Note: ** This role is critical for organizations technical guidance and assistance, especially in network and security design, implementation, and technical research. Support includes helping integrate equipment from various vendors for seamless operations.
Job Description: Lead Cybersecurity Insider Risk Analyst
**Position Summary The Lead Cyber Security Insider Risk Analyst is responsible for leading the response to high-priority and escalated cybersecurity incidents, overseeing the detection, analysis, response, reporting, and prevention of threats across employees, contractors and third party vendors. This senior analyst proactively drives the creation and deployment of new detection rules, adapting to active threats and evolving suspicious behaviours. The role requires a high degree of organization, advanced technical acumen, and the ability to manage complex incidents, mentor team members, and communicate effectively with both executive leadership and business units. The ideal candidate will excel in incident response leadership, technical investigation, and continuous improvement of security operations.
General Responsibilities The Lead Cybersecurity Insider Risk Analyst leads escalated incident management as the primary investigator and incident handler, ensuring all tasks are executed efficiently and thoroughly. This role plays a key part in developing incident response processes, driving remediation, contributing to threat intelligence, and providing executive-level communication. The analyst also supports table top exercises and serves as a mentor and subject matter expert across the cybersecurity team.
Core Responsibilities Manage all cases as Lead Handler for escalated cybersecurity incidents. Oversee all tasks related to escalated cases as Lead Investigator. Investigate all escalated security events, ensuring comprehensive analysis and response. Assist with "Micro-hunts" to discover, analyse, and report on actionable threat intelligence. Support the development and continuous improvement of incident response processes. Drive remediation efforts for all cybersecurity incidents assigned to the team. Perform skilled triage of threats using advanced technical and business knowledge. Mentor team members in triage, leveraging business knowledge and incident response frameworks. Assist with scenario development for table top exercises across the Incident Response team. Document and communicate findings and after-action reports in formats required by leadership. Function as a mentor and subject matter expert to other Incident Responders. Serve as a scribe when requested, maintaining accurate records of incidents. Provide executive-level communications to leadership and stakeholders.
Technical Responsibilities
Utilize case management tools, host/network analysis, and threat intelligence platforms for incident response. Apply strong knowledge in incident handling processes, lifecycle, and attack frameworks. Conduct in-depth analysis of threats, exploits, vulnerabilities, and malware families. Perform investigations across Windows, OSX, and Lenox operating systems. Leverage Endpoint Detection and Response (EDR) technologies and conduct cloud security analysis. Use SPLUNK and other analytics tools for advanced investigations and reporting. Understand company infrastructure, including VPNs, AVPNs, and business partner connectivity. Demonstrate expert familiarity with networking, internet communication methods, and general computing protocols. Design and implement new security detection methods in response to emerging threats. Collaborate with other Threat Analytic teams, understanding their functions and interactions. Mentor team members in skilled triage and advanced practices. Generate reports and documentation related to incident response activities. Maintain knowledge of SaaS services, mobility threats, and security in cloud environments. Exhibit strong understanding of scripting languages (e.g., Python, PowerShell, Bash) for automation and analysis. Assist with algorithm development and advanced threat intelligence analysis.
Required Experience 4+ years of technical cybersecurity experience in Incident Response, Security Operations, or related functions. Demonstrated experience in managing escalated incidents and driving remediation in complex environments.
Technical Skills Working knowledge of at least four of the following: incident management technologies, OS hardening, cloud environments, host analysis, network forensics, UEBA, malware reversing, intrusion detection, anomaly detection, threat research, threat intelligence, security alert design, data analysis. Strong knowledge of incident handling, lifecycle, and attack frameworks. Advanced proficiency in incident response, triage, and remediation. Expertise in host and network analysis, EDR technologies, and SPLUNK. Good understanding of cloud security analysis, internet-based threats, and SaaS services. Strong familiarity with company infrastructure (VPNs/AVPNs), mobility threats, and networking. Expert familiarity with general computing protocols and malware/network attack vectors. Experience designing and implementing security detection methods. Understanding of scripting languages for automation and analysis. Ability to mentor and train others at a senior level.
Soft Skills & Traits Excellent analytical and problem-solving skills, with the ability to perform core root cause analysis. Quick learner, able to absorb and teach new technologies and concepts. Highly effective collaborator, especially in remote or distributed teams. Excels in business communication methods and general soft skills. Strong understanding of the business, its entities, and how cybersecurity impacts the broader organization. Professional integrity and discretion in handling sensitive information. Commitment to continuous learning and staying current with emerging cybersecurity threats and best practices.**
Never miss an opportunity! Create an alert based on the job you applied for.
