Job Description

The Insider Threat Investigator will monitor, detect, investigate, and respond to anomalous events and behaviors that may pose risk to the company. This role will analyze threat intelligence, develop use cases, conduct data analysis, execute complex investigations, drive detection engineering, write reports, advise on preventative controls, and collaborate with multiple internal teams.

Responsibilities

• Investigate anomalous activity for potential insider risk
• Advise and assist in the onboarding and implementation of custom tooling
• Create and maintain a use case library
• Create standard operating procedures and cross-functional processes
• Prepare investigative reports and briefings
• Maintain chain-of-evidence and engage with External Law Enforcement, when required
• Lead training or other education and awareness opportunities

Requirements

• 7+ years of experience in federal law enforcement, incident response, or insider threat investigations
• Experience with endpoint detection and network technologies, SOAR/SIEM platforms, UEBA platforms, UAM, and DLP tools
• Deep experience in conducting ethical, legal, complex investigations
• Understanding of cloud and distributed IT environments
• Familiarity with log sources, forwarders, parsing, and data pipelines
• Experience partnering with cross functional teams to support an investigation
• Excellent understanding of information security operations related frameworks and standards
• Excellent verbal and written communication, presentation, and stakeholder management skills
• Relevant certifications

Benefits

• No benefits