Job Description :
Works with Business Unit Security Officers to review DLP events.
Investigate user behavior to determine if activity is abnormal or part of existing practice using multiple tools (previous DLP events, Splunk etc
Essential Responsibilities:
escalate appropriate events
escalate egregious or malicious behavior to CIRT for further investigation/remediation
Collection of metrics; break down behavioral trends by department, policy, etc. and report metrics
Investigate ways to improve event detection
find methods to circumvent current detection rules and suggest changes accordingly
Basic Qualifications/Requirements:
Preferred experience in:
Symantec DLP
Splunk
Python
IDS/IPS
Network Experience
Experience using Insider Threat Tools (ex. Data Loss Prevention, User Behavior Analytics, etc
Understanding of cyber- tactics, technologies, and procedures to counter insider threats
Awareness of the latest cyber security trends and developments
Knowledge of Incident Response procedures
Detailed understanding of Cyber Crime, Hacktivist, APT and Insider Threat associated tactics
Strong oral and written communications skills
Strong analytical & evaluative thinking
Strong Interpersonal and leadership skills
The ability to work in a fast paced environment to include the translation of complex concepts and issues into messaging easily understood by senior leadership
Strong analytical skills/problem solving/conceptual thinking
Ability to conduct multi-source investigations in collecting and analyzing qualitative and quantitative data
Ability to work independently on initiatives with little oversight. Motivated and willing to learn
Must be comfortable effectively communicating intelligence to technical and non-technical audiences