Share
Roles and Responsibilities
In this role, you will:
• Lead the development and execution of the detection analytics capabilities within the Insider Threat program, including risk scoring models, thresholds, baselines, key indicators, and reporting.
• Maintenance of a comprehensive response escalation process and procedures including the investigative processes.
• Perform daily response operations that may involve occasional non-traditional working hours - act as escalation points where necessary.
• Review of daily alerts, triage violations, raise cases and lead co-ordination of incidents across business and partner teams.
• Improve state of our insider program and platforms by configuring and updating policies, building the knowledge base, metrics management and maturity overall.
• Drive projects and work streams within the Insider Threat program including appropriate risk mitigation activities in the Data Protection space.
• Lead log ingestion and threat modelling activities in partnership with application owners and analytics platform teams, co-relate data and build policies to identify insider threats.
• Create dashboards, alerts and reporting in the analytics platform to identify trends, risk indicators and highlight areas to address risk.
• Participate in threat hunting activities, support triage work and case management with appropriate teams.
• Support relevant SOC tooling, platforms, infrastructure, code and automation processes.
Education Qualifications
Bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with advanced experience.
Technical Expertise: (Hands-on)
• Experience in anomaly detection, data analytics, behaviour analytics.
• Experience detecting and responding to cyber incidents in a complex Information Technology environment.
• Detailed understanding of Insider Threats, DLP (Data Loss Prevention), Data-level Security, and associated tactics.
• Experience in a technical SOC (Security Operations Centre) environment.
• Strong MS Sentinel experience (or other SIEM tools) in advanced reporting and alerting, queries, and data modelling.
• Experience with UEBA tools (Ex. Securonix, MS Purview etc.) highly beneficial.
• Training in Information Security specific disciplines (CISSP, Security+, SSCP, SANS, CERT, CMU-SEI, CEH certifications etc.).
• IT infrastructure background including familiarity with: Applications, Operating systems, Cloud (Azure), Networks, Databases, Cryptography, Identity & Access Management, Proxies etc.
• Experience with host-based detection and prevention suites, host-centric tools for forensic collection and analysis and Network Security Monitoring tools.
• Scripting and coding skills (Ex. PowerShell, Bash, Python, Regex etc.).
• Experience in working with Agile methodologies.
• Strong interpersonal, analytical, organizational, written and verbal communication skills.
• Demonstrated ability to communicate and lead in a team-based setting.
• Experience in large global environments spanning multiple time zones.
• Providing mentorship to junior team members.
• Ability to influence across organizations.
Personal Attributes:
• Needs to be a self-starter.
• Independent learner, curious.
• Successfully track multiple streams of work to completion.
These jobs might be a good fit