Senior Cyber Defense Analyst - Insider Threat

Conduct technical analysis and investigate user activity data and alerts to identify indicators of data compromise or loss of company Intellectual Property; coordinate the application of insider risk models and assign risk levels for insiders and in support of critical business projects; access and integrate information from client’s network monitoring tools and other data analytics tools; compose investigation queries and build triage dashboards to support triage work; support automation testing and SOAR platform capabilities; decipher underlying trends or uncover anomalies and discern obscure patterns and attributes; conduct data triage of anomalous events collected by approved User Entity Behavior Analysis (UEBA), Data Loss Prevention (DLP) and other client network and endpoint monitoring tools; prepare and present analysis, in the form of briefings and reports; document Insider Threat team processes and procedures; maintain accelerated alerting users list including approvals for policy assignment, agent deployment, and alert prioritization to fast track cases to investigation; serve as a liaison between functional groups to deploy agents, create/modify policies and alerts for data loss prevention; and Test endpoints and agents to identify vulnerabilities in the system and recommended modification to mitigate the vulnerabilities and prevent data loss. Telecommuting is available from anywhere in the U.S., except from AK, AL, AR, DE, HI, IA, ID, IN, KS, KY, LA, MT, ND, NE, NH, NM, NV, OH, OK, RI, SD, VT, WV, and WY. 

Employer will accept a Master’s degree in Computer Science, Computer Engineering, or Artificial Intelligence and 2 years of experience in the job offered or in a computer-related occupation.  

Experience must include:  

• Devo

• Digital Guardian

• Splunk  

• Proofpoint 

• XSOAR 

• Gurucul 

• Netskope

• Data Loss Prevention 

• Crashplan

#LI-DNI