Sr. Security Analyst, Insider Threat - Information Security Operations

What if the work you did every day could impact the lives of people you know? Or all of humanity?

At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Working at Illumina means being part of something bigger than yourself. Every person, in every role, has the opportunity to make a difference. Surrounded by extraordinary people, inspiring leaders, and world changing projects, you will do more and become more than you ever thought possible.

Responsible for successfully executing enterprise-wide Information Security Operational controls and processes that protect the company’s data and functions across all business areas.  Adhering to data protection standards, procedures, regulatory oversight, and technical solutions for the Information Security department. 

Lead Security investigations, establish and improve monitoring processes, analysis of security events, cyber-security-based awareness and education, response to alerts, investigation of suspicious activity, cyber-related requests. Point of escalation for security event triage and response for junior staff.

Performs all duties in accordance with the company’s policies and procedures, all state, federal, and country laws and regulations, wherein the company operates.

In accordance with regulatory and audit requirements, this position will perform analysis of systems and programs, including the cyber-security related programs and initiatives.  Delivery of activity reporting, including metrics, environment impact, effectiveness progress, and performance, and risk indicators.

Duties

• Lead and collaborate on implementation of the Insider Threat Program.
• Analyze and triage data loss prevention, Insider Risk, and Data Security Posture Management (DSPM) alerts, manage incidents and assist with escalations, investigations, and remediations to improve the company's security posture. Document findings and actions.
• Recommend strategies to prevent potential insider threat behavior or incidents.
• Support DLP policy tuning, testing, and validation of rules for minimization of false positives and increased data loss prevention insight. Assist in the development of rule exceptions.
• Support current and proposed technologies, implementations, strategies, and systems in the DLP/DSPM space, identifying and supporting improvements for data security.
• Support tactical and strategic roadmaps, reporting, and procedures.
• Responsible for daily operations and execution of the Insider Threat Program.
• Conduct analytical and critical thinking; understand problem set, review facts, make accurate observations and judgments and provide recommendations/reporting.
• Monitors, tracks, responds, investigates, and reports in compliance to security requirements, and works with the responsible parties to drive timely results and remediation
• Generates and monitors effective and actionable Information Security reporting across all Information Security technical landscape
• Research and track current security threats
• Participates in the global distribution of the enterprise Cyber-Security Operations Security Awareness training and campaigns
• Practices applicable procedures and standards that meet existing and newly developed policy and regulatory requirements (i.e., PCI-DSS, SOX, GDPR, CCPA)
• Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the organization
• Review, triage, and respond to service requests and alerts.
• Participate in on-call efforts on a rotational basis
• Act on improving processes and procedures

Skills

• Strong oral and written communication skills appropriate for consultation with all levels of management
• Knowledge of Data Loss Prevention technologies and best practices
• Strong problem-solving and analytical skills
• Proficient, or able to gain proficiency with, security software applications and tools
• Experience in collaboration amongst multiple lines of business and geographic theaters
• Information Security-based and forensics certification preferred (i.e., CompTIA, Network+/Security+, CEH, GIAC GSE, SANS Academy certs, or similar)
• The ability to thrive in a fast-paced, dynamic environment
• The ability to influence and drive change within teams and the organization
• A self-starter with a hands-on style, high level of energy, stamina, and drive 
• A strong team player who is proactive and driven to achieve results 
• Commendable organizational and time management skills
• Previous senior team experience working as part of an enterprise Information Security team

Experience/Education

• 5+ years’ experience in multiple Cybersecurity domains (i.e., Identify & Access Control, Network Security, Firewalls, Enterprise Directory Systems, Encryption, Data Loss Prevention {DLP}, Comprehensive Endpoint Protection, & Information Security Operations)
• 5+ years experience with Level 1 security event triage and escalation
• 3+ years experience in phishing triage and response
• 1+ Threat Hunting and Assessment
• 1+ Digital Forensics
• In-depth familiarity with enterprise workflow tools, scripting, and ability to develop and improve tool utilization, and promote process efficiency
• Bachelor's degree in Information Systems, Computer Science, Information Security, and/or related work experience

Illumina believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.