Insider Threat & DLP Analyst

Company Description

We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world.

Job Description

NBCUniversal’s Cyber Defense Operations team is responsible for providing operational support for the layered defense of tools and capabilities deployed at NBCUniversal to support the Threat Operations lifecycle in a highly collaborative, fast paced, and agile fashion. The Insider Threat and DLP Analyst provides expert-level contributions to NBCU’s Cyber Defense Team by protecting the company's critical assets from internal threats and reducing overall risk. This position will be looked upon as a subject matter expert (SME) in the fields of data loss prevention and insider threat escalation. This position will report to the Sr Director of Cyber Investigation and Insider Threat and will act as a member of the Insider Threat team as an individual contributor, working tickets, escalating and responding to identified insider threats and reporting findings in a clear and concise fashion.

The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber investigation activities.  A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer DLP and Insider Threat analysis.  Experience working in Cyber Operations, dispositioning security alerts, escalating findings for action and evaluating business intention.  Experience responding to multi-faceted security issues and assisting with the coordination of subsequent enforcement activities and efforts prioritizing mission critical elements is ideal.

Finally, a successful candidate will effectively communicate the findings of key Cyber investigations and services to deliver succinct and biased free summaries to the Cyber Leadership.

Responsibilities: 

• Perform highly sensitive and confidential investigations, including some digital forensic analysis, involving internal risks such as employee misconduct, intellectual property theft, embezzlement, misuse, harassment, and physical security threats.
• Lead proactive efforts to identify, disrupt, and protect NBCU from any internal threats that may undermine the integrity and operations of the business.
• Work closely with HR, legal, and compliance teams to address insider threat incidents.
• Monitor user activity and behavior to detect signs of potential insider threats.
• Investigate suspicious activities and incidents related to insider threats.
• Triage and Analyze DLP Alerts
• Contribute to the development of DLP policies, rules, and best practices.
• Collaborate with IT and security teams to integrate DLP controls with other security measures.
• Provide on call response as required for major event support
• Conduct high level forensic analysis of physical devices and other electronic data sources in support of internal investigations and other legal requests using forensically sound processes.
• Provide subject matter guidance and work collaboratively with incident response and other cyber security teams in the event of a cross-functional investigation.
• Drive continuous improvement across the Insider Threat team and its processes.
• Utilize a range of data sources, systems, and tools to collect, search, recover, sort, and organize large volumes of digital evidence during all phases of the investigative process.
• Develop behavior anomaly capabilities as the landscape evolves.
• Maintain awareness of new tactics and techniques used by insider threats and industry best practices.
• Assist team leadership with the development, collection, and publication of metrics that illustrate team performance and highlight obstacles thwarting team potential.
• Occasional travel may be required, but less than 10% of the time.

Qualifications

Basic Requirements:

• 4+ years’ experience in computer forensics, investigations, or similar information security discipline.
• Working knowledge and proven experience with current DLP and Insider Threat best practices and methodologies.
• Demonstrated expertise in both working in and handling extremely confidential investigations.
• Experience with forensic technologies such as EnCase, FTK, AXIOM, and Cellebrite (or the like).
• Experience with emerging cloud technology services and their effect on data security considerations.
• Understanding of methods of internal and external data movement and exfiltration.
• Ability to navigate a complex global network as part of the investigative research process.
• Strong understanding of enterprise email systems including Office 365 and MS Exchange.
• Experience in DLP/Insider Threat Investigations (Corporate/Law Enforcement/Government/Military)
• Experience with enterprise level SIEM and/or DLP tools such as Splunk, DataDog, LogRhythm, and EDR/UEBA tools like Crowdstrike, Carbon Black, or Exabeam (or the like).
• Bachelor of Science in Computer Science, Information Systems, Software Engineering, Criminal Justice, or any combination of education and relevant experience.

Desired Characteristics:

• Self-starter with a sense of urgency who takes ownership and responsibility for service delivery.
• Works independently with minimal guidance while also working collaboratively with the team to achieve strategic goals.
• Professional, clear, and concise communication to both technical and non-technical audiences.
• Excellent analytical ability, sharp attention to detail, creative problem solving, and consultative skills.
• Proven organizational skills (time management and prioritization).
• Position requires access to highly sensitive confidential material; integrity and discretion are mandatory.
• GIAC Certified Forensic Analyst - GCFA
• GIAC Certified Forensic Examiner - GCFE
• Certified Forensic Computer Examiner - CFCE
• Certified Information Systems Security Professional - CISSP
• NOTE: An equivalent combination of experience, education and/or training may be substituted for the listed minimum requirements.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $100,000 - $130,000

We are accepting applications for this position on an ongoing basis.

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to AccessibilitySupport@nbcuni.com.

For LA County and City Residents Only:  NBCUniversal will consider for employment
qualified applicants with criminal histories, or arrest or conviction records, in a manner
consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance
Initiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.