Overview Who We Are:
As a global investments company, BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments, and safeguards nearly one-fifth of the world's financial assets. Every day, our Technology employees make this happen while also seeking out new ways to do it more efficiently and effectively.
As part of BNY Mellon-s global Technology organization, you-ll have the opportunity to engage with some of the best and brightest, technology, business, and financial minds to find new and better ways to exceed our clients- expectations and build the future of financial services. With more than 230 years of industry leading experience under our belts, you might even say that we are the original fintech.
At BNY Mellon, cybersecurity is a top priority for both technology and the business. The members of the Information Security Division are on constant alert, using their creativity and knowledge of cybersecurity, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security). Together with the CISO and his leadership team, staff provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise. We help our businesses, the bank-s executive team, and our board of directors understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation. Position overview
: This is a Senior Insider Threat Hunter/Detection engineer role which will be an integral part of the dynamic, fast-paced Cybersecurity Threat Detection team. A successful candidate will bring a positive, passionate attitude to the team's playbook and threat hunting initiatives by leveraging rich threat-hunting and Insider Threat detection tools & techniques experience. This is a challenging yet rewarding position that provides an opportunity to leverage cutting edge technologies in pursuit of a vital mission that protects people, sensitive information/intellectual property and the security posture of the bank. What You'll Be Doing:
Who We're Looking For:
- Responsible for identifying and developing Insider Threat Detection Use cases focused on insider threats
- Responsible for understanding the Insider Threat Landscape and applying innovative solutions to address threats using analytics
- Triage data of anomalous events collected by User Behavior Analytics (UBA), User Activity Monitoring (UAM), DLP, SIEM technologies and other tools to decipher underlying trends or uncover anomalies and discern obscure patterns and attributes of potential Insider threat activities.
- Performs independent assessments, ensuring that the processes and designs of BNY Mellon systems will be effective, functional and secure with the ability to deter, protect, detect and mitigate Insider threats.
- Must demonstrate knowledge of tactics, techniques and procedures associated with malicious Insider threat activity, i.e., fraud, theft, sabotage, espionage, etc.
- Partner with other Cybersecurity Operations & Technology functions in conducting threat modeling exercises or in-depth assessments and tests against networks, endpoints, applications, etc., to find flaws with people/process/technology controls and prevent/detect Insider threats from materializing.
- Provide guidance on potential Insider threat investigations to stakeholders on methodologies/techniques.
- Day to day management of playbook content lifecycles including customer interactions and priority, content creation, testing & tuning, version/value documentation, and finally, user-acceptance testing and effectiveness analytics.
- Engage in ongoing research in security tools, techniques, and procedures, as well as advance Threat Detection initiatives based on aggressive security principals, machine learning algorithms, and threat mitigation techniques.
- Additional responsibilities will include:
- Collecting, analyzing and interpreting qualitative and quantitative data from multiple sources for the purpose of documenting investigations, analyzing findings and provide Insider threat metrics.
- Collaborate with Threat detection team, Operations and other stakeholders to develop innovative Insider Threat capabilities to enhance our proactive and reactive analytical processes.
- Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations. Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles. Addresses high risk security concerns or incidents. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
- 10-12 years of experience in information security or related technology experience required
- Experience in the securities or financial services industry is a plus
- Solid understanding of Insider Threat Detection , network security and traffic analysis, hunting for malicious activity and initiating response actions.
- Demonstrable experience with Insider Threat Detection Technologies and tools such as SIEM, UBA/UEBA, UAM, DLP, etc.
- Active listening and collaborative skills with various audiences, including team members, security team and executive stakeholders, in order to perform hunt and content development
- Experience with open-source security tools including Wireshark, nmap, burp, Snort, and Kali.
- Good understanding of InfoSec fundamentals including Lockheed Kill chain and MITRE ATT&CK-based analytics
- Demonstrable Threat hunting experience
- Demonstrable Incident Response Workflow experience
- Fundamental understanding of InfoSec threat sharing including IoCs, artifacts, and forensic techniques
- Exceptional problem solving capabilities and strong documentation, communication skills both verbal and non-verbal
- Ability to self-manage workload and goals independently in a fast-paced, multi-threaded, and deadline-driven organization
- Passion for communication and attention to detail, research, and articulate, value-driven reporting
- Comfortable working with geographically dispersed team
- Comfortable with a range of project and software development methodologies - experience with agile scrum preferable
- Ability to problem solve and performance tune in a high paced development environment
- Certifications such as CISSP, GREM, GIAC, SANS, CEH is a plus