Description of Position:
The future of banking is here! We’re building the next generation of banking technology and actively transforming the way we operate. In turn, our Enterprise Information Security Department is hiring folks at all levels and we currently have an open career opportunity for an Incident Response Engineer (Insider Analytics).
Enterprise Information Security (EIS) is integrated with the Technology division (860+ people), and is responsible for enabling secure innovation and business growth for 13,000 employees across 11 states. What’s great about our department is that we laugh with each other, have Executive and Board level visibility and support for our work, and are driving highly-visible, enterprise-wide initiatives. We’re focused on creating business value and are seeking like-minded professionals to join our team!
Tasks and Responsibilities:
Are you passionate about information security?
Do you enjoy solving puzzles, addressing complex problems, working in a fast-paced environment, and guiding others in the finer points of cybersecurity incident response?
We are seeking a motivated, collaborative, experienced Incident Response Engineer specialized in Insider Threat Analytics to join our team of dedicated cybersecurity operations professionals! The Cybersecurity Operations Center (CSOC) is responsible for primary cybersecurity incident response, forensics, and cyber resiliency. We work with the latest tools and methods, as well as partners across the rest of the security division, IT, and the cybersecurity industry, but we also know how to roll up our sleeves with some old-fashioned detective work when needed. As part of CSOC, this role will be responsible for the following:
Required Skills, Abilities, and Certifications
- Act as senior, key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization focused on the design, implementation and monitoring of insider threat detection.
- Conduct analysis and assessments of threats related to insider behavior.
- Track and report insider specific information and metrics.
- Analyze anomalous behavior for security impacts.
- Assist I building processes, procedures and training for the Insider Threat program.
- Document findings for consumption by both technical and non-technical stake holders.
- Assist in communication of risks and impacts associated with insider threat.
- Ability to correlate data from multiple sources to detect anomalous behavior.
- Respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents.
- Act as subject matter expert in multiple security tools and processes such as SIEM, IDS, EDR, DLP, and similar.
- Develop and implement monitoring use cases, incident response procedures, playbooks and other technical documentation.
- Collaborate with Cybersecurity Architecture and IT in monitoring and alerting infrastructure, processes and tools.
- Train, mentor and guide other team members (across both the CSOC and other Information Security departments) on incident response practices, tooling and capabilities.
- 6+ years of progressive technical experience in one or more technical cybersecurity domains, with at least 5+ years of that time in an incident response role focused on insider threat detection and response.
- Strong communication skills required to work closely with cross functional teams to build and manage an insider threat process.
- Experience with User and Entity Behavior Analytics.
- Experience with Data Loss Prevention (DLP) security controls.
- Familiarity with risk scoring and threat analysis tools.
- Experience writing, testing and deploying user activity monitoring (UAm).
- Hands-on technical experience with one or more commercial SIEM products such as Splunk Enterprise Security, Qradar, LogRhythm, ArcSight, NetWitness, etc., which should include familiarity with defining and writing alert conditions/use cases in addition to daily use for investigating incidents.
- Very strong interpersonal and written communication skills, including the ability to produce technical documentation, standard operating procedures, and incident response playbooks.
- Deep technical familiarity with networking concepts, architectures and tools, including network traffic analysis, proxies, functionality of network switches, load balancers, routers and firewalls.
- Advanced working knowledge of common attack vectors, different classes of attacks (e.g., passive, active, insider, close-in, distributed, etc.) and general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks, etc.).
- Advanced knowledge of system administration concepts for UNIX/Linux and Windows operating systems.
- Experience with threat hunting methods and approach is a plus.
- Experience conducting forensics investigations is a plus.
- Technical certifications such as GNFA, CISSP are a plus.
- Requires a Bachelor's in Information Technology, Computer Science, Business or a related technical field. A combination of education and experience may meet qualifications.