Insider Threat Analyst
Vienna, VA

Job Description

Email Job Description

Basic Purpose

The Insider Threat Analyst will provide focused technical services concerning the detection, triage and investigation of potential insider threat behaviors and activities. The analyst will work as part of a team within the Cyber Security Operations Center and focus on access abuse, mishandling of intellectual property and similar lines of effort. The objective of this effort is to reduce the likelihood and potential impact careless, reckless or malicious behaviors that can introduce harm to the organization's data and information, resources, infrastructure and operations.

Responsibilities:

* Support the daily operations of the Insider Threat Agent Program - Cyber:
* Triage and review
* Threat Hunting
* Case Management


* Monitor for and detect potential insider threats from behavior analytic use cases, various log sources, and defined risk thresholds
* Monitor and detect unauthorized data exfiltration/transfer, and access, from various DLP and security technologies
* Perform insider threat investigations by using various security technologies to recreate a representation of a user or entities digital activity
* Aid in the coordination of insider threat investigations from detection to resolution, leveraging various internal and external support teams such as HR, Fraud, Legal, and Privacy
* Interpret corporate policies to identify activity which does not follow policy, or does not meet required controls
* Identify gaps in data controls, configurations, or network perimeters, and recommend resolutions
* Identify opportunities to correlate data across multiple sources in order to identify activity which has a strong probability of indicating an insider threat
* Review and take a proactive approach to false positive and work with the various Security teams to tune and provide feedback to improve accuracy of the alerts.
* Takes an active part in the resolution of events, even after they are escalated
* Collaborate with technical teams for security incident remediation and communication
* Conducts security research on threats and remediation methods
* Contributes to strategic planning to evaluate, deploy or update security technologies
* Contributes to program maturity by identifying inefficiencies and solutions for process improvements
* Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review
* Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
* Provide awareness and debriefing to senior management.

Qualifications:

Required:

* Strong customer relations skills.
* Developed communication skills.
* Strong understanding of insider threat behaviors, correlations and data requirements.
* Foundational understanding of investigative processes, confidentiality and evidence-handling.
* Foundational understanding of insider threats within financial services.
* Foundational understanding on behavioral analytics (theory, application, and analysis).
* Foundational understanding of the relationship between insider threat and Incident Response.
* Foundational ability to conduct triage of security events for insider threat behaviors
* Strong understanding of the role of digital forensics support to insider threat operations.
* Working understanding of information derived from:
* Data Loss Prevention
* Security Information and Event Management
* Endpoint Detection and Response
* File/database activity
* Network traffic
* User and Entity Behavioral analytics


* Ability to develop and track security metrics (performance / effectiveness)
* Ability to handle sensitive situations with discretion and employ high ethical standards
* Ability to evaluate business procedures and security processes for potential opportunities for insider exploitation

Desired:

* Insider threat program experience
* Incident response experience
* Security certifications (CEH, Security +, CISSP, etc)
* Bachelor's degree in related field or comparable work experience

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability

Disclaimer

Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.