Principal Insider Threat Analyst

About The Position

Requirements

• Bachelor's degree or four or more years of work experience.
• Six or more years of relevant experience required, demonstrated through one or a combination of work and/or military experience, or specialized training.
• Experience with implementation of cybersecurity, network defense, and investigative frameworks (such as NIST CSF, ISO 27000 series, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, etc.) into network defense processes.

Nice To Haves

• Knowledge of SOC or similar environment methodology, including threat monitoring, intrusion detection, analysis, threat determination, incident handling and remediation tracking.
• Experience defending against insider threats by leveraging tools like UEBA and DLP.
• Experience interpreting data from network security tools and infrastructure technologies such as SIEM, firewall, proxies, IPS/IDS devices, full packet capture (FPC), and email platforms.
• Knowledge of the cyber threat landscape, including types of adversaries, campaigns, and the motivations that drive them.
• Experience working with analysis techniques, identifying indicators of compromise, threat hunting, and identification of intrusions and potential incidents.
• Experience integrating subject profiling and criminal examination best practices into investigative procedures to supplement technical evidence.
• Understanding of system development life cycle (waterfall & agile) experience.
• Certifications like: CERT's ITPM, Network+, Security+, CISSP, CISM, CFE, CISA, CPCI, CCP, and/or Six Sigma Greenbelt or Lean certification.

Responsibilities

• Supporting the day-to-day operations for insider threat investigations, ensuring the case management and alert development life cycles are followed or adjusted when necessary.
• Conducting continuous enterprise-wide insider threat monitoring with ability to review end user activity and identify threats from SEIM dashboards and tool consoles; this includes identifying and responding to automated alerts as well as conducting in-depth analysis and examination on all available information to find potential insider threats.
• Responsible for accurate and complete investigations and ensuring tasks like case follow up, lessons learned, and case studies are conducted and socialized with appropriate stakeholders.
• Reviewing and providing feedback to analysts about case work and escalations.
• Developing, following and maintaining documentation, which provide a visual depiction of various insider threat operations workflows to support an innovative program and bolster overall security practices.
• Producing metrics, status updates of operational tasks, as well as high level case overviews and executive summaries for technical and non-technical audiences.
• Assisting with the development and implementation of global insider threat use cases surrounding data exfiltration, internal fraud, privilege escalations, as well as IT sabotage for desktops, laptops, servers, mobile, virtual and multi-cloud environments.
• Researching industry trends and best practices in order to ensure alerting and case management processes are evolving with the cybersecurity field.
• Coordinating and leading meetings with relevant investigative stakeholders and business partners when necessary.
• Collaborating on efforts to support the growth and maturity of ITO's enhanced monitoring capabilities of critical data and high valued assets.
• Assisting with the developing team goals and providing support for prioritizing and executing tasks to successfully achieve organizational objectives.
• Promoting an environment of collaboration and individual accountability when it comes to problem-solving, decision-making, and process improvement.
• Supporting team growth and development and employee mentorship.

Benefits

• Medical, dental, vision, short and long term disability, basic life insurance, supplemental life insurance, AD&D insurance, identity theft protection, pet insurance and group home & auto insurance.
• Matched 401(k) savings plan.
• Stock incentive programs.
• Up to 8 company paid holidays per year and up to 6 personal days per year.
• Parental leave, adoption assistance and tuition assistance.
• Award-winning total rewards package.
• Opportunity to receive compensation in the form of premium pay such as overtime, shift differential, holiday pay, allowances, etc.
• Newly hired employees receive up to 15 days of vacation per year, which grows with additional service.