Cybersecurity Analyst (Digital Forensics/Incident Response) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Columbia University Information Technology · 1 day ago

Cybersecurity Analyst (Digital Forensics/Incident Response)

positionNYC Metro Area
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$90K/yr - $100K/yr
date3+ years exp

Columbia University Information Technology is seeking a Cybersecurity Analyst to support its Digital Forensics and Incident Response program. The role involves threat detection, incident handling, forensic investigation, and risk remediation while collaborating with IT teams to enhance security measures across the university's systems and cloud environments.

Higher EducationInformation ServicesInformation Technology
check
H1B Sponsor Likelynote

Responsibilities

Initiates and supports DFIR investigations, including identification, containment, eradication, and recovery from cyberattacks
Conducts endpoint and network forensic analysis to determine root cause and impact
Performs malware analysis, memory forensics, and reverse engineering as needed
Coordinates incident response efforts across IT teams, including phishing, DDoS, malware, and data breach events
Develop post-incident reports and lessons-learned documentation to improve future response efforts
Creates and optimizes SIEM alerts, dashboards, and metrics to proactively identify suspicious activity
Monitors intrusion detection systems, log sources, and other telemetry for security events
Investigates anomalies using NetFlow, packet capture, DNS logs, and endpoint data
Continuously refines detection logic to address evolving attacker tactics
Develops and maintains incident response playbooks, workflows, and operational documentation
Collaborate with campus IT departments to integrate standardized IR processes
Enhance operational readiness through tabletop exercises and simulation drills
Supports vulnerability management and assist in remediation prioritization
Extend incident response and monitoring capabilities into cloud environments (AWS, Azure, GCP)
Oversees cloud configuration and vulnerability assessments to maintain security compliance
Participates in a 24/7 on-call rotation, responding to high-severity incidents as required
Administers endpoint security tools, including application allowlisting and data loss prevention solutions
Stays informed on emerging threats, vulnerabilities, and security best practices
Willingness to attend cybersecurity-related training and seek security certifications when offered
All other duties as assigned

Qualification

Digital ForensicsIncident ResponseSIEMCloud SecurityEndpoint Forensic ToolsVulnerability ManagementMalware AnalysisPythonSecurity CertificationsAnalytical ThinkingCommunication SkillsTeamworkAttention to Detail

Required

Bachelor's degree or equivalent experience required
Minimum 3-5 years' related experience
2+ years of experience with endpoint forensic tools and investigation techniques
2+ years of experience building alerts and dashboards in a SIEM platform
Hands-on experience with incident response, vulnerability management, and security monitoring at scale
Proficiency in analyzing NetFlow, packet data, DNS, and system logs for investigative purposes
Strong knowledge of exploits and attack vectors (e.g., OWASP Top 10, privilege escalation)
Familiarity with multiple operating systems: Windows, macOS, Linux/Unix, and mobile platforms (iOS/Android)
Excellent written and verbal communication skills
Demonstrated ability to work in a fast-paced, deadline driven environment
Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical, thinking, communication and influencing skills, and technical expertise
Ability to work with changing priorities and with multiple projects
Ability to be precise and attentive to detail is essential
Ability to work with minimal supervision
Ability to work weekends and off-hours as and when needed

Preferred

Advanced degree in Computer Science, Information Security, or a related field
Experience scripting and automating tasks using Python, PowerShell, or similar languages
Familiarity with SOAR platforms and automation workflows
Background in penetration testing or network security engineering
Experience with identity and access management tools and projects
Security certifications (e.g., Security+, CISSP, GIAC, CISM, CEH)
Cloud security certification (e.g., AWS Security Specialty, Azure Security Engineer, Cloud+)

Company

Columbia University Information Technology

twittertwitter
company-logo
Columbia University Information Technology offers communications services, web publishing, and course management, and telephone services.
dateFounded in 2006
location
New York, New York, USA
people-size201-500 employees
web-link
https://cuit.columbia.edu

H1B Sponsorship

Columbia University Information Technology has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (433)
2024 (353)
2023 (333)
2022 (370)
2021 (283)
2020 (221)

Funding

Current Stage
Growth Stage
Company data provided by crunchbase