Insider Threat Analyst

As the L2 Insider Threat Analyst, the primary responsibilities will be:

• Perform advanced analysis and investigation of Insider Threat and DLP alerts across the various egress channels in both on premise and cloud environments.
• Analyse event/alert patterns to properly interpret and prioritise threats with available DLP and IRM tools and other data protection devices.
• Help Identify trends and drive requirements aimed at improving and enhancing existing DLP and IRM detection policies.
• Work closely with Cyber Defence teams such as the Global Security Operations Centre, as well as Legal, Privacy and HR teams if necessary, during investigations and incidents.
• Prepare detailed reports on security incidents, investigations, and mitigation efforts.
• Contribute to the fine tuning of rules across the detection tools by highlighting pain points to the Global Head of Insider Threat and Insider Threat Engineering Manager. 
• Contribute to the development, improvement and review of operational documents.

Secondary responsibilities:

• Other relevant tasks as designated by the Global Head of Insider Threat.
• Help coach and mentor L1 Insider Threat Analysts. 
• Provide support to projects and initiatives that enhance Insider Risk and data protection policies and standards.

Qualifications

What will you need:

• It is essential that you have in-depth experience within a Senior DLP or Insider Threat Analyst role in a global enterprise organisation. Relevant experience of minimum 3 to 5 years is required.
• Microsoft Qualifications for Purview DLP, Defender and IRM.
• Excellent operational knowledge of Purview DLP, Defender and IRM.
• Excellent analytical and investigative skills to identify complex security issues and respond at the same level with a technical understanding of when to escalate impacting security events.
• Ability to identify trends and patterns in data usage behaviour.
• Must possess excellent oral communication and writing skills.
• Must be self-motivated and capable of independent work while operating in a geographically and culturally diverse peer group.
• Must possess good stakeholder management skills.
• Must exhibit a history of reliability and strong decision-making skills due to the trust imparted as an Insider Threat analyst.

Beneficial:

• Understanding of data protection laws, regulations, and compliance requirements (e.g., GDPR, CCPA, HIPAA).
• Industry certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Privacy Professional (CIPP).
• Proficiency in using security tools and technologies such as SIEM, EDR and forensic analysis tools.
• Familiarity with KQL may also be beneficial for automating tasks and conducting advanced analysis.
• Prior experience in cyber security roles in areas such as incident response, threat detection or security operations.
• Understanding of risk scoring.

To be added by the recruiter