Senior Security Analyst -Ad hoc queries, SPLUNK

About The Position

Requirements

• At least one (1) year of professional experience with B.S degree in computer science or at least three (3) years of experience to include:
• Knowledge and use of DLP Tools.
• Knowledge and use of UEBA Tools.
• Knowledge and use of SIEM and/or logging tools and the ability to perform complex ad-hoc queries.
• Must be proactive, and have the ability to work independently/efficiently, as well as the ability to work collaboratively with cross-functional teams
• Must be able to learn quickly and apply new tools and techniques
• Attention to detail
• Strong written and verbal technical communication skills.

Nice To Haves

• Insider threat experience a plus
• Knowledge of Splunk Programing Language (SPL) that support queries a plus
• Knowledge of PowerBI a plus

Responsibilities

• Reviewing alerts triggered from insider risk, data loss and UEBA consoles and determining if the risk is real or normal work.
• Perform ad-hoc searches using Security Incident and Event Management (SIEM) (Splunk) Dashboards, and User and Entity Behavior Analytics (UEBA), User Activity Monitoring (UAM) and Data Loss Prevention (DLP) tools looking for additional insider risk issues.
• Create reports of insider risk and/or data loss incidents and present findings to management.
• Provide feedback and suggestions on improving the analysis and rules used for user behavior analysis.
• Identifies gaps in information insights that may help with detecting and assessing insider concerns
• Helps identify and obtain log information and other contextual data for use in insider threat detection and assessments
• Received alerts from key stakeholders throughout the organization on anomalous activity (information systems, physical and behavioral)
• Support insider risk prevention, including supporting the security education, awareness, and training efforts.
• Perform other duties and responsibilities as assigned.