Analyze endpoint, identity, saas, application, and network logs
Correlate events across log sources
Conduct end-to-end investigations into suspected insider risk activity such as data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources
Job Summary
Conduct end-to-end investigations into suspected insider risk activity such as data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources.
Review and analyze telemetry including endpoint, identity and authentication, SaaS, application, and network logs.
Partner with stakeholders to deploy detections and implement strategies to prevent malicious activities by improving internal controls, policies, and procedures.
Matching Summary
Conduct end-to-end investigations into suspected insider risk activity such as data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources.
Skills & Requirements
Must-have
Insider risk investigations
Analyze endpoint, identity, SaaS, application, and network logs
Correlate events across log sources
Partner with stakeholders for detection and prevention
Investigate data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources
Maintain case management system hygiene
Preserve evidence and chain of custody
Nice-to-have
Cross-functional collaboration with HR and Legal
Experience with cryptocurrency
Dealing with puzzles and creative solutions
Moving quickly with comprehensive results
Key Requirements
8+ years of experience in an investigative role
Familiarity with SIEM, UEBA, DLP, and EDR tools
Proficient in interpreting evidence and reconstructing events
Familiarity with criminal law and internal policies