Threat Analyst

Job#: 3032934

Job Description:

Job Title: Insider Threat Analyst (Cybersecurity)

Position Summary

An Insider Threat Analyst identifies, assesses, and helps mitigate security risks posed by trusted insiders (employees, contractors, vendors, and partners) who may intentionally or unintentionally compromise the confidentiality, integrity, or availability of systems and data. They analyze user behavior and system/network activity, investigate suspicious events, and collaborate with Human Resources, Associate Relations and Ethics to respond. They may help refine detection rules to prevent policy violations, data breaches, and intellectual property theft, strengthening internal security controls and protecting organizational assets. Their goal is to enhance internal security measures and reduce the risk of insider threats.

Key Responsibilities

Detection & Monitoring

• Monitor and triage insider threat signals from tools such as SIEM, UEBA, UAM, DLP, EDR, IAM logs, email security, CASB/SSE, and cloud audit logs.
• Provide input to engineering teams to develop or refine detection logic (use cases, correlation rules, alert thresholds) for insider-risk scenarios (e.g., data exfiltration, privilege abuse, policy violations).
• Identify suspicious patterns such as unusual access times, abnormal download volumes, atypical cloud sharing, or role-inconsistent system access.

Investigation & Response

• Conduct end-to-end investigations: scope events, gather evidence, reconstruct timelines, and document findings.
• Perform log and artifact analysis across endpoints, identity providers, SaaS platforms, and network sources.
• Perform or coordinate containment/response actions (e.g., account disablement, access restriction, endpoint isolation) while maintaining appropriate approvals and chain-of-custody.
• Produce clear incident case notes or summaries suitable for technical and non-technical stakeholders.
• Participate in case management and maintain detailed, defensible documentation.

Collaboration & Enablement

• Work with Ethics/HR/Legal/Privacy/Compliance/Physical Security to ensure investigations are appropriate, proportionate, and aligned to policy and applicable regulations.
• Partner with requisite teams to remediate root causes (misconfigurations, excessive entitlements, weak monitoring).
• Provide input to awareness initiatives (e.g., secure data handling, reporting mechanisms, acceptable use).
• Provide clear and articulate communications, both verbal and in writing.

Program Development & Continuous Improvement

• Help define insider threat playbooks, escalation criteria, and repeatable workflows (e.g., "patient record snooping," "PHI exfiltration," "privileged misuse," "vendor access misuse").
• Track and report program metrics (time-to-triage, time-to-close, recurrence, top sources, control gaps)
• Stay current on insider threat tactics, behavioral indicators, and relevant frameworks and best practices.

Required Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent practical experience.
• Lead or support investigations from intake through closure: scope, collect artifacts, analyze activity, establish timelines, and document findings. 6-10+ years in security operations, incident response, threat detection, investigations, or insider risk-preferably within healthcare or other regulated environments.
• Demonstrated ability to independently investigate UAM-derived alerts and reconstruct user activity across endpoints, applications and/or other logs or security tools
• 2-5+ years of experience in cybersecurity operations, threat detection, incident response, or investigations.
• Experience analyzing logs/events from multiple sources (identity, endpoint, network, and cloud).
• Strong knowledge of:
  • Insider threat scenarios (malicious, negligent, compromised insider)
  • Incident handling and investigative methods
  • Access control concepts (RBAC/ABAC), authentication, and privilege management
• Ability to write clear, defensible documentation and communicate findings to diverse stakeholders.
• High integrity and discretion when handling sensitive personnel and security matters.

Preferred Qualifications

• Experience with insider-risk platforms and/or relevant tooling: UEBA, DLP, UAM, SIEM (Splunk), EDR (CrowdStrike), IAM (Okta/Azure AD), M365/GWS audit logs, CASB/SSE.
• Familiarity with investigation/case management workflows and evidence preservation.
• Experience in regulated environments (finance, healthcare, government) and knowledge of privacy considerations.
• Scripting/automation skills (Python, PowerShell) and query languages (KQL, SPL, SQL, EQL).
• Relevant certifications (one or more):
  • GCIA, GCIH, GCFA, GNFA
  • Security+, CySA+, CASP+
  • Splunk/SC-200 or equivalent detection-focused certifications
• CISSP, ITPM, or similar cybersecurity certifications.

Core Competencies

• Analytical thinking and hypothesis-driven investigation
• Behavior analytics and insider threat potential risk indicators
• Sound judgment and ability to handle ambiguity
• Strong stakeholder management (SOC, HR, Legal, Privacy)
• Attention to detail and evidence discipline
• Continuous learning mindset
• High judgment and discretion with workforce-related investigations
• Ability to balance security monitoring with privacy-by-design and "minimum necessary" principles
• System thinking: root-cause analysis and durable control improvements
• Calm, structured approach under time pressure and scrutiny

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click for more details.

Everforth Apex Benefits Overview: Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.