Insider Threat Analyst
The Associate, Information Security [Insider Threat Analyst] is the last line of defense in detecting and responding to potential insider threats and data exfiltration activity. The Insider Threat Analyst is a technical person focusing on cyber investigations, but also has an acute business acumen which allows them to gracefully coordinate investigations which span across multiple departments such as the line of business, privacy, legal, fraud, and HR. This role is considered a 24/7 on call position. This role also works in scheduled shifts between the hours of 8:00 AM EST and 6:00 PM EST Monday through Friday.
- Monitor for and detect potential insider threats from behavior analytic use cases, various log sources, and defined risk thresholds
- Monitor and detect unauthorized data exfiltration, and access, from various DLP and security technologies
- Perform insider threat investigations by using various security technologies to recreate a representation of a user or entities digital activity
- Coordinate insider threat investigations from detection to resolution, leveraging various internal and external support teams such as HR, Fraud, Legal, and Privacy
- Interpret corporate policies to identify activity which does not follow policy, or does not meet required controls
- Identify gaps in data controls, software configurations, or network perimeters, and recommend resolutions
- Identify opportunities to correlate data across multiple sources in order to identify activity which has a strong probability of indicating an insider threat
- Review and take a proactive approach to false positive and work with the various Security teams to tune and provide feedback to improve accuracy of the alerts.
- Takes an active part in the resolution of events, even after they are escalated
- Must participate in an on-call roster
- Must participate in a scheduled shift rotation, and be able to be in the office between the hours of 8:00 AM EST and 6:00 PM EST
- Collaborate with technical teams for security incident remediation and communication
- Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements
- Conducts security research on threats and remediation methods
- Contributes to strategic planning to evaluate, deploy or update security technologies
- Creates process improvement by identifying inefficiencies and solutions for process improvements
- Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review
- Promotes cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Bachelor's Degree; Computer Science or equivalent field., or equivalent work experience
- 5-9 years in field or similar industry
- Experience in information security, governance, IT audit, or risk management
- Ability to communicate concisely, effectively and directly to executive management
- Ability to work cooperatively in a team environment
- Advanced knowledge of Microsoft Office (Outlook, Word; Excel) and PowerPoint
- Exceptional organizational skills and attention to detailbility to work cooperatively in a team environment
- Experience planning, researching and developing security strategies, standards, and procedures
- Knowledge of risk assessment tools, technologies, and methods
- Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to malware, eDiscovery, current threats/attacks and/or vulnerability management
- Strong understanding of security, incident response and/or networking/PC concepts
- Minimal physical effort such as sitting, standing, and walking.
- Ability to demonstrate understanding of Security investigations process and procedures
- Ability to demonstrate technical experience working with enterprise security technologies like SIEM, DLP, antivirus/malware, IDS.
- General network knowledge, TCP/IP, Internet Routing, UNIX / LINUX & Windows NT
- Understanding of common network services (web, mail, DNS, authentication)
- General Desktop OS and Server OS knowledge
- Demonstrate ability to work with an Incident Management Tool.
- Demonstrate excellent communication and organizational skills.
Preferred Training, Qualifications, and Certifications
- CEH: Certified Ethical Hacker
- SEC401: Security Essentials
- SEC511: Continuous Monitoring and Security Operation
- GCIA: GIAC Certified Intrusion Analyst
- GCIH: GIAC Certified Incident Handler