Insider Risk Specialist, Insider Threat Program

About The Position

Requirements

• 4+ years' experience in cybersecurity, incident response, intelligence, insider threat, or counterintelligence.
• Familiarity with procedures and signs of malicious insider activity (fraud, theft, sabotage, espionage).
• Ability to develop new processes or capabilities as scaling needs grow.
• Proven success implementing strategies at scale.
• Excellent verbal and written communication skills for executive audiences.
• Strong relationship-building skills with internal, external, and industry peers.
• Use advanced OSINT techniques to find information from public sources, social media, online activity, commercial data, and specialized tools.
• Create organized, timely reports—such as investigative findings, analytical reviews, incident summaries, and threat analyses—that are suitable for both technical and general readers.
• Skilled in using Threat Hunting tools, with hands-on experience analyzing machine and user activity logs.
• Familiar with querying data sets or working with SIEM platforms.
• Capable of interpreting activity logs generated by machines and users.

Nice To Haves

• Demonstrated experience in establishing and advancing a formal Insider Threat Program (InTP), encompassing the development of playbooks, detection frameworks, and cross-functional governance models within a corporate or government context.
• Ability to leverage automation toolsets to enhance intelligence gathering and manual tasks, utilizing scripting languages such as Python.
• Proven track record in identifying and investigating insider threats in a cloud-based software or platform organization, with comprehensive knowledge of data access patterns, privileged user risks, and intellectual property theft vectors unique to SaaS and PaaS environments.

Responsibilities

• Apply insider risk mitigation strategies.
• Lead complex, sensitive insider threat investigations from signal to evidence, timeline, interviews, documentation, and team handoff.
• Design and execute proactive threat hunts and convert findings into actionable investigations and detections.
• Maintain and improve the insider threat program by identifying gaps, metrics, and investment opportunities.
• Assist with risk assessments for crown jewel analysis, sensitive roles, and high-risk activity.
• Foster cross-functional alignment by building relationships throughout GEICO.

Benefits

• 401K savings plan vested from day one that offers a 6% match
• performance and recognition-based incentives
• tuition assistance
• mental healthcare
• fertility and adoption assistance
• workplace flexibility
• GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year