Vacancy expired!
- Teams focus on Data Loss Prevention, Threat Protection and Cyber Countermeasures by creating and supporting applications that protects the firm from various exploits including but not limited to spam/phishing message, malware, and malicious web site.
- A team member that is moving from his Internal Threat group to another group within the organization and is needing to backfill.
- Ideally the manager needs this analyst to have experience with Data Loss Prevention with a focus on Microsoft DLP and Fidelis. Splunk experience good as well
- "We are looking for a security analyst that has experiencing creating Data Loss Prevention rules. Familiarity with our main DLP platforms (Microsoft 365/Microsoft DLP, MCAS, Fidelis, Splunk, Splunk Phantom, Splunk UBA) would be great. Of greatest importance is their ability to analyze DLP rules for effectiveness and be able to tune them to increase the CLIENT/accuracy of the rules."
- Creating DLP rules and policies is key for this
- Enterprise Cyber Security is a central Information Security organization within CLIENT serving the Enterprise as a whole. Enterprise IT Security Engineering provides consulting, new product review and selection, certification and detailed control design services to the Enterprise Cyber Security organization and the IT Enterprise of CLIENT.
- ECS – Internal Threat is seeking an experienced security analyst with operational experience responding to security incidents in a production environment with a focus on Data Loss Prevention (DLP. The successful candidate must be able to bring together/document and review complex DLP requirements, implement system alerts against these requirements and performing in-depth forensics upon alert review to identify data ex-filtration violations, behaviors and patterns. This role will involve working closely with security engineering, architecture and incident management teams to help mitigate risk across our CLIENT’s computing environment.
- Responsible for high quality architecture, implementation and analysis of Insider Threat detection, response and remediation technologies – unifying and standardizing Cybersecurity Insider Threat policies and practices across the enterprise
- Be instrumental in technology and policy implementation, tuning and oversight of Insider Threat processes across all insider threat technologies executed in the firm, particularly in cutting edge analytics space
- Degree or equivalent experience in Computer Science, Engineering or related field
- 3-5+ years operational experience responding to security incidents in a production environment
- Authoritative skills and knowledge of cyber security threats and charges, incident response, network and host-based control technologies.
- Experience coordinating at least one enterprise endpoint or infrastructure DLP solution.
- Knowledge and experience with systems administration and automation with modern scripting languages and environments such as Python, Perl, PowerShell and others.
- Knowledge of Data Repository Architecture (EDMS, SharePoint, O365, OneDrive, etc…)
- Knowledge of the security threat landscape, especially network and server threats
- Strong knowledge of TCP/IP
- Strong knowledge of the Windows and / or Linux operating systems
- Log & data analysis and reporting
- Knowledge of Active Directory – Security and Group Policy Design
- Detailed knowledge of O365, Azure infrastructure and Azure AD
- Detailed Knowledge of MCAS/CASB
- Solutions centric skills for the MS cloud spaces
- Excellent verbal and written communication skills
- Strong in problem solving and analytical skills
- Ability to work on multiple projects by prioritizing and results oriented approach
- A standout colleague with flexibility required for support operations
- Must be a quick learner and adapt to new tools and technology
Vacancy expired!