Insider Investigations Analyst

Job Description: • Participate in confidential insider risk investigations and support the Insider Risk Team Program via triage and investigation of detections • Create and implement insider risk related detections and assist in the development of detection criteria through ASM • Perform detailed investigations reviewing data from multiple sources (network, host, open source) • Communicate with end users regarding potential policy violations and assist in data recovery efforts • Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs) • Handle confidential or sensitive information with appropriate discretion • Assist in regular and sustained alert tuning efforts to minimize false positives • Ensure all investigations are properly documented and tracked in case management systems • Support Incident Response lifecycle via triage, live response, containment, escalation, and after-hours on-demand support • Identify security controls coverage and efficiency gaps in available data/logs and tooling • Provide information security summaries containing security metrics as required • Participate in incident response, manage escalations, and drive process development and documentation for the Incident Response lifecycle Requirements: • Experience with data classification or risk scoring methodologies • Excellent verbal and written communication skills with attention-to-detail • Ability to triage and manage 2-3 investigations simultaneously • Ability to work independently and coordinate with multiple internal departments • Experience responding to security event alerts, front-line analysis and escalation • Theoretical and practical knowledge with Mac, Linux, and Windows operating systems • Theoretical and practical knowledge with TCP/IP networking and application layers • Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation • Experience with access/application/system log analysis, IDS/IPS alerting and SIEM-based workflows • Experience with security data collection, processing, and correlation • Scripting experience (Bash, PowerShell, etc.) • Experience with REGEX and data stream editing binaries (SED, AWK, etc.) • Experience with host database enumeration and analysis (SQL, SQLITE3) • Experience with network analysis (TCPDump, TSHark/WireShark, etc.) • Experience with basic static and dynamic host analysis (Order of Volatility, etc.) • Experience with basic files analysis (permissions, ownership, metadata) • Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes • Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience • Obtained or pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science • Desire to continually grow and expand both technical and soft skills • Contributing thought leader within the incident response industry • Ability to foster a positive work environment and attitude • Bonus: scripting experience in Python or Perl • Bonus: Experienced user of Splunk or Falcon LogScale query language • Bonus: Experience with user behavior analytics and profiling tools or methodologies • Bonus: Experience creating and tuning detection/alert logic to reduce false positives • Bonus: Experience in data loss prevention, data classification, and knowledge of common data loss vectors • Bonus: Previous project management experience desirable Benefits: • Remote-friendly and flexible work culture • Market leader in compensation and equity awards • Comprehensive physical and mental wellness programs • Competitive vacation and holidays for recharge • Paid parental and adoption leaves • Professional development opportunities for all employees regardless of level or role • Employee Networks, geographic neighborhood groups, and volunteer opportunities • Vibrant office culture with world class amenities • Eligibility for bonuses, equity grants, and a comprehensive benefits package • Health insurance • 401k (retirement) Apply tot his job