Insider Threat DevOps III

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

Description

Identify current Insider Tactics, Techniques, Procedures (TTP) by working with investigators, analysts, and available data to develop capabilities for detection and prevention.  This role will drive the Insider Threat Program by assuring data efficacy, creating high fidelity alerting, and providing tooling for Insider Threat Analysts.  All capability development will follow internal agile/scrum/flex practices and leverage existing CI/CD infrastructure to achieve scalability and robustness for the Insider Threat Program.  

Minimum Qualifications:

• 3-5 years of DevOp or DevSecOP Experience, 1-2 year of experience doing capability development for cyber security or insider threat

• Oversee design, development, maintenance and support of our pipelines, which support our Continuous Integration and Deployment of Insider related Capabilities for Detection and prevention

• Perform Threat-modeling & risk analysis based on direct interaction with investigators, analysts, and available data for all business segments 

• Provide training and assistance with playbook development for emerging threats and their related detections

• Work with stakeholders to define and drive continuous improvements in policies, procedures, and technical controls related to the Insider Threat Program

• Experience with User and Entity Behavior Analytics (UEBA), Security Information Event Management (SIEM), and Data Loss Prevention (DLP) principles

• Knowledge of NIST Cyber Security Framework, computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.

• Experience with scripting languages like Python

• Experience with infrastructure as code languages like Terraform

Preferred Qualifications:

• 3-5 years of DevOp or DevSecOP Experience, 2-3 year of experience doing capability development for cyber security or insider threat, law enforcement background preferred

• Oversee design, development, maintenance and support of our pipelines, which support our Continuous Integration and Deployment of Insider related Capabilities for Detection and prevention

• Perform Threat-modeling & risk analysis based on direct interaction with investigators, analysts, and available data for all business segments 

• Provide training and assistance with playbook development for emerging threats and their related detections

• Subject Matter Expert in infrastructure, development, operations, security and quality assurance, with proven experience with DevOps and Agile practices.

• Work with stakeholders to define and drive continuous improvements in policies, procedures, and technical controls related to the Insider Threat Program

• Experience with User and Entity Behavior Analytics (UEBA), Security Information Event Management (SIEM), and Data Loss Prevention (DLP) principles

• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.

• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM

• Experience with cross cutting technology stacks that include both on-prem(VMware) and cloud resources (AWS, GCP, AZURE, Oracle Cloud)

• Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials

• GCP, AWS, and Azure Professional Experience with certification

• Experience with scripting languages like Python, Perl, Bash, or Powershell

• Experience with infrastructure as code languages like Terraform, Ansible, Puppet 

• Experience making remediation recommendations based on industry practice surrounding PCI, SOX, PHI, PII, GDPR, GLBA, and NIST CyberSecurity Framework
   

Desired Skills & Capabilities:
 

• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible 
• Strong agile development background with experience supporting cyber security or insider threat operations
• Excellent judgment and the ability to make quick decisions when working with complex situations
• AWS Experience in an IaC environment,
• CI/CD GitOps experience (Jenkins, Terraform)
• Understand insider tactics, techniques and procedures(TTP) to aid in discovery and analysis
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Performing data analysis to discover insider TTP reactively to alerting
• Insider Threat Program Management and Development based on evolving threats and business operating environments
• Conduct proactive data discovery for new trends among possible insider threat actors
• Developing Detections and Alertings for Insider Activity across SIEM and UEBA Controls
• Developing capabilities across complex technology stacks consisting of a blend of components ranging from IAAS, PAAS, FAAS, SAAS across multiple cloud providers
• Proficient use of scripting with one or more programming language including Python, PowerShell, JavaScript and Bash.
• Proficient use of scripting with one or more programming infrastructure as a code languages including Terraform, Kubernete Manifests, Anseble, Puppet

Global Payments Inc. is an equal opportunity employer.

Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.