Job Title - Senior Insider Threat Analyst
Duration: 12 months
Location: Lone Tree, CO 80124, or Phoenix, AZ 85016 (hybrid work model—3 days onsite in a week)
Pay rate: $60/hr on W2.
Notes from the Hiring Manager discussed on the call:
About the Role: The client is seeking two Senior Insider Threat Analysts to join the Insider Threat and Data Loss Prevention team. The role involves deploying the new DTEX Intercept Insider Threat tool into the client environment. The ideal candidates will assist with the tool’s deployment, configuration, program development, and the operationalization of Insider Threat use cases. This project will span several phases, with a focus on detection, response capabilities, analytics, and automation.
Key Responsibilities:
- Tool Deployment: Assist in deploying DTEX Intercept across 54,000 agents, beginning in Q1 2024.
- Configuration and Program Development: Configure and build out the tool based on client-specific use cases
- Detection and Response: Develop detection rules and response procedures to address Insider Threat activities, ensuring they align with the defined use cases.
- Tuning: Conduct extensive tuning and policy adjustments based on pilot phase results, with the expectation of addressing the current high alert-to-action ratio (approximately 50% alert rating currently).
- Advanced Analytics and Automation: Support the development of advanced analytics to enhance detection and automate repeatable processes through runbooks/playbooks.
- Mentorship: Provide guidance to junior analysts, mentoring the team in investigative techniques and pattern recognition.
Required Skills and Experience:
- Tool Experience:
- Preferably experienced with DTEX Intercept or other UEBA enterprise-level insider threat tools such as Exabeam, Splunk, Chronicle, etc.
- Familiarity with programming languages for rule creation and policy scripting is needed, with knowledge of DTEX’s proprietary language a plus (training will be provided).
- Insider Threat Analysis:
- Ability to analyze Insider Threat data, identify behavioral patterns, and create rules and policies for detection.
- Experience building or improving detection models for Insider Threat programs is highly desirable.
- Minimum of 7 years of experience in Insider Threat analysis, preferably with involvement in tool deployment and creating insider threat policies.
- Program Development: Experience with creating and implementing new policies and processes within a regulated environment is important. Experience with new tool deployments and creating a program from the ground up is highly valued.
- Scripting Knowledge: Experience with scripting languages for rule modification (e.g., Exabeam, Splunk) is essential. The role requires knowledge in programming for policy and rule configuration within detection tools.
- Regulated Environment Experience: While financial services experience is preferred, candidates from other regulated sectors such as healthcare, life sciences, or insurance will also be considered.
Qualifications:
- Experience Level: Senior-level, with at least 7 years of experience in Insider Threat analysis or a related field.
- Degree Requirements: A Bachelor’s degree or equivalent experience in a cybersecurity-related field is preferred.
- Location: Preference for candidates based in Phoenix, AZ or Lone Tree, CO, but remote candidates in other locations may be considered, with occasional travel to these offices.
Interview Process:
- The interview process will consist of two rounds: an initial screening interview with the HM or an associate, followed by a team interview.
- Client aims to onboard candidates by early Q1 2024, aligning with the project’s timeline for tool deployment.
Additional Notes:
- Work Hours: The project is planned to run over the course of a year, and client seeks to alleviate burnout through the addition of contract roles. While overtime and weekend work should not be required, candidates should be flexible in alignment with project demands.
- Mentorship and Leadership: The ideal candidates will be able to guide and mentor junior analysts, providing leadership and sharing expertise on investigative techniques and pattern recognition.