• 3-5 years of insider threat and insider investigation experience
• Experience with conducting complex corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
• Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
• Experience with cross cutting technology stacks that include both on-prem and cloud resources
• Willingness and ability to travel domestically and internationally up to 10-20% of the time
• Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials

Preferred Qualifications:

• 5-7 years of insider threat and insider investigation experience with prior law enforcement background
• Experience with conducting complex corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
• Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
• Experience with cross cutting technology stacks that include both on-prem and cloud resources
• Willingness and ability to travel domestically and internationally up to 10-20% of the time
• Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials
• GCP, AWS, and Azure Professional Experience with certification
• Experience with scripting languages like Python, Perl, Bash, or Powershell
• Experience making remediation recommendations based on industry practice surrounding PCI, SOX, PHI, PII, GDPR, GLBA, and NIST CyberSecurity Framework

Desired Skills & Capabilities:

• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible
• Strong written and oral communication skills across varying levels of the organization
• Excellent judgment and the ability to make quick decisions when working with complex situations
• Understand insider tactics, techniques and procedures(TTP) to aid in discovery and analysis
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Performing Log forensics to discover insider TTP reactively to alerting
• Conducting Forensic Interviews of subjects and Witnesses
• Establishing and Maintaining Chain of Custody as well as collecting and preserving evidence
• Insider Threat Program Management and Development based on evolving threats and business operating environments
• Conduct proactive data discovery for new trends among possible insider threat actors
• Author targeted playbooks for new/changed investigative processes
• Managing cross functional teams to include by not limited to: Human Resources Professionals, Legal, Digital Forensic Analysts, Corporate Security, and Impacted Business Units
• Developing Detections and Alertings for Insider Activity across SIEM and UEBA Controls
• *Investigating across complex technology stacks consisting of a blend of components ranging from IAAS, PAAS, FAAS, SAAS across multiple cloud providers
• Proficient use of scripting with one or more programming language including Python, PowerShell, JavaScript and Bash.