Insider Threat Program Analyst

Job Description

Job Summary

The Insider Threat Program Analyst is responsible for identifying, analyzing, and mitigating risks associated with insider threats. This includes data exfiltration, privilege abuse, and security policy violations. This role involves monitoring employee behavior, analyzing security alerts, and working closely with Human Resources, IT and Security teams to prevent potential threats.

Job Duties

• Analyze large complex datasets and proactively monitor, triage, and escalate findings from monitoring and detection tools.
• Communicate findings, risks, and gaps to both technical and non-technical program stakeholders.
• Conduct inquiries and investigations into suspicious activities and liaise with legal and HR departments.
• Lead insider threat inquiries, investigations, and reporting by employing critical technical and non-technical skill sets. 
• Identifying events/incidents that exhibit an insider threat nexus based on known behaviors and triggers. 
• Conduct interviews to gather information and ascertain the validity and impact of potential threats.
• Collaborate with team members to identify and implement opportunities for continuous program improvement. 
• Develop and implement strategies for timely detection and response to insider threats.
• Triage data of anomalous events/activity collected by data analytics tools and sources to decipher underlying trends or uncover anomalies and discern obscured patterns and attributes.
• Coordinate with program stakeholders for swift and effective incident resolution. 
• Analyze, maintain, and improve monitoring and detection tools and processes. 
• Work closely with cross-functional teams, including IT, legal, and HR, and governance to mitigate insider threat activity. 
• Design and deliver comprehensive insider threat-related training programs. 
• Collaborate with network security engineers to identify resources and parameters required to meet Insider Threat objectives.
• Author and maintain insider threat-related policies, procedures, processes, and handbooks.
• Create analytical dashboards to assist with insider threat reviews and inquiries.
• Identify, track, and implement measures for continuous improvement. 

Job Qualifications

REQUIRED QUALIFICATIONS:

• 5+ years of combined hands-on experience within Insider Threat programs conducting or leading insider threat investigations, with past roles in security threat monitoring-related work.
• Experience conducting information security, law enforcement, counterintelligence or insider threat analysis and/or investigations.
• Strong understanding of insider threat best practices, operations, and current threat landscape. 
• Certification or experience examining data logs in User Entity Behavior Analytical (UEBA) tools and/or other data aggregate tools.
• Knowledge and/or operational experience with insider threat-related technologies, including DLP, UEBA, Email Security, EDR, Web Proxy, Data Protection, and UAM.
• Experience working with information security requirements, policies, and regulations supporting security control compliance activities.
• Advanced problem solving and analytical skills. 
• Experience with data collection, data mining, investigative techniques, using intelligence database search tools, and intelligence analysis.
• Excellent communication, collaboration, and report-writing skills.
• Good business judgment and the ability to independently investigate sensitive, complex matters with discretion.
• Strong interpersonal communication and project management skills.
• Ability to prioritize risks to the business in real-time.
• Experience with AI/ML to improve operational efficiency.
• Strong knowledge of computer hardware, operating systems, file systems, and forensic tools.
• Familiarity with legal and regulatory requirements related to digital evidence, data privacy, and cybersecurity.
• Attention to detail and a commitment to maintaining the highest standards of integrity and professionalism.
• Experience in computer forensics, high-tech crime investigations, intelligence analysis, insider threat analysis / investigations, or IP risk management.
• Strong understanding of the intelligence lifecycle, Open-Source Intelligence (OSINT) gathering techniques / analysis, and indicators associated with insider threats.
• Ability to work both independently and as part of a team.

PREFERRED QUALIFICATIONS:

• Relevant certifications such as Global Counter-Insider Threat Professional (GCITP), Certified Insider Threat Analyst, Certified Open-Source Intelligence (OSINT) Certified Information Systems Security Professional (CISSP), Certified Computer Examiner (CCE), or Certified Forensic Computer Examiner (CFCE), Certified Investigator.
• Experience in insider threat investigations, digital forensics, and incident response.
• Bachelor’s degree in computer science, Criminal Justice, Intelligence Studies, or other related field from an accredited university. 
• Familiarity with cybersecurity, networking, internet fundamentals (e.g., TCP/IP, BGP, Internet peering, DNS), digital forensics, and various technical methods of data exfiltration.
• Experience with using Excel and/or SQL for analysis of complex datasets a plus.
• Experience with developing PowerPoint presentations a plus.
• Experience with diligence, compliance, and/or audit programs a plus.

To all current Molina employees: If you are interested in applying for this position, please apply through the intranet job listing

Molina Healthcare offers a competitive benefits and compensation package Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V