25 Oct
IROps - Sr Insider Threat Analyst #3301
Massachusetts, Cambridge , 02142 Cambridge USA

Vacancy expired!

job summary:IROps - Sr Insider Threat AnalystThe IROps Insider Threat Analyst plays an important role in researching, developing, and analyzing technologies, processes, and assessments of known insider threats and vulnerabilities to generate tailored, actionable events for client's emerging insider threat program. Drives, implements, and manages insider threat response procedures and remediation efforts using a variety of tools and technologies in order to rapidly identify and respond to threats and anomalies. This Analyst leverages leading-edge technologies, multitude of feeds, and innovative approaches to position for measurable success; improving efficiency, increasing security posture, supporting aggressive growth and improving the Security Operations program overall. The position reports to the Senior IR Operations Manager. We are looking for a strong contributor with an exceptional understanding and subject matter expertise in Insider Threat modeling, TTPs, incident response, threat correlation, and exceptional analytical skills. This is a highly visible role. The right candidate must have excellent engagement and communication skills with stakeholders, leadership, solution delivery peers, and must have a strong customer-focused, team-oriented, approach that balances security needs and user experience to provide best-in-class security to the organization. location: CAMBRIDGE, Massachusettsjob type: Contractsalary: $70 - 84 per hourwork hours: 8am to 4pmeducation: Bachelors responsibilities:Job Responsibilities- Initiate, coordinate and conduct research efforts regarding information security threats.- Develop specific expertise in areas such as Insider Threat models, discern patterns of complex behavior, and provide an accurate understanding of present and future threats to company intellectual property.- Apply highly developed inductive reasoning skills to provide a proactive approach to potential threats.- Review and analyze content monitoring system incidents to identify, prioritize and report issues for review and correction. Identify, extract, analyze, and evaluate essential information from a variety of sources to support research and analysis.- Detect and investigate anomalous behavior that may indicate threats to Intellectual Property assets. Determine the significance, accuracy, and reliability of incoming information.- Provide forensic analysis support to other internal teams in relation to incidents and investigations. Initiate, establish, and maintain effective working relationships inside and outside the immediate team to facilitate information gathering or support joint investigative efforts.- Perform analytics work on root cause analysis to identify patterns and trends- Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.- Proactively analyze and classify insider threat groups based on TTPs and share learnings with the Security Team to develop an analytical capability to identify malicious behavior using existing internal data.- Participates as part of response teams during security incidents (phishing, ATP, DDOS, malware, etc) through resolution and to lessons learned stage.- Assists in developing tactical response procedures for insider threat incidents- Participates in product selection, vendor evaluations, and implementations of security technologies.- Recommends security and process enhancements to management- Assists in the design, implementation, and maintenance of security plans, policies, procedures, and standards.- Has excellent verbal and written communication skills and be comfortable presenting to different levels within and outside of the organizationBasic Qualifications- 2-5 Years of experience in Information Security- SANS GSEC- A minimum of 2 years experience acting in an insider threat and security incident response role with responsibility of analyzing insider threats, responding accordingly- Understanding of Insider Threat activity, modeling, and knowledge of attackers.- Experience with interpreting Reconnaissance, Delivery, and insider Threat modeling events in logs and traffic.- Previous experience using Splunk and Splunk Enterprise to analyze and correlate activity- Experience documenting incident cases and participating in lessons learned meetings.Preferred Qualifications- Training in Analytic Methodologies- A keen ability to identify trends and patterns in data- Demonstrate background using behavior analytics and/or event correlation systems.- Familiarity with SIEM tools- Familiarity with data protection techniques including encryption, backup and archiving- Prior experience working with a Security Operations Center (SOC)- Proven track record delivering cyber security, insider threat analysis reports, and IR services to the enterprise- An understanding of commonly used targeted Insider Threat and Data Exfiltration techniques, tactics, and procedures.- strong communication skills including the ability to influence others, including proven ability to build strong relationships with leadership, IT staff and peers- Ability to document requirements and enhance existing processes- Masters degree is a plus- GCTI, GCIH, GCIA, GREM, or CEH- CISA or CISM certification- CISSP Certification qualifications:

  • Experience level: Experienced
  • Education: Bachelors
skills:
  • SIEM Tools
  • threat and security
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

Vacancy expired!


Related jobs

Report job