Insider Threat Detection Engineer

KLA•Ann Arbor, MI

About The Position

The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property. We are seeking a qualified Detection Engineer to join our Digital Information Risk team. In this role, you will add, modify and enhance security tool detections. Come join our team in this critical role to protect KLA! What You Will Be Doing: This position encompasses a range of technical skills and the ability to work across many different facets of cyber security. You will facilitate interoperability with our legal partners as well as the Security Operations team and IT Daily tasks involve, but are not limited to, creating new policies resulting in hardening overall security posture; modification and tuning of current policies; solving advanced problems by leveraging components of data science, data analytics and information protection fundamentals.

Requirements

Completion of a Bachelor’s degree from an accredited course of study, in Computer Science, Computer Informatics, Cybersecurity, IT Security, Information Technology or similar.
Minimum five (5) years of relevant experience in Cybersecurity
Experience with insider risk or similar role monitoring for digital risks such as abuse, fraud, intellectual property theft.
Demonstrated experience with UEBA/UBA, DLP, EDR, and SIEM tools.
Effective communication, interpersonal skills, and ability to work with partners across the business.
Self-sufficient, motivated individual with the ability to calmly operate in high stress environment to meet goals in a timely manner.
Proficiency in Microsoft Office suite to analyze data, collaborate with peers, and communicate findings.

Nice To Haves

Cybersecurity certifications such as Certification in Certified Information Systems Security Professional (CISSP).
Experience with data analytics tools to identify trends and correlate data sources.
Experience with SQL or Python.
Experience in developing detection rules and alerts.
Ability to read, speak, and write in a foreign language where KLA conducts business.

Responsibilities

Handle daily use case management and tuning across insider risk platforms (e.g. SIEM, UEBA, DLP, etc.).
Design, deploy, test, and optimize new insider risk policies to reduce and mitigate risks.
Collaborate across Cybersecurity, Legal, and HR teams to translate regulatory requirements (GDPR, CCPA, etc.) into technical policies.
Engineer automated workflows for incident triage and notification to focus on team efficiencies, ensuring seamless handoffs between automation and insider risk analyst reviews.
Correlate events to support insider risk triage and response requirements.
Support response, troubleshooting, and investigating security issues that may require additional event details.
Keep current with news and threat intelligence related to insider threats and proposed mitigations across the industry to minimize impact.
Research, validate and deploy solutions meeting security and business needs.
Collaborate with vendors to submit new feature requests and provide a strong voice of the customer.
Conduct root cause analyses to drive corrective actions and mitigation after case closure to include identifying opportunities for a change in security controls.