Engineer IV - Sr. Insider Risk Investigator

About The Position

Requirements

• Minimum of 5 years in Information Systems Security or Information Technology with a focus on security controls and processes.
• Possession of a recognized, advanced security certification.
• Proven experience enhancing an enterprise level Data Loss Prevention program (e.g., Microsoft Purview, Symantec, Trellix, Proofpoint).
• Demonstrated expertise in conducting digital forensic analysis and evidence collection across various operating systems and cloud platforms.
• Proven ability to define and utilize UEBA models to detect complex, non-signature based risks.
• Experience triaging, investigating and assisting remediation of security alerts.
• Familiarity with various cybersecurity tools and how to leverage them effectively (e.g. SIEM, SOAR, UEBA, DLP).
• Familiarity with enterprise data types and sensitivity levels: PII, PHI, PCI, IP, financial data, insider risk indicators.
• Strong technical understanding of security controls and data protection mechanisms within major cloud environments.
• Experience with operating and tracking investigations meticulously in a case management solution.
• Strong communication skills and the ability to effectively communicate with technical and non-technical businesses, vendors, associates, and leaders.
• Experience writing investigative reports, communicating incident severity, and tracking issue resolution.
• Working knowledge of Windows OS, Office 365, and security tooling integrations

Responsibilities

• Monitor, triage, investigate, and escalate UEBA and DLP alerts from multiple systems (e.g., Gurucul, XSOAR, Microsoft Purview, Proofpoint, Zscaler).
• Quickly and accurately determine the level of urgency and escalate or investigate as necessary.
• Lead high-priority incident response activities related to insider risk and critical data exfiltration events.
• Assist in performing activities necessary for immediate containment and long-term resolution of events and incidents.
• Perform initial analysis of data from a variety of sources (to include but not limited to host, network, cloud, messaging, application), correlating it to meaningful DLP and Insider Risk events.
• Support confidential and complex digital investigations.
• Generate informed reporting around security events and metrics.
• Document investigations in adherence to all audit and legal requirements.
• Support the development of documentation in support of response processes and/or procedures.
• Analyze incidents for patterns of data misuse or exfiltration across email, endpoints, cloud, and web.
• Assist in rule development, tuning, and testing of DLP policies to reduce false positives and improve detection efficacy.
• Provide mentorship and guidance to junior analysts, fostering a culture of continuous learning and professional development.
• Develop threat models and use cases to proactively identify emerging insider risks.

Benefits

• Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage.
• Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates.
• Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account.
• Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism.
• Associates may be eligible for bonuses and profit sharing.
• All associates are eligible for the firm's Employee Assistance Program.