Threat Incident Response Analyst - Bethesda, United States - Relate Central

Description

JOB SUMMARY

Candidate will respond to potential insider threat incidents by reviewing/analyzing data from a variety of data security and data loss prevention tools; and collaborating with multiple areas of the business to determine root cause of the events, to make recommendations on how to improve our data loss prevention systems, and to mitigate insider risk.

Knowledge of payment card data, personally identifiable information (PII), intellectual property and other sensitive data types is required.

Through a strong understanding of insider threat behavior and data security events and incidents, helps track and manage metrics (KPI/KRI) to ensure the advancement of the program across the enterprise, while mitigating risk to the organization.

Required Experience and Education

• 5+ years of experience in Information Security
• 3+ years of experience in cybersecurity and/or insider threat incident response that must include experience in:

o Experience with data loss/information protection solutions (Splunk, Netskope, Microsoft O365, etc.) and case management systems such as Service Now.

o Identification of potential insider threat tools, tactics, and procedures (TTPs)
o Security data analysis from a variety of sources and tools, including contributing to DLP policy/alert creation and maintenance.

• 6 months experience using Netskope, Purview, Splunk, Exabeam and Crowdstrike or data from these systems to detect potential data leaks and prepare assessments.
• Undergraduate degree in computer science or related field, or equivalent work experience
• Ability to work flexible schedule that may include shift work.

Attributes and Preferred Experience:

• Development of incident response assessments and other similar reporting (demonstrated writing & comms skills) with demonstrated attention to detail.
• Experience in a similarly sized organization with significant complexity.
• Strong time management skills to balance multiple activities.

Experience with DLP tools and/or methodologies to enhance insider threat incident response procedures.

CORE WORK ACTIVITIES

• Conducts data security incident analysis in support of Insider Threat Management Program producing insider risk assessments when thresholds are met.
• Collaborate with team members on assessments and other work products to improve results and processes.
• Assist with the development and maintenance of insider risk "playbooks" to ensure effective and efficient response processes and procedures.
• Handle referrals from internal and external sources to quickly triage and respond to potential insider threat incidents, as needed.
• Conducts content search using Microsoft Purview eDiscovery.
• Provide technical subject matter expertise related to projects and initiatives that advance the maturity and capability of security program.

Develop and follow detailed operational processes and procedures to appropriately analyze, escalate and assist in the remediation of information security-related incidents.

• Apply technical acumen and analytical capabilities to speed and enhance response.
• Work in a flexible environment, including shift work, as required to meet business and operational needs.