Job Description
Insight Global is hiring for an Incident Response Analyst with specific expertise in Data Loss Prevention and/or Insider Threat analysis. This person will respond to incidents using tools such as Netskope and splunk to analyze potential insider threats and data losses from a variety of sources and then work with other business units to determine root causes of the incidents. After reviewing and triaging incidents, this person will make recommendations on improvements to the data loss prevention systems and programs.
Knowledge of payment card data, personally identifiable information (PII), and other sensitive data types is required for this role, and experience within an enterprise organization would be preferred. Through a strong understanding of insider threat behavior and data security events and incidents, helps track and manage metrics (KPI/KRI) to ensure the advancement of the program across the enterprise, while mitigating risk to the organization.
Additional responsibilities include:
- Conducts data security incident analysis in support of our Insider Threat Management Program, working to help develop and maintain "playbooks" to ensure effective and efficient response processes and procedures.
- Handle escalations from internal and external sources to quickly triage and respond to potential insider threat incidents, as needed.
- Develop and present comprehensive reports for both technical, executive, and non-security stakeholder audiences.
- Provide technical subject matter expertise related to projects and initiatives that advance the maturity and capability of our security program.
- Develop and follow detailed operational processes and procedures to appropriately analyze, escalate and assist in the remediation of information security-related incidents.
- Apply technical acumen and analytical capabilities to speed and enhance response.
- Work in a flexible environment, including shift work, as required to meet business and operational needs.
Required Skills & Experience
- 5+ years of experience in Information Security/Cyber Security
- 3+ years of experience in Insider Threat Incident Response that must include experience in:
o Data loss/information protection solutions (Splunk, Netskope, Microsoft O365, etc.)
o Identification of potential insider threat tools, tactics, and procedures (TTPs)
o Security data analysis from a variety of sources and tools, including contributing to DLP policy/alert creation and maintenance.
- Any experience with Windows Log Analysis, Memory Forensics, and Network Traffic Analysis
- Undergraduate degree in computer science or related field, or equivalent work experience
- Ability to work flexible schedule that may include shift work.
Nice to Have Skills & Experience
- Development of incident response assessments and other similar reporting (demonstrated writing & comms skills).
- Experience in a similarly sized organization with significant complexity.
- Strong time management skills to balance multiple activities.
- Security Certification (i.e., GCIH, GCFA, CCSP, OSCP, etc.)
- Experience with DLP tools and/or methodologies to enhance insider threat incident response procedures.
- Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.