Insider Threat Analyst III

About The Position

Requirements

• 5+ years of experience with an insider threat program or related field
• Demonstrated experience in an insider threat program, preferably in a financial institution
• Ability to exercise discretion and maintain high ethical standards in handling sensitive situations
• Proficiency in various security tools such as data loss prevention, user behavior analytics, file and database activity monitoring, and user activity monitoring
• Proficiency and professionalism in conducting interviews and eliciting information
• Experience with security information and event management systems (SIEM) and log analysis
• Ability to perform data synthesis and analysis on different data types (events and log data)
• Experience in writing and editing clear and concise case reports and documents
• Understanding of the intersection of IT systems and cybersecurity operations
• Advanced communication skills to report complex technical situations to different audiences, including executive leadership and nontechnical staff
• Advanced skill in working with all levels of management, stakeholders and vendors
• Advanced research, analytical, and problem-solving skills
• Effective skill in interpreting and translating customer requirements into operational actions

Responsibilities

• Respond to and analyze insider threat alerts using specialized monitoring tools
• Lead investigations of complex and high-risk insider threat cases
• Conduct interviews with employees as part of an investigation
• Analyze information from enterprise cyber security tools to detect anomalous activity and potential threats
• Perform searches and log analysis in a SIEM
• Validate network alerts by coordinating with enterprise-wide cyber defense staff
• Analyze security incidents for trends and patterns to identify gaps and propose risk mitigation solutions
• Collaborate with physical security, legal, and HR teams as needed
• Develop insider threat use cases and detection content within tools
• Modify rules and policies to improve alert accuracy and reduce false positives
• Integrate new data sources to enhance insider threat detection
• Identify and recommend solutions for control gaps or deficiencies that enable insider threats
• Conduct open-source research on industry trends and best practices for insider threat prevention and protection
• Prepare comprehensive and timely written reports summarizing cases and outcomes
• Produce and deliver case reports to a variety of audiences
• Assist in the development of policy, processes, procedures and metrics related to insider threat
• Produce and deliver insider threat awareness and training activities