TIAA Lead Cybersecurity Analyst, Insider Threat in CHICAGO, Illinois
TIAA is a unique financial partner. With an award-winning track record for consistent performance, TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. TIAA has $1 trillion in assets under management (as of 9/30/2018) and offers a wide range of financial solutions, including investing, banking, advice and guidance, and retirement services.
Insider Threat Management Operations (TMO) Analysts are required to keep an open mind and pivot quickly between activities based on priorities and ongoing intelligence. They need to be able to reach across teams to help drive understanding out of complex problems. Insider TMO Analysts need to keep a focused goal of producing intelligence, briefings, and recommendations for the tracking and completion of hunts and situations. They need to be creative in the face of gaps, and then help identify, consult, and support the resolution of gaps. This individual needs to have a history of utilizing logs, tools, and manual processes to compare normal activity against malicious activity. They have to be able to think up creative ways to assess intention and actions, even during limited or fragmented data.They need to trust their instincts, and know when to keep diving into a problem to define the existence and intention of adversary activity. Lastly, this role will help grow automation efforts on the team through custom tool development, and by providing requirements and support to partner teams who share similar goals.
KEY RESPONSIBILITIES AND DUTIES:
Actively hunt for threats in the environment andcollaborate findings with a variety of high caliber teams.
Work with partner teams and internal customersto gather preliminary investigative data, in order to assess the validity ofthe threat, and determine if further allocation of investigative resources isneeded.
Utilize standard investigative techniques togather, analyze, and work with teams to prove or disprove the allegation(s)with data.
Create a concise, consumable report for bothtechnical and non-technical customers. detailing the factual outcome of theinvestigation.
Brief internal customers (Information Technology,Human Resources, Legal, etc.) on relevant findings on a need to know basis asdetermined by the sensitivity of the investigation or as mandated by thebusiness.
Assist internal customers & partner teamswith any follow-up efforts that are within the investigation’s scope.
Contribute to ongoing intelligence gatheringefforts
Apply business logic and user logic as a factorduring data analysis to determine risk, threat, and impact possibilities.
Suggest new tool opportunities, methodologies,and improvements for hunting both insider or external threat-actors.
Develop upon opportunities by designing,deploying, and maintaining tools, artifacts, and procedures.
7 or more years experience in at least one ofthe following areas; threat intelligence, threat hunting, data analysis,security monitoring, host or network forensics.
3 or more years of work with technical investigations/response,insider threats, or law enforcement investigations.
2 or more years of experience working with atleast one of the following enterprise security solutions: Security Informationand Event Management, Data Loss Prevention, Endpoint Detection & Response,or UBA (User Behavior Analytics).
Degree in mathematics, computer science, orother engineering discipline.
Strong knowledge and/or experience with User EntityBehavior Analytical solutions
3+ years of experience conducting and managinginvestigations, both insider and threat-actor based
Strong interpersonal skills, able to communicatewith a wide range of technical and non-technical partners.
Standing relationships with industry associationsrelevant to the position.
Excellent written and oral communication skills.Must be able to contribute to intelligence reports, briefings, roadmaps, andlong-range planning documents.
Equal Employment Opportunity is not just the law, it’s ourcommitment. Read more about the.
If you need assistance applying due to visually or hearingimpaired, please email.
We are an Equal Opportunity/Affirmative Action Employer. We willconsider all qualified applicants for employment regardless of age, race,color, national origin, sex, religion, veteran status, disability, sexual orientation,gender identity, or any other legally protected status.
- Requisition ID: 1718454
Post Date: Apr 15, 2019
- TIAA Jobs