Sr Insider Threat Analyst

About The Position

Requirements

• Bachelor's Degree in Computer Science, Cybersecurity, or related 4-year technical degree with 5 + years of experience in IT or cybersecurity, or equivalent combination of education and work experience.
• Skill in collecting data from a variety of cyber defense resources and ability to interpret information collected to recognize threats.
• Knowledge of DLP, UEBA, and logging applications; and skill tuning policies within these tools.
• Knowledge of incident response and handling methodologies.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of host/network access control mechanisms.
• Knowledge of operating systems.
• Knowledge of scripting languages.
• Knowledge of cyber-attack stages and techniques used by malicious insiders.
• Knowledge of security controls frameworks and ability to assess organizational security posture against these frameworks.
• Skill in conducting trend analysis

Nice To Haves

• 5+ years of direct insider threat analysis experience.
• CISSP, SANS GIAC, or other relevant certifications.
• Demonstrated skill in modifying and developing UEBA rules through advanced editors and scripting languages.
• Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.
• Knowledge of NIST SP 800-53 Cybersecurity Framework.
• CERT Insider Threat Program Manager Professional Certificate and/or knowledge of Carnegie Mellon's Insider Threat Best Practices.
• Knowledge of Microsoft Purview Insider Risk Management, Communication Compliance and Data Loss Prevention
• Strong verbal and written communication skills. Ability to effectively convey complex technical information to both technical and non-technical audiences including investigators, senior management, team members and others

Responsibilities

• Identify and Respond to Insider Threat Security Events
• Respond, analyze, and triage alerts from DLP, UEBA and other monitoring tools.
• Characterize and analyze information from enterprise cyber security tools identify anomalous activity and potential threats.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Analyze security incidents for trends and patterns to uncover anomalies, identify gaps, and propose risk mitigation solutions.
• Manage incident response and investigative leads, including notification and escalation. Coordinate with physical security, legal, and HR teams as required.
• Develop Insider Threat Use Cases and Tune DLP and UEBA rules and policies
• Develop distinct insider threat use cases; identify tools, policies, and rules to monitor for the use case; tune policies and rules to meet use case requirements
• Based on analysis of alerts, modify rules and policies to increase accuracy and reduce false positives
• Identify and integrate new data sources to identify insider threat activity
• Perform security reviews, cyber defense trend analysis and open-source research.
• Identify vulnerabilities in security architecture or controls; and recommended changes to resolve or mitigate risk of these vulnerabilities
• Analyze insider events to identify patterns and develop mitigation strategies.
• Conduct open-source research about industry trends and developments in protecting company assets and countering Insider Threats.
• Prepare timely written reports which summarize significant industry insider events to draw lessons which can be incorporated into the Insider Threat Program
• Assist in the development of policy, processes, procedures an associated metrics
• Produce and deliver insider threat awareness briefings, debriefings, and training activities.

Benefits

• competitive compensation
• bonus program
• 401(k) with company match
• employee stock purchase program
• comprehensive medical, dental and vision benefits
• robust wellbeing programs
• disability and life insurance benefits
• paid time off for vacation, holidays, and sick days