L2 Insider Threat Analyst
Taguig, National Capital, Philippines
We are seeking passionate people to grow the Cyber Security team within WTW and provide an excellent service and trusted expertise to all parts of our business. We have an exciting opening for a skilled and experienced L2 Insider Threat Analyst.
As part of the Cyber Defence department, this role will investigate Insider Threat and Data Loss Prevention (DLP) cases that have been escalated by our L1 Insider Threat team. Reporting to the Global Head of Insider Threat, the L2 Insider Threat Analyst role is suited to someone who has strong Microsoft Purview DLP and Insider Risk Management (IRM) analyst experience. It is a business facing role and requires working proactively with stakeholders and colleagues to investigate Insider Threat and DLP cases.
The Role
- Perform advanced analysis and investigation of Insider Threat and DLP alerts across the various egress channels in both on premise and cloud environments.
- Analyse event/alert patterns to properly interpret and prioritise threats with available DLP and IRM tools and other data protection devices.
- Help Identify trends and drive requirements aimed at improving and enhancing existing DLP and IRM detection policies.
- Work closely with Cyber Defence teams such as the Global Security Operations Centre, as well as Legal, Privacy and HR teams if necessary, during investigations and incidents.
- Prepare detailed reports on security incidents, investigations, and mitigation efforts.
- Contribute to the fine tuning of rules across the detection tools by highlighting pain points to the Global Head of Insider Threat and Insider Threat Engineering Manager.
- Contribute to the development, improvement and review of operational documents.
Secondary responsibilities:
- Other relevant tasks as designated by the Global Head of Insider Threat.
- Help coach and mentor L1 Insider Threat Analysts.
- Provide support to projects and initiatives that enhance Insider Risk and data protection policies and standards.
The Requirement
- It is essential that you have in-depth experience within a Senior DLP or Insider Threat Analyst role in a global enterprise organisation.
- Relevant Microsoft Qualifications for Purview DLP, Defender and IRM.
- Excellent operational knowledge of Purview DLP, Defender and IRM.
- Excellent analytical and investigative skills to identify complex security issues and respond at the same level with a technical understanding of when to escalate impacting security events.
- Ability to identify trends and patterns in data usage behaviour.
- Must possess excellent oral communication and writing skills.
- Must be self-motivated and capable of independent work while operating in a geographically and culturally diverse peer group.
- Must possess good stakeholder management skills.
- Must exhibit a history of reliability and strong decision-making skills due to the trust imparted as an Insider Threat analyst.
Beneficial:
- Understanding of data protection laws, regulations, and compliance requirements (e.g., GDPR, CCPA, HIPAA).
- Industry certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Privacy Professional (CIPP).
- Proficiency in using security tools and technologies such as SIEM, EDR and forensic analysis tools.
- Familiarity with KQL may also be beneficial for automating tasks and conducting advanced analysis.
- Prior experience in cyber security roles in areas such as incident response, threat detection or security operations.
- Understanding of risk scoring.
WTW is an Equal Opportunity Employer
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CCPA CIPP CISSP Cloud Compliance EDR GDPR HIPAA Incident response Privacy Risk management SIEM Threat detection
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Security Consultant jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open DevSecOps-related jobs