General Summary:

Reporting to the Director of Network Services, the Network Security Operations Engineer (NSOE) is a vital hybrid role that combines advanced technical skills with operational management to safeguard the university’s on-premises and cloud (Azure) network infrastructure, fulfilling comprehensive network security visibility requirements at the campus Network and Security Operations Center (NSOC). As a key liaison between Network Services, Cloud Operations, and the Information Security Office (ISO), the NSOE oversees hybrid (on-prem/Azure) network security operations, improves workflows, and manages the entire lifecycle of security incidents, service requests, and NSOC tasks—ensuring alignment with zero-trust principles and cybersecurity best practices. The NSOE proactively monitors, investigates, and responds to threats using Azure-native and integrated security tools, including SIEM (Sentinel), CASB, SolarWinds Observability Platform, Azure Firewall, Network Security Groups for micro-segmentation, VPN gateways, GlobalProtect, Infoblox, and Aruba NetEdit. The role also involves optimizing configurations for firewalls, edge switches, DMZs, and secure network segmentation. Responsibilities include conducting root cause analyses, vulnerability assessments, and risk mitigation, as well as coordinating with the ISO team to contain breaches and improve detection through AI/ML/DL network behavioral analytics. Additionally, the NSOE will assist in network design, performance testing, capacity planning, and policy development to ensure compliance with industry standards. Beyond technical tasks, the NSOE plays a managerial role by aligning network security with the NSOC, refining incident response protocols, and fostering collaboration between network and security teams. This position bridges the cloud and on-premises security gaps, maintaining a unified defense posture across the university’s expanding hybrid ecosystem. It ensures that the organization maintains a single source of truth for network infrastructure, enabling efficient troubleshooting, risk assessment, and strategic planning. The role may require after-hours support for emergencies, network upgrades, and critical security events. The ideal candidate will have strong expertise in SOC/NOC environments, network security administration, and multi-vendor device management, as well as the ability to drive continuous improvement in both security posture and operational efficiency. 

Examples of Duties:

• Serve as the primary network security incident coordinator at the Network and Security Operations Center (NSOC), overseeing security, event monitoring, investigation, and response in alignment with enterprise incident response protocols.
• Design and refine detection rules, alerts, and signatures based on threat intelligence, behavioral analytics (AI/ML), and attack trends.
• Conduct proactive threat hunting using SIEM analytics, endpoint telemetry (EDR/XDR), and network forensics (e.g., PCAP analysis) to identify advanced threats and stealthy attack patterns.
• Monitor and secure cloud/hybrid environments (e.g., Azure NSGs, SaaS applications) to ensure consistent visibility and policy enforcement across on-premises and cloud assets.
• Implement and enforce Zero Trust Network Access (ZTNA) policies, including micro-segmentation, identity-aware proxies, and device posture checks (e.g., via Aruba ClearPass).
• Perform malware traffic analysis using sandboxing tools (e.g., Cuckoo, VirusTotal) and correlate findings with network IDS/IPS alerts.
• Act as a liaison between Network Services, ISO, and Desktop Support to ensure security compliance across IT environments.
• Develop and report KPIs to measure security control effectiveness.
• Proactively monitor, analyze, and respond to threats using various tools, including SIEM (Microsoft Sentinel), SolarWinds, Infoblox, Aruba NetEdit, and other security tools, to ensure the rapid containment of breaches and vulnerabilities.
• Create, update, and maintain detailed internal network topology diagrams to ensure precise documentation and accurate planning.
• Proactively secure and maintain all network infrastructure devices (routers, switches, firewalls, wireless controllers) through systematic hardening of configurations, timely patching of vulnerabilities, and continuous monitoring of access controls.
• Conduct regular vulnerability assessments of network infrastructure using automated scanning tools and manual verification techniques to identify and remediate security gaps in compliance with the CIS framework control 12.
• Develop, maintain, and version-control comprehensive network architecture diagrams (including logical/physical topologies, data flows, and security zones) using industry-standard tools (e.g., Visio).
• Collaborate with network engineering and security teams to validate diagrams against real-time configurations, ensuring alignment with actual deployments and minimizing discrepancies.
• Document and audit network configurations, capturing IP/MAC addresses, VLAN assignments, and ARP tables.
• Align documentation with NIST SP 800-53 (CM-2, CM-6) and CIS Controls for audit readiness and risk management.
• Support disaster recovery and business continuity planning by ensuring network documentation reflects failover paths, redundant systems, and critical dependencies.
• Integrate diagrams with Sentinel to support real-time impact analysis during incidents and facilitate cross- team validation sessions with Security, Networks, and Operations teams to ensure accuracy and compliance.
• Operate and optimize SIEM (e.g., Microsoft Sentinel) to centralize security event alerting (CIS Safeguard 13.1), correlating logs from network devices, endpoints, and cloud services. Tune alert thresholds (CIS Safeguard 13.11) to reduce false positives and prioritize critical threats.
• Deploy and manage network/host-based IDS/IPS solutions (CIS Safeguards 13.2, 13.3, 13.7, 13.8), including NIDS, EDR, and CSP-native tools (e.g., Azure Network Watcher), to detect and block malicious activity across enterprise assets.
• Enforce traffic filtering between network segments (CIS Safeguard 13.4) and port-level access controls (802.1X/Certificates) (CIS Safeguard 13.9). Implement application-layer filtering (CIS Safeguard 13.10) via proxies/firewalls to mitigate lateral threats.
• Govern remote access security (CIS Safeguard 13.5) through Zero Trust policies (e.g., conditional access, endpoint compliance). Collect and analyze network flow logs (CIS Safeguard 13.6) to identify anomalies and support forensic investigations.
• Develop and execute an audit framework to inventory all network assets, including switches, routers, wireless controllers, and security appliances, while capturing:
o IP/MAC address bindings with device ownership details
o VLAN assignments and segmentation schemas
o ARP tables and Layer 2/Layer 3 topology mappings
o Firewall rulesets and access control lists (ACLs)
o Device configurations (running/startup configs)
• Implement automated discovery tools (such as Aruba NetEdit, SolarWinds, or custom scripts) to:
o Continuously monitor network state
o Detect configuration drift
o Identify shadow IT devices
o Validate compliance with security baselines
• Produce yearly gap analysis reports to highlight risks in current network architecture, identify opportunities for optimization during the Aruba transition and document technical debt requiring remediation within the yearly Plan of Action and Milestones (POAM) in a Network Security Improvement Project.
• Produce comprehensive yearly gap analysis reports to assess risks within the current network architecture, identify optimization opportunities, and document technical debt requiring remediation as part of the annual POAM within the Network Security Improvement Project. These reports will serve as a critical tool for guiding strategic decisions, ensuring network security enhancements, and driving continuous improvement across the infrastructure.
• Collaborate cross-functionally with various teams to ensure alignment and successful execution of key initiatives, including working with the Information Security Office to support Zero Trust initiatives, partnering with Network Engineering teams to validate migration plans, and coordinating with the Service Desk to update knowledge base articles.
• Drive efforts to minimize mean time to repair (MTTR), strengthen the organization’s security posture, and maintain seamless business continuity during the network modernization initiative led by the Director of Network Services; success will be measured by the timely delivery of thorough configuration documentation, the discovery and remediation of unidentified network assets, and a smooth migration to the new Aruba environment—ensuring enhanced operational efficiency and network reliability.
• Manage and troubleshoot network devices using SecureCRT for secure CLI access, real-time monitoring, and diagnostics—resolving misconfigurations, performance issues, and connectivity problems to minimize downtime.
• Automate and standardize network operations by developing SecureCRT scripts (VBScript/Python/Expect) and configuration templates, ensuring consistency, security compliance, and efficiency in upgrades, migrations, and capacity planning.
• Lead and coordinate incident response efforts, collaborating with cross-functional teams (Network Services, ISO, IT, IT Partners, and other stakeholders) to mitigate security incidents efficiently.
• Conduct post-incident reviews to identify gaps, refine security controls, and minimize future risks.
• Assist in network design, capacity planning, and performance testing, ensuring alignment with security best practices and industry standards.
• Partner with Network Services and ISO to develop and deliver clear, timely communications regarding network security initiatives, outages, and critical updates to stakeholders.
• Translate complex network security concepts into accessible messaging for non-technical audiences, ensuring campus-wide awareness of cybersecurity risks and best practices.
• Assist in the creation of network status dashboards, outage notifications, and service bulletins to keep the community informed of operational changes.
• Assist with risk assessments, security audits, and penetration testing to identify and mitigate weaknesses.
• Stay informed about emerging cyber threats, attacker tactics, and industry trends to refine defensive strategies.
• Perform after-hours support for critical security incidents, network upgrades, and emergency response.
• Participate in the training and supervision of student employees, supporting their professional development.
• Deliver high-quality customer service, including awareness training and coaching.
• Perform other duties as assigned.

