Senior Risk Analyst

Job Description SummaryThe Senior Risk Analyst within the Cyber Data Protection team will be responsible for responding to cyber data protection incidents as part of the SOC. Responsible for the detection, design, and testing of analytic frameworks, processes, procedures and controls. Responsible for threat identification, indicator development, data movement analytics, data collection and analysis, and identification of anomalous patterns of data movement. Participate in threat hunting and threat modelling activities.

Job Description

Roles and Responsibilities

In this role, you will:

• Lead the development and execution of the detection analytics capabilities within the Insider Threat program, including risk scoring models, thresholds, baselines, key indicators, and reporting.

• Maintenance of a comprehensive response escalation process and procedures including the investigative processes.

• Perform daily response operations that may involve occasional non-traditional working hours - act as escalation points where necessary.

• Review of daily alerts, triage violations, raise cases and lead co-ordination of incidents across business and partner teams.

• Improve state of our insider program and platforms by configuring and updating policies, building the knowledge base, metrics management and maturity overall.

• Drive projects and work streams within the Insider Threat program including appropriate risk mitigation activities in the Data Protection space.

• Lead log ingestion and threat modelling activities in partnership with application owners and analytics platform teams, co-relate data and build policies to identify insider threats.

• Create dashboards, alerts and reporting in the analytics platform to identify trends, risk indicators and highlight areas to address risk.

• Participate in threat hunting activities, support triage work and case management with appropriate teams.

• Support relevant SOC tooling, platforms, infrastructure, code and automation processes.

Education Qualifications

Bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with advanced experience.

Desired Characteristics

Technical Expertise: (Hands-on)

• Experience in anomaly detection, data analytics, behaviour analytics.

• Experience detecting and responding to cyber incidents in a complex Information Technology environment.

• Detailed understanding of Insider Threats, DLP (Data Loss Prevention), Data-level Security, and associated tactics.

• Experience in a technical SOC (Security Operations Centre) environment.

• Strong MS Sentinel experience (or other SIEM tools) in advanced reporting and alerting, queries, and data modelling.

• Experience with UEBA tools (Ex. Securonix, MS Purview etc.) highly beneficial.

• Training in Information Security specific disciplines (CISSP, Security+, SSCP, SANS, CERT, CMU-SEI, CEH certifications etc.).

• IT infrastructure background including familiarity with: Applications, Operating systems, Cloud (Azure), Networks, Databases, Cryptography, Identity & Access Management, Proxies etc.

• Experience with host-based detection and prevention suites, host-centric tools for forensic collection and analysis and Network Security Monitoring tools.

• Scripting and coding skills (Ex. PowerShell, Bash, Python, Regex etc.).

• Experience in working with Agile methodologies.

Leadership: 

• Strong interpersonal, analytical, organizational, written and verbal communication skills.

• Demonstrated ability to communicate and lead in a team-based setting. 

• Experience in large global environments spanning multiple time zones.

• Providing mentorship to junior team members.

• Ability to influence across organizations.

Personal Attributes: 

• Needs to be a self-starter.

• Independent learner, curious.

• Successfully track multiple streams of work to completion.

#LI-TM1

Additional Information

Relocation Assistance Provided: No