This position will work collaboratively with OmniSOC platform engineers to manage and architect our use of Elasticsearch, our primary SIEM tool, supporting proactive and reactive information security projects. This involves troubleshooting performance issues, working with UISO and UIPO staff to integrate new features into our workflows, and building and improving new and existing dashboards. Manage local SIEM-like tools, such as an incident handling notebook service. Responsible for architecting and managing a Linux-based loghost, creating a robust, high-availability service receiving logs from a variety of sources around Indiana University. Help identify gaps in log data and work with units to find equitable log forwarding approaches to help meet the information security challenges of a high-volume, dynamic information technology environment. The incumbent will have the opportunity to become the subject matter expert on our SIEM tools and share knowledge with UISO/UIPO staff as well as other users at IU.
Bachelor's degree and five years of advanced systems analysis/programming and/or system administration experience, including two years of experience in development, administration, and maintenance of security systems and software.
Combinations of education and related experience may be considered.
Knowledge of the IP protocol suite, specifically relating to TCP and UDP protocol behavior and interdependencies with the applications suite (DNS, SMTP, HTTP, SSL/SSH). Knowledge of packet capture tools (tcpdump/Wireshark), NetFlow, firewalls, and router ACLs. Knowledge of operating systems and the utilities used in system administration, system and kernel customization, security analysis tools, system logging, and security incident diagnosis. Ability to program in C, Perl, Python, or other widely-used, general purpose language. Experience with one or more relational database packages. Ability to apply security tools in small- and large-scale vulnerability assessments (vulnerability scanners, password cracking tools, others). Ability to clearly and effectively document the areas of primary responsibility. Excellent communication skills, presentation skills, and interpersonal skills. Extensive experience in Internet information and application delivery.
Degree in computer science, informatics, or a related discipline. Two years of computer security/abuse incident response and investigation experience. Experience using SIEM tools such as Splunk or Kibana. Familiarity with Zeek log data. Knowledge of intrusion detection and prevention systems. Experience in a university-based technology environment.
Bloomington, Indiana or Indianapolis, Indiana
Note: Remote work may be considered.
Salary Plan: PAE
Salary Grade: 4IT
Job Function: Information Technology
Due to the COVID-19 pandemic, there may be differences in the working conditions as advertised in our standard job postings (e.g., the ability to travel from one campus to another, etc.). If you are invited for an interview, please discuss your questions or concerns regarding the working conditions at that time.
This posting is scheduled to close at 11:59 pm EST on the advertised Close Date. This posting may be closed at any time at the discretion of the University, but will remain open for a minimum of 5 business days. To guarantee full consideration, please submit your application within 5 business days of the Posted Date.
If you wish to include a cover letter, you may include it with your resume when uploading attachments.
Equal Employment Opportunity
Indiana University is an equal employment and affirmative action employer and a provider of ADA services. All qualified applicants will receive consideration for employment without regard to age, ethnicity, color, race, religion, sex, sexual orientation, gender identity or expression, genetic information, marital status, national origin, disability status or protected veteran status. Indiana University does not discriminate on the basis of sex in its educational programs and activities, including employment and admission, as required by Title IX. Questions or complaints regarding Title IX may be referred to the U.S. Department of Education Office for Civil Rights or the university Title IX Coordinator. See Indiana University's Notice of Non-Discrimination here which includes contact information .
Campus Safety and Security
The Annual Security and Fire Safety Report, containing policy statements, crime and fire statistics for all Indiana University campuses, is available online . You may also request a physical copy by emailing IU Public Safety at firstname.lastname@example.org or by visiting IUPD.
Founded in 1820, Indiana University is the state’s public university system, comprised of two core campuses—IU-Bloomington and IUPUI—and six regional campuses located throughout the state. Combined, the total student population is more than 114,000 undergraduate, graduate and professional school students. IU is one of the largest employers in the state, with over 20,000 faculty and staff. Indiana University is an equal employment and affirmative action employer and a provider of ADA services. Diversity and inclusion remains a core commitment to IU’s mission to cultivate an educational environment that supports equal access, participation and representation on all of its campuses and that provides educational and career opportunities for all.