Cybersecurity, Insider Threat Investigator

Calling all innovators - find your future at Fiserv.

We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv.

Job Title

Cybersecurity, Insider Threat Investigator

About your role:
As a Cyber Security Operations Insider Threat Investigator, you will play a critical role in protecting Fiserv and our clients from cyber threats. You will be responsible for investigating suspicious activities, anomalous events, and behaviors that may pose a security risk to the company. Your contributions will be vital in ensuring our systems are secure and our clients' data is protected, making a direct impact on Fiserv's overall security strategy.

What you'll do:

• Investigate potential insider threat, sabotage, data exfiltration, misuse, and misrepresentation cases
• Analyze and interpret SIEM, DLP, EUBA, proxy, system logs, email, DLP, CASB, endpoint, network, database, application logs and other potential case related artifacts
• Execute complex investigations, conduct interviews, write objective reports
• Advise on root cause analysis, preventative controls, and new detections and aid in maturing the Enterprise Insider Threat Program
• Perform threat hunts and new alert triage to determine efficacy of UEBA alert program feeding investigations
• Perform deep analysis of large data sets to identify trends, tuning opportunities, and control creation
• Through analysis, identify root cause themes including bad business practices and work with control owners to reduce risk & enhance overall security posture
• Perform security reviews, cyber defense trend analysis and open-source research, partnering with Threat Intelligence on emerging risks

Experience you'll need to have:

• 7+ years of experience in insider threat investigations, cybersecurity, incident response, law enforcement, or financial crimes with deep knowledge of Insider Threat UEBA platforms, User Activity Monitoring (UAM) or other similar Machine Learning /Risk Score methodologies/concepts
• Experience conducting complex technical investigations including deep log analysis of systems, network, applications and tools, managing chain of custody and evidence preservation
• Experience conducting interviews and deep understanding of Insider Threat anatomy of attack and nation-state sponsored espionage / cyber espionage activities
• Strong written communication skills with experience writing fact-based objective reports for legal, HR, and other business partners.
• Maintain thorough documentation for each case and meticulously curate artifacts and evidence.
• Recommend risk mitigation and root cause analysis for cases and develop case scoping queries on the fly while working cases
• Understanding and experience of investigative procedures including preservation, analysis, reporting, and presentation.
• Experience with OSINT, public records, and link analysis
• Experienced with SIEM/SOAR technologies such as Splunk, Google SecOps, log sourcing, forwarders, parsing, data pipeline and management, data architecture
• Working knowledge of EDR, NDR, DLP, CASB solutions
• Working knowledge of information security operations frameworks and standards - MITRE, NIST, Cyber Kill Chain, etc.
• Familiar with best practice security principles on identity & access management, network security, endpoint security, vulnerability management, and application security
• Ability to obtain security clearance and/or active C6 security clearance (or higher) preferred with computer networking concepts, protocols, and network security methodologies, cyber-attack stages and techniques used by malicious insiders.
• Working knowledge of global data protection privacy regulations

Experience that would be great to have:

• (Preferred) Experience in technical investigations, law enforcement, HUMINT, and/or Counterintelligence,
• (Preferred) Training and/or experience with financial crimes
• Certifications such as CMU CERT ITPM/ ITVA, CCITP, CISM, CDPSE or similar
• Experience in data science and analytics solutions applicable to the insider threat detection space.
• Exposure to programming, scripting and query languages such as Python, bash, SQL, Lucene, YARA-L, and SPL.
• Experience working in financial services or financial technology desired.
  
  Sponsorship:
• In order to be considered, you must be legally authorized to work in the U.S. without need for visa sponsorship now or in the future.

Salary Range

$90,000.00 - $158,400.00

These pay ranges apply to employees in New Jersey, New York and California. Pay ranges for employees in other states may differ.

It is unlawful to discriminate against a prospective employee due to the individual's status as a veteran.

For incentive eligible associates, the successful candidate is eligible for an annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards in the Company's sole discretion.

Thank you for considering employment with Fiserv. Please:

• Apply using your legal name
• Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

Our commitment to Equal Opportunity:

Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law.

If you have a disability and require a reasonable accommodation in completing a job application or otherwise participating in the overall hiring process, please contact Please note our AskHR representatives do not have visibility to your application status. Current associates who require a workplace accommodation should refer to Fiserv's Disability Accommodation Policy for additional information.

Note to agencies:

Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions.

Warning about fake job posts:

Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.