Job Information

TIAA Senior Cybersecurity Specialist, Incident Response in CHARLOTTE, North Carolina


TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.


The Senior Information Security Incident Response Specialist within the Cyber Investigations organization will report into the Manager of the Insider Threat Detection Team. The Insider Threat Detection team is made up of mostly generalist security practitioners who often fit the description of “jack of all, master of none”. The team handles anything that comes their way whether that be monitoring an employee, recovering deleted data, acquiring employee communications sessions or even developing new detections methods to identify risky behavior.

This person will support the establishment and execution of the insider threat program. They will conduct user activity and network monitoring based on the results of data analysis, or specific inquiries from stakeholders including Human Resources, Internal Audit and other investigative partners. The Specialist must be able to identify potential data leaks and determine if information constitutes a violation any company policies related to Personal Identifiable Information (PII) or Intellectual Property (IP). Evaluate user activity to determine if the activity is within the user’s day to day responsibility or potentially an abuse of privilege or unauthorized.


  • Conduct and triage anomalous events of concern usingindustry data loss prevention tools to include User and Entity BehaviorAnalytics (UEBA) and User Activity Monitoring (UAM) capabilities.

  • Provide guidance on potential Insider threatinvestigations to program stakeholders on methodologies/techniques.

  • Collaborate with cross-functional teams of HR, InternalInvestigation, Legal, and Compliance.

  • Prepares reports, presentations, research and otherprogram deliverables related to Insider threat program.

  • Receive, evaluate and initiate the processing of cyberforensic investigations

  • Identification of root cause in partnership with peergroups on remediation of control gaps/failures

  • Maintain an awareness of industry challenges andadvancements in order to add value to existing technologies and processesused within the team

  • Search and seizure of physical and logical evidence

  • Imaging of hard disk drives and other digital storagemedia

  • Digital forensic examination and analysis

  • Recovery of deleted files and folders, internethistory, deleted emails, identification of attached devices, analysis ofevent logs and proxy logs

  • Network packet capture and analysis

  • Mentor junior analysts

  • Potential travel (occasional) related to investigativeneeds.

  • Propose and execute program initiatives, andcollaborate with key stakeholders to create business value

  • User activity monitoring

  • Develop strategies to improve the efficiency andconsistency of service delivery

  • Maintain a strong focus on case logs, repeatability andchain of custody

  • Provision of report and statements in clear unambiguouslanguage

  • Interact with and lead discussions with executivesacross different functions and lines of business


Required Skills:

  • Minimum 7 years’ of IT experience

  • Minimum 4 years of overall experience inCybersecurity

  • Minimum 2 years’ experience working with enterpriseat least one of the following SIEM tools; Splunk, ArcSight, LogRhythm, FireEye,CrowdStrike or UEBA User and Entity Behavior Analytics

Desired Skills(Preferred, not required):

  • Mix of intelligence, threat analysis, investigativeexperience, and technical skills related to cyber security and insiderthreats

  • Demonstrate knowledge of tactics, techniques andprocedures associated with malicious Insider threat activity, i.e.,privilege abuse, compromised account, etc

  • Strong knowledge of User Behavior Analytical conceptsand products

  • Working knowledge of Data Loss Preventioncontrols (e.g. Symantec, McAfee, Websense)

  • Proven ability to self-direct project outcomes, withminimal supervision, to achieve program goals.

  • Working knowledge of conducting a forensicsinvestigation

  • Hands on experience with an Incident Management Tool(RSA Archer, ServiceNow)

  • Hands on experience with user activity monitoring toolssuch as ObserveIT, Veriato 360, Exabeam, Securonix or similar product

  • Experience with databases, SQL, and data visualizationtools

  • Experience with Windows, MacOS, Linux, iOS

  • Working knowledge of reviewing Windows, MacOS, or *NIXlogs

  • Ability to build consensus and cooperation as well asthe ability to interact, influence, and negotiate with leadership withinthe firm.

  • Ability to navigate and work effectively across acomplex organization.

  • Experience in financial services including Retirements,Retail/Commercial banking, or another other financial institution line ofbusiness (Brokerage, Insurance, or Asset Management)

  • Good understanding of data privacy laws and experienceinteracting with Legal and Compliance professionals

  • Bachelor’s degree

  • Possess one or more of the following certifications:CFCE, CCE, EnCE, ACE, GCFA, CISSP, CFE or similar IT securitycertifications

Equal Employment Opportunity is not just the law, it’s our commitment. Read more about the.

If you need assistance applying due to being visually or hearing impaired, please email.

We are an Equal Opportunity/Affirmative Action Employer. We will consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other legally protected status.

Additional Information

  • Requisition ID: 1723403

Company: TIAA

Post Date: Nov 14, 2019