Seize the opportunity to elevate cybersecurity by leveraging your expertise in threat analysis and incident response to safeguard critical data and systems. 

 

As a Security Operations Associate - Data Loss Prevention and Insider Threat within the Cybersecurity team, you will be pivotal in safeguarding the organization's digital assets and infrastructure. Your role involves proactively detecting, evaluating, and addressing threats, vulnerabilities, and security incidents. Utilizing your knowledge of security principles, practices, and theories, you will collaborate with cross-functional teams to develop cohesive security strategies and educate employees on best practices, policies, and procedures. Your contributions will directly influence departmental outcomes as you plan and ensure progress, identify information gaps, and conduct analyses to resolve complex cybersecurity challenges. By applying your advanced analytical, technical, and problem-solving skills, you will drive continuous improvement in our cybersecurity posture, ensuring the integrity, confidentiality, and availability of sensitive data and systems.

 

The Data Loss Prevention Triage team performs many functions of data security at the firm. They review prioritized alerts generated from monitoring systems, conduct investigations and work with teams to ensure appropriate outcome, assist in technology and process improvements, collaborate with the content development team to refine detection and prioritization capabilities, analyze trends and patterns in DLP activity, and work with stakeholders to mitigate data loss risks and cyber insider threats across all lines of business.

 

Job Responsibilities:

Perform daily real-time monitoring and analysis of internal security events adhering to standard operating procedures to ensure timely detection and response. Review network and endpoint DLP events to assess risk and impact, delivering findings in a clear and concise manner. Conduct thorough security investigations, analyzing logs, network traffic, and other data sources to identify root causes, assess impact, and gather evidence for response and mitigation. Collaborate with cross-functional teams to develop and implement coordinated security strategies, policies, and procedures, while educating employees on best practices.

Required Qualifications, Capabilities, and Skills:

2+ years of experience in cybersecurity operations or a related field, with a focus on DLP and insider threat detection. Bachelor Degree in Computer Science/Information Systems/Engineering or related disciplines Demonstrate experience in network traffic analysis, PCAP analysis and log analysis to identify anomalous behavior associated with insider threats and respond to security incidents. Strong Investigative mindset with the ability to follow data and build cases, supported by foundational knowledge of cybersecurity practices, operations, risk management processes, principles, architectural requirements, engineering, threats, and vulnerabilities, including incident response methodologies. Proficiency in using Splunk or similar for log analysis, developing queries, correlations, dashboards and automation. Strong analytical skills, ability to interrogate large data sets and interpret various security, application and system logs. Ability to collaborate with high-performing Agile teams and individuals throughout the firm to achieve goals.

Preferred Qualifications, Capabilities, and Skills:

Knowledge of Data Loss Prevention (DLP), including experience developing risk-aligned DLP monitoring rules, familiarity with DLP systems and products, or experience on a security assurance operations team performing DLP triage operational functions. Foundational knowledge of computer forensics, legal, government, and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing. Foundational knowledge of cloud computing, computer network defense, external organizations and academic institutions dealing with cybersecurity issues, financial authorities and regulations, identity management, incident management, information assurance, information management, information systems, network security, and infrastructure design. Ability to analyze vulnerabilities, threats, designs, procedures, and architectural design, producing reports and sharing intelligence. Knowledge and experience related to Insider Threat monitoring and operations. Proficiency in scripting to automate tasks, implement controls, and manipulate data. Possession of recognized industry certifications such as CISSP, CISM, CISA, CCSP, CSX-S, CSX-E would be desirable