Senior Insider Threat Security Analyst

About The Position

Requirements

• Four-year college degree in the technical field of study or equivalent work experience.
• Technical knowledge and aptitude in the areas of networks, network topologies, remote network access, servers, applicable software and troubleshooting techniques required.
• Experience working in a SOC or similar environment.
• Experience with reviewing IDS/IPS, EDR, Firewall and other security/audit logs.
• Experience monitoring and analyzing Security Information and Event Management (SIEM) to identify security issues for remediation, and rules fine tuning.
• Consolidate and conduct comprehensive analysis of Insider threat data obtained from security tools and make recommendations for optimizing various tools.

Nice To Haves

• Participates in the planning, design, and implementation of enterprise security architecture.
• Experience with Insider threat management tools and experience working on an Insider threat management team.
• One or more of the following security certifications: Security+, CEH, CYSA+, GCIA, GSEC, GCIA, GMON and GCDA.

Responsibilities

• Lead incident response in response to Insider security events and incidents.
• Correlation and trend analysis of security logs, network traffic, security alerts, events, and incidents.
• Perform in-depth root cause analysis and diligently gather information prior to escalation for future root cause analysis.
• Analyzing, triaging, aggregating, escalating, and reporting on Insider security events including investigation of anomalous network activity.
• Continuous & persistent monitoring of security technologies/tool data and network traffic which result in security alerts generated, parsed, triggered, or observed on in-scope networks, systems, or security technologies.
• Rapidly assess network traffic, detect data anomalies, and provide detailed reporting on the same.
• Insider threat event and incident handling consistent with applicable plans and processes.
• Integration of activities with standard reports, such as Insider security metrics reports.
• Lead team/project meetings and technical meetings appropriate for the content.
• Ensure tasks and projects are completed on schedule.