Qualifications: Required Qualifications (non-negotiable)
• Master’s degree in Cybersecurity, Information Technology, or a related field and coursework.
• Minimum five (5) years of hands-on cumulative experience in a Network and Security Operations Center (NSOC) environment, with higher education experience preferred.
• CISSP (Certified Information Systems Security Professional) certification or eligibility to be earned within 6 months of hire.
• Experience with security frameworks (NIST, CIS, ISO 27001) and compliance standards.
• Proven ability to diagnose and resolve complex network security issues in enterprise environments.
• Strong technical skills across Microsoft Windows and Macintosh Operating System platforms, common applications (Excel), and utilities required.
• Demonstrated proficiency with enterprise security and network tools, including but not limited to:
o SIEM, IDS/IPS, EDR/XDR, firewall platforms, behavioral analytics, and
o SolarWinds for network monitoring.
o Network access control (NAC) implementations (Aruba ClearPass).
o Network forensic tools (i.e., Wireshark).
o Vulnerability management platforms (Nessus, TenableOne, Rapid7).
o Cloud security tools (Azure Security Center)
o NetEdit for Aruba switch and config management.
o SecureCRT and Putty for SSH and console to equipment.
o CoPilot AI for packet trace analysis for threat hunting.
o Wireshark for packet analysis.
o Airwave wireless monitoring.
o Aruba Wireless controllers and conductors.
o Integrated ClearPass for 802.1x and RADIUS.
o Access Points dedicated to RF and IDS analysis.
o XMC (eXtreme Management Center) for eXtreme switch and config management.
o UXI (User Experience Sensor) monitoring.
o Visio and Draw.io.
o Excel Spreadsheets.
• Hands-on experience configuring, monitoring, and troubleshooting security and network technologies in production environments
• Working knowledge of industry-standard network and security platforms and their implementation best practices.

Application Instructions: 

Please apply online with your resume, cover letter and list of three professional references.

Review of candidates will begin following the application closing date. 

Only Internal candidates in the Professional Staff Bargaining Unit will be considered during the first 10 business days of the posting.  All other candidates will be considered after that period. 

Salary Ranges for the appropriate Pay Grade can be found at the following link: 

Grade: 35             

Salary Ranges

This is an exempt union position. 

All official salary offers must be approved by Human Resources.