Insider Risk Engineer - Cyber

About The Position

Requirements

• 6+ years of related experience in IT--Security, IT--App Support, IT--Development or similar field.
• Bachelor's degree in related field required.
• Advanced knowledge of general Financial Services or Banking is preferred.
• Advanced to expert experience with and knowledge of Linux, Python, PowerShell, SIEM and Bash.
• Solid understanding of authentication protocols SAML, SSO, and LDAP.
• Solid understanding of concepts regarding SIEM, SOAR, Firewall, Proxies, SSL/TLS, Secure Mail Gateways, Application Firewalls, NAC, Vulnerability Scanners, and EDR.
• Advanced experience with logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
• Solid understanding of load balancers, DNS, SMTP, etc. for troubleshooting application functionality.
• Advanced experience of NIST, MITRE and Administration of either or all of an IT Automation platform, SOAR, Firewall, IAM platform, SIEM, cloud cyber defense platform etc.
• Hands-on experience deploying and operating a User & Entity Behavioral Analytics (UEBA) platform in a mid-large sized corporation, preferably in Financial Services.
• Expertise building Application Program Interfaces (APIs) from source systems of record to bring technical and non-technical indicators into the UEBA.
• Intermediate - Advanced ability to query and extract data from security monitoring systems (e.g., SIEM, EDR, NDR, etc.) for performing Insider Risk analysis.
• Experience correlating UEBA signals with identity, access, and data movement logs to detect anomalous behavior.
• Familiarity with government and industry best practice frameworks for managing Insider Risk (e.g., Carnegie Mellon, SIFMA, MITRE, NIST, etc.).
• Ability to translate behavioral indicators into risk scoring models and escalation thresholds.
• Experience working cross-functionally with Legal, HR, and Compliance teams to investigate and respond to Insider Risk cases.
• Advanced speaking and writing communication skills.

Nice To Haves

• Previous leadership experience preferred.
• Advanced knowledge of general Financial Services or Banking is preferred.

Responsibilities

• Manage and provide ownership of innovative threat detection, security audit, and logging solutions.
• Communicate, collaborate and justify cyber recommendations to a broad base of stakeholders throughout the IT, Cyber and Audit department.
• Manage the full stack (front end and back end) of applications utilized to help Western Alliance Bank prevent, detect and respond to insider risk events of interest.
• Own the review and development of new processes and technologies to enhance the program’s ongoing maturity.
• Lead the continuous review and improvement of the defense, auditing, access standards, tactics, and techniques to meet regulatory guidelines as well as owning the resiliency of insider risk applications and platforms via routine disaster recovery exercises.
• Partner with vendors routinely to optimize insider risk products, as well as ensure costs/licenses do not exceed expectations, while maintaining capacity planning to ensure quality and value delivery of insider risk program objectives.
• Proactively identify and fix issues to improve backend service scalability, resiliency, and fault tolerance.
• Respond to insider risk events of interest in a timely manner alongside team members and key stakeholders.
• Respond to audit inquiries and ensure processes and procedures are within regulatory guidelines.
• Foster the highest level of engineering practices and follow relevant company procedures, in addition to being held accountable for relevant documentation.
• Design and implement advanced detection logic to surface subtle behavioral anomalies indicative of insider risk across diverse data sources.
• Continuously refine and tune Insider Risk policies to reduce false positives and improve signal-to-noise ratio in alerting workflows.
• Engineer scalable data pipelines to ingest, normalize, and correlate identity, access, and activity data for risk modeling.
• Collaborate with security monitoring, threat intelligence and modeling teams to incorporate contextual enrichment and behavioral baselines into Insider Risk analytics.
• Prototype and evaluate emerging technologies (e.g., ML models, graph analytics) to enhance Insider Risk detection capabilities.
• Revisit Insider Risk tooling architecture design routinely with vendor and peers to either or all: minimize cost, optimize performance, scale, and meet new requirements.

Benefits

• We offer all the important things you'd want — like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program.