Insider Threat Investigator III - Remote

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

Description:
 

Leads investigations and coordinates resources necessary to support those on-going investigations. Drive Insider Threat Program through on-going development of Insider Threat Program to drive tooling, data efficacy, detections, high fidelity alerting, and investigations. All investigative work will require leveraging a combination  of electronic evidence, internal resourcing, and conversations/interviews with potential subjects.   The investigator must be comfortable with investigating insiders across complex technology stacks, working with incomplete facts, organizing investigative tasking, driving investigative direction, and the tenacity to bring cases to closure. 

What Part Will You Play?

• Applies knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.

• Fully understands typical insider threat actor profiles, the typical indicators associated with those profiles, and be able to synthesize them to develop innovative techniques to detect insider threat actor activity. investigative work will require leveraging a combination  of electronic evidence, internal resourcing, and conversations/interviews with potential subjects

• Drive the Insider Threat Program leveraging investigative data to policy, drive tooling, data efficacy, detections, high fidelity alerting, and investigative practice.

Minimum Qualifications:

• 3-5 years of insider threat and insider investigation experience 
• Experience with conducting complex corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
• Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
• Experience with cross cutting technology stacks that include both on-prem and cloud resources
• Willingness and ability to travel domestically and internationally up to 10-20% of the time
• Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials

Preferred Qualifications:

• 5-7 years of insider threat and insider investigation experience with prior law enforcement background
• Experience with conducting complex corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
• Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
• Experience with cross cutting technology stacks that include both on-prem and cloud resources
• Willingness and ability to travel domestically and internationally up to 10-20% of the time
• Certifications- CERT ITPM, GCFA, CFCE, CFI, CFSR, or Similar Credentials
• GCP, AWS, and Azure Professional Experience with certification
• Experience with scripting languages like Python, Perl, Bash, or Powershell
• Experience making remediation recommendations based on industry practice surrounding PCI, SOX, PHI, PII, GDPR, GLBA, and NIST CyberSecurity Framework

Desired Skills & Capabilities:

• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible
• Strong written and oral communication skills across varying levels of the organization
• Excellent judgment and the ability to make quick decisions when working with complex situations
• Understand insider tactics, techniques and procedures(TTP) to aid in discovery and analysis
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Performing Log forensics to discover insider TTP reactively to alerting
• Conducting Forensic Interviews of subjects and Witnesses
• Establishing and Maintaining Chain of Custody as well as collecting and preserving evidence
• Insider Threat Program Management and Development based on evolving threats and business operating environments
• Conduct proactive data discovery for new trends among possible insider threat actors
• Author targeted playbooks for new/changed investigative processes
• Managing cross functional teams to include by not limited to: Human Resources Professionals, Legal, Digital Forensic Analysts, Corporate Security, and Impacted Business Units
• Developing Detections and Alertings for Insider Activity across SIEM and UEBA Controls
• •Investigating across complex technology stacks consisting of a blend of components ranging from IAAS, PAAS, FAAS, SAAS across multiple cloud providers
• Proficient use of scripting with one or more programming language including Python, PowerShell, JavaScript and Bash.

Global Payments Inc. is an equal opportunity employer.

Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.