Insider Risk Analyst

Insider Risk Analyst

Responsibilities

• Lead or support insider risk investigations, including evidence preservation and forensic analysis.
• Leverage AI / ML to quickly assess potential threats and enable proactive, informed decisions, including blocking suspicious activities like unauthorized data transfers or flagging risky user behavior.
• Ability to utilize AI / ML and identify, assess, and mitigate potential security threats posed by individuals, leverage AI-driven solutions to analyze data, pinpoint risky behaviors, and generate actionable insights and recommendations for program resilience and mitigation strategies.
• Facilitate and support the coordination and response to active insider threats, collaborating with counterintelligence, threat intelligence, and law enforcement teams.
• Correlate behavioral, contextual, and technical indicators to identify and assess potential insider threat incidents.
• Support investigations by collecting and analyzing digital evidence, documenting findings, and escalating matters to the appropriate parties.
• Monitor user activity data and alerts to identify potential indicators of insider threats. Analyze system logs, network traffic, and endpoint alerts for suspicious activity.
• Correlate data from multiple sources (including user and entity behavior analytics (UEBA), data loss prevention (DLP), security information and event management (SIEM) tools, and endpoint detection and response (EDR) solutions) to detect anomalies and patterns indicative of insider threats.
• Develop and implement detection methods and strategies, including risk scoring and threat analysis tools, and refine alerts based on triage results, understanding of insider threats, and current events.
• Work closely with internal teams such as CISO Operations, Legal, Human Resources, and Counterintelligence, as well as external partners, to address and resolve insider risk incidents.

Technical Skills

Preferred Qualifications