Insider Threat Investigator III - Remote
Georgia - Remote
Global Payments
Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
Description:
Leads investigations and coordinates resources necessary to support those on-going investigations. Drive Insider Threat Program through on-going development of Insider Threat Program to drive tooling, data efficacy, detections, high fidelity alerting, and investigations. All investigative work will require leveraging a combination of electronic evidence, internal resourcing, and conversations/interviews with potential subjects. The investigator must be comfortable with investigating insiders across complex technology stacks, working with incomplete facts, organizing investigative tasking, driving investigative direction, and the tenacity to bring cases to closure.
What Part Will You Play?
Applies knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
Fully understands typical insider threat actor profiles, the typical indicators associated with those profiles, and be able to synthesize them to develop innovative techniques to detect insider threat actor activity. investigative work will require leveraging a combination of electronic evidence, internal resourcing, and conversations/interviews with potential subjects
Drive the Insider Threat Program leveraging investigative data to policy, drive tooling, data efficacy, detections, high fidelity alerting, and investigative practice.
Minimum Qualifications:
- 3-5 years of insider threat and insider investigation experience
- Experience with conducting complex corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
- Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
- Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
- Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
- Experience with cross cutting technology stacks that include both on-prem and cloud resources
- Willingness and ability to travel domestically and internationally up to 10-20% of the time
- Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials
Preferred Qualifications:
- 5-7 years of insider threat and insider investigation experience with prior law enforcement background
- Experience with conducting complex corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
- Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
- Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
- Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
- Experience with cross cutting technology stacks that include both on-prem and cloud resources
- Willingness and ability to travel domestically and internationally up to 10-20% of the time
- Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials
- GCP, AWS, and Azure Professional Experience with certification
- Experience with scripting languages like Python, Perl, Bash, or Powershell
- Experience making remediation recommendations based on industry practice surrounding PCI, SOX, PHI, PII, GDPR, GLBA, and NIST CyberSecurity Framework
Desired Skills & Capabilities:
- Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible
- Strong written and oral communication skills across varying levels of the organization
- Excellent judgment and the ability to make quick decisions when working with complex situations
- Understand insider tactics, techniques and procedures(TTP) to aid in discovery and analysis
- High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
- Performing Log forensics to discover insider TTP reactively to alerting
- Conducting Forensic Interviews of subjects and Witnesses
- Establishing and Maintaining Chain of Custody as well as collecting and preserving evidence
- Insider Threat Program Management and Development based on evolving threats and business operating environments
- Conduct proactive data discovery for new trends among possible insider threat actors
- Author targeted playbooks for new/changed investigative processes
- Managing cross functional teams to include by not limited to: Human Resources Professionals, Legal, Digital Forensic Analysts, Corporate Security, and Impacted Business Units
- Developing Detections and Alertings for Insider Activity across SIEM and UEBA Controls
- •Investigating across complex technology stacks consisting of a blend of components ranging from IAAS, PAAS, FAAS, SAAS across multiple cloud providers
- Proficient use of scripting with one or more programming language including Python, PowerShell, JavaScript and Bash.
Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics AWS Azure Bash CASB CERT CFCE Cloud EDR Forensics GCFA GCP GDPR GLBA IaaS IDS Incident response IPS JavaScript MITRE ATT&CK NIST PaaS Perl PowerShell Python SaaS Scripting SIEM SOX Travel
Perks/benefits: Career development Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs