Insider Threat Detection Engineer

KLA•Ann Arbor, MI

About The Position

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property. We are seeking a qualified Detection Engineer to join our Digital Information Risk team. In this role, you will add, modify and enhance security tool detections. Come join our team in this critical role to protect KLA! What You Will Be Doing: This position encompasses a range of technical skills and the ability to work across many different facets of cyber security. You will facilitate interoperability with our legal partners as well as the Security Operations team and IT Daily tasks involve, but are not limited to, creating new policies resulting in hardening overall security posture; modification and tuning of current policies; solving advanced problems by leveraging components of data science, data analytics and information protection fundamentals.

Requirements

Completion of a Bachelor’s degree from an accredited course of study, in Computer Science, Computer Informatics, Cybersecurity, IT Security, Information Technology or similar.
Minimum five (5) years of relevant experience in Cybersecurity
Experience with insider risk or similar role monitoring for digital risks such as abuse, fraud, intellectual property theft.
Demonstrated experience with UEBA/UBA, DLP, EDR, and SIEM tools.
Effective communication, interpersonal skills, and ability to work with partners across the business.
Self-sufficient, motivated individual with the ability to calmly operate in high stress environment to meet goals in a timely manner.
Proficiency in Microsoft Office suite to analyze data, collaborate with peers, and communicate findings.

Nice To Haves

Cybersecurity certifications such as Certification in Certified Information Systems Security Professional (CISSP).
Experience with data analytics tools to identify trends and correlate data sources.
Experience with SQL or Python.
Experience in developing detection rules and alerts.
Ability to read, speak, and write in a foreign language where KLA conducts business.

Responsibilities

Handle daily use case management and tuning across insider risk platforms (e.g. SIEM, UEBA, DLP, etc.).
Design, deploy, test, and optimize new insider risk policies to reduce and mitigate risks.
Collaborate across Cybersecurity, Legal, and HR teams to translate regulatory requirements (GDPR, CCPA, etc.) into technical policies.
Engineer automated workflows for incident triage and notification to focus on team efficiencies, ensuring seamless handoffs between automation and insider risk analyst reviews.
Correlate events to support insider risk triage and response requirements.
Support response, troubleshooting, and investigating security issues that may require additional event details.
Keep current with news and threat intelligence related to insider threats and proposed mitigations across the industry to minimize impact.
Research, validate and deploy solutions meeting security and business needs.
Collaborate with vendors to submit new feature requests and provide a strong voice of the customer.
Conduct root cause analyses to drive corrective actions and mitigation after case closure to include identifying opportunities for a change in security controls.