Lead Info Security Engineer

Job Description

Responsibilities: Experience 7 – 9 yrs. Responsibilities: 1. Investigate and remediate suspected insider risk alerts in partnership with business teams with escalation to Security Operations Center as needed. 2. Ability to perform analysis, investigation and resolve Insider Risk incidents independently. (e.g. user behavior, use of unapproved software, etc..) 3. Collect and analyze event metrics to identify trends and produce metric reporting. 4. Conduct analysis to help determine insider control effectiveness and recommend solutions to improve data protection and insider risk. 5. Communicate metrics and related information to a variety of internal audiences to inform where corrective action is needed to address gaps or areas of risk to meet business needs. 6. Partner with engineering team to define, build, and deliver solutions. 7. Respond to business inquiries or problem tickets related to insider risk alerts. 8. Pursue opportunities to automate or enrich investigation and response processes. 9. Perform reviews of activity for a given identity and determine if suspect behavior for that identity is probable. 10. Fully document the results of identity activity reviews 11. Identify, based on identity activity reviews, when we may have control gaps or inaccurate event data that should be filtered out. Qualifications: Qualification: We're looking for someone with: · Bachelor's degree (preference in a computer science, technology, engineering or math-related field or equivalent experience) · 5 to 8 years of work experience · Inquisitive and curious tendencies! · Ability to analyze quantitative and qualitative information to drive action. · Excellent oral and written communication skills with ability to articulate technical and non-technical concepts. · Excellent attention to detail · Ability to handle multiple tasks and adjust workload based on priority · Ability to design and automate your work and drive efficiency · Ability to maintain confidentiality is essential! · Strong analytical mindset, capable of identifying risk and vulnerabilities between controls · Self-motivated to find solutions when no clear goal is presented · Effective communicator of complex topics to various audiences at a high level · Partner with engineering team to define, build, and deliver solutions and resolve problems. · Conduct analysis to help determine Insider Risk Threat effectiveness and recommend solutions to reduce Insider Risk. · Use query languages/syntax to gain valuable insights from data · Ability to fully document findings and partner with investigators Must have requirements: Knowledge of endpoint and data exploration tools (SIEM, EDM, UEBA, ELK, etc.) · Experience using ELK to query security logs for threat hunting · Security-mindset from a risk perspective · Nice to have: Basic understanding and exposure to Splunk, should be able to query and pull out the required logs. · Ability to understand co-relation search, analyze the required logs for investigations. · Ability to create required dashboards/reports/searches. · Familiarity with basic system administration and scripting languages (e.g. PowerShell, batch, bash (and it's various flavors/variations) And other programming/query languages like Java, Python & SQL