Insider Threat Senior Analyst

About The Position

Requirements

• Bachelor’s in Computer Science, Cybersecurity, or related field—or equivalent experience
• 5+ years in Insider Threat and/or Threat Hunting roles
• Strong analytical, research, and writing skills
• Proficiency with Insider Threat and Threat Hunting tools, along with experience with log analysis
• Deep understanding of the MITRE ATT&CK framework and adversary TTPs
• Strong ability to communicate concisely, effectively and directly with executive management
• Ability to work independently and escalate risks appropriately

Nice To Haves

• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Cybersecurity Analyst (CySA+)
• CompTIA Security+

Responsibilities

• Perform hands-on experience in Insider Threat, including conducting sensitive investigations, use case development, detection development and Insider Threat platforms such as User and Entity Behavior Analytics (UEBA), User Activity Monitoring (UAM), Security Information and Event Management (SIEM) or similar technologies.
• Conduct comprehensive monitoring and analysis of insider threat indicators.
• Preserve evidence, prepare detailed reports, and present findings to key stakeholders, including HR and Legal.
• Design and execute proactive, hypothesis-driven threat hunts across endpoints, networks, and cloud environments, leveraging threat intelligence and behavioral indicators to uncover hidden threats.
• Apply deep knowledge of attacker tactics, techniques, and procedures (TTPs) to build proactive detections and alerts for potential adversary activities, leveraging threat intelligence and analytical insights.
• Use security platforms such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM), along with the ability to analyze logs from diverse sources including Windows, Linux, cloud environments, and network devices.
• Drive the evolution of the Insider Threat and Threat Hunt programs by advising on best practices, maintaining thorough documentation, enhancing metrics, and implementing improvements to increase organizational resilience.
• Maintain good knowledge of the cyber threat landscape (financial sector experience is beneficial) and communicate those threats to senior leadership, technical and non-technical audiences.
• Apply frameworks (Ex. MITRE ATT&CK) to enhance detection and response.
• Leverage automation to enhance intelligence gathering and processing, utilizing scripting languages and standardized frameworks such as Python, APIs, and STIX/TAXII.
• Produce written reports, threat assessments, and briefings for technical and non-technical stakeholders.
• Collaborate closely within and outside of the CTM team.
• Participate, as needed, in technical incident response activities.
• Actively engage in tabletop exercises and red/blue/purple team activities.
• Interface with stakeholders within Cyber Defense, the broader security organization, and those outside of security such as technology, fraud, HR and other lines of business partners.
• Provide mentorship and technical guidance to junior analysts and cross-functional partners.
• Lead by example in fostering a culture of curiosity, rigor, and continuous learning within these functions.