Responsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.
Job Profile Summary - Insider Threat Analyst
As an Operational Information Security Specialist, you will be responsible for supporting information security and risk activities for Operational Security Management.
We are looking for a user/entity behavior analytics (UEBA) insider threat analyst to be part of our Cyber Emergency Response Team (CERT). Our insider threat analyst role would be part of our insider team that is responsible for the monitoring of threats that pose a risk of data exfiltration, misuse of company assets, workplace violence, infrastructure sabotage, corporate espionage, and other emerging insider threats. As an insider threat analyst, you will work with our team of cyber investigators to develop and tune alert policies for our UEBA and security applications, develop strategies for detection and response, triage and escalate alerts, and collaborate with our Security Operation Center (SOC).
You will be part of the CERT/Insider threat team, located in the UK. This post will be located at the UK facility in Sunbury. This role requires 60% of the work week in our local bp offices while up to 40% can be remote.
Essential Experience and Job Requirements
- Strong problem-solving skills