Sr Engineer, Cyber Insider Threat - Network Activity Logs - Remote

Overview

Remote
On Site
Full Time

Skills

Network
Collaboration
Analytics
Data Loss Prevention
SIEM
Testing
Use Cases
Fraud
IT Architecture
Threat Analysis
Security Controls
Regulatory Compliance
Computer Science
Information Systems
Data Security
Privacy
Scripting Language
Java
Python
.NET
JavaScript
C++
Scripting
Windows PowerShell
Perl
Bash
Leadership
Communication
DLP
Security Operations
Data Analysis
Microsoft Windows
OS X
Linux
SaaS
Workflow
Management
Forensics
Cyber Security
Computer Networking
TCP/IP
Border Gateway Protocol
Internet
Dragon NaturallySpeaking
DNS
Microsoft Excel
SQL
Microsoft PowerPoint
Presentations
Digital Forensics
Security+
Information System Security
CISSP
Information Security
CISM
Certified Ethical Hacker

Job Details

Job Description

Job Description

Job Summary

The Sr Engineer, Insider Threat will implement cyber intelligence (CyInt) collection, compilation, and analysis for the insider threat program. Implements data sets, tools, and provides program support to insider threat analysts and investigations. Works closely with our cybersecurity team, other technical teams, and business stakeholders to develop advanced insider threat systems and processes.

Job Duties

Lead the design, development, and implementation of a comprehensive insider threat monitoring and detection strategy integrating technical and non-technical components
Collaborate with cybersecurity analysts, engineers, and other program stakeholders to develop and refine insider threat monitoring and detection capabilities
Correlate information from multiple technical user activity monitoring (UAM), user entity behavior analytics (UEBA), data loss prevention (DLP), security information and even management (SIEM) and non-technical data sources to enable proactive insider risk/threat detection
Utilize cyber security expertise, knowledge of insider threat detection, and data analytics to create innovative strategies for detecting and preventing malicious activities.
Conduct in-depth analysis of logs received from various data sources
Architect and implement automation of investigation and escalation workflows
Contribute to internal investigations where needed, providing support for forensic analysis, log review, and alert analysis
Execute rigorous testing on internal security mechanisms to validate their effectiveness
Develop and maintain insider risk techniques and procedures, to include use cases surrounding data exfiltration, internal fraud, privilege escalations, and sabotage
Evaluate, recommend, and improve upon existing technical and non-technical solutions to detect and respond to potential insider threats.
Guide the technical architecture of insider threat systems, ensuring alignment with the organization's security and business goals
Publish internal CyInt threat intelligence products, and briefings to provide actionable information to stakeholders
Define security controls and metrics to measure the effectiveness of the insider threat program
Stay abreast of emerging insider threat trends and update strategies accordingly
Coordinate with stakeholders on CyInt activities to ensure compliance to policies and regulations

Job Qualifications

REQUIRED QUALIFICATIONS:

Bachelor's degree in computer science, Cybersecurity, Information Systems, or equivalent education or work experience Expert understanding of cybersecurity and insider threat concepts, protocols, and tools,
Experience with UEBA deployment, administration, data source integrations, and configurations
Strong knowledge of data protection and privacy regulations
Proficient in at least one programming or scripting language such as Java, Python, .NET, JavaScript, or C++
Experience in scripting languages such as PowerShell, Perl, or Bash
Exceptional leadership, communication, and presentation skills
At least 6 years of experience in cybersecurity, DLP, Security Operations, investigative analysis, or the intelligence field.
Experience leading or conducting technical investigations utilizing insider threat tools
Ability to professionally manage confidential matters with appropriate judgement around escalation.
Experience with data analytics tools used for insider threat information collection and knowledge of other insider threat risk scoring data analytics tools.
Action-oriented engineer with the ability to work autonomously and take ownership of complex projects
Experience developing and implementing defensive controls around Windows, MacOS, Linux, and SaaS applications
Proficiency with automating workflows and integrating security tools within IT environments

PREFERRED QUALIFICATIONS:

Experience with UEBA/SIEMs.
Experience with Endpoint Detection and Response (EDR) tools, device management tooling and other telemetry sources
Experience working on insider threat teams or working insider threat investigations
Experience with broad system forensics
Experience communicating technical security concerns and issues to a non-technical audience.
Experience with insider threat tools (ex. Red Vector, Code42, Exabeam, DTEX)
Prior experience working with confidential / sensitive information
Familiarity with cybersecurity, networking, internet fundamentals (e.g., TCP/IP, BGP, Internet peering, DNS), digital forensics, and various technical methods of data exfiltration
Experience with using Excel or SQL for analysis of complex datasets
Experience with developing PowerPoint presentations
Information security, digital forensics, insider threat, or other related certifications
Security+, Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), CERT Insider Threat, Certified Ethical Hacker (CEH)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.