serve as a responder for cybersecurity incidents, including malware events, unauthorized access, data exposure, and compromised accounts.- Execute containment, eradication, and recovery actions across diverse platforms and research environments.- Maintain and improve incident response playbook workflows and communication protocols.- Participate in after-action reviews and contribute to institutional lessons learned Professional Development - Participate in professional development training and conferences as approved by management to maintain and improve technical and service knowledge.- Monitor relevant industry and higher education information security resources and bulletins to help ensure the University is current with information on perceived and existing threats to its information systems, data integrity, digital identities, networked devices; ensure this information is disseminated as outlined in operational playbooks Qualifications - 2+ years of experience in a security or network operations center- Demonstrated IT security analyst skills through certification (e.g. CompTIA Security+ or GIAC Security Essentials certification or equivalent credentials or analo
