Requires specialized depth and/or breadth of expertise in insider-threat and/or UEBA tools. Interprets internal or external business issues and recommends best practices. Solves complex problems; takes a broad perspective to identify innovative solutions. Works independently, with guidance in only the most complex situations. May lead functional teams or projects.
Job Description/Key Responsibilities
- Identify and create use cases to further mature existing user entity behavior analytics (UEBA) solution. Primary focus is to identify IOCs leading up to data exfiltration scenarios and map existing or new log sources to specific IOC’s
- Monitor, detect, analyze, respond to Insider Threat alerts, and perform investigations as appropriate in accordance with incident response processes
- Identify, analyze, and make recommendations to address security gaps
- Enforce data loss prevention policies with preventive controls and tools
- Identify recurring incidents within the organization and determine the need to address security control gaps
- Analyze and make recommendations for enhancing AI security governance & controls
- Define, develop, and review performance indicators; analyze trends identified through reporting, and propose changes to Cybersecurity policies and procedures
- Participate in various Insider Threat assessments, drills, campaigns, and other processes
- Working knowledge in technical domains such as: DLP, networking, firewalls, change management, systems administration, cloud computing, and information security best practices
- Management and administration of Insider Threat tools
- Strong documentation skills with the ability to produce/maintain supporting procedures and processes
- Ability to work dependently and collaboratively in a global environment
- Excellent written and verbal communication skills to communicate security and business risk to a broad range of technical and non-technical audiences
Qualification
- 5 years of demonstrated experience in areas such as insider risk
- 8 years of demonstrated experience in security content development, log source analysis, threat modeling or related fields
- Degree and/or certifications in related field with a strong technical background
- Scripting skills (e.g., Perl, Python, Bash, PowerShell )
- Prior experience in operationalizing use cases for SOC/SIEM preferred
- Deploy, configure and lead operations multiple insider-threat technologies and appliances.
- Act as primary escalation support and consultancy for information security issues.
- Work across teams to develop and define project/program information security metrics & dashboards.
- Develop and maintain information security standards, procedures & guidelines and review/approve exceptions.
- Refine, configure and implement application roles, review and monitor access controls and process routine & emergency system access requests.
- Monitor events, collate and analyze data to assess the environment for information security risk, policy violations, & unusual activity and perform root cause analysis.
- Architect and implement new or updates to security solutions. Provide technical advice to clients and teams on design, installation and maintenance of information security.
- Evaluate on-premise & Cloud services to ensure information and personal information security. Work with the end users and project teams to design, implement and support information security best practices.
- Lead internal and external assessments and audits. Remediate identified issues and implement compensating controls. Assist with information security administration processes and practices violation investigations.
- Monitors and directs contingent workers in the delivery of project and support services. Evaluates contingent worker KPI's and provides timely updates to management. Responsible for approving contingent worker timesheets. Adheres to compliance processes and procedures
Functional Knowledge
- Demonstrates depth and/or breadth of expertise in own specialized discipline or field
- Interprets internal/external business challenges and recommends best practices to improve products, processes or services
Has a good understanding of industry standard frameworks (NIST, CIS etc.)
Leadership
- May lead functional teams or projects with moderate resource requirements, risk, and/or complexity
Problem Solving
- Leads others to solve complex problems; uses sophisticated analytical thought to exercise judgment and identify innovative solutions
Impact
- Impacts the achievement of customer, operational, project or service objectives; work is guided by functional policies
Interpersonal Skills
- Communicates difficult concepts and negotiates with others to adopt a different point of view
When required, act as a good mentor and train junior engineers appropriately
Bachelor's Degree
7 - 10 Years
Full time
Assignee / Regular
$152,000.00 - $209,000.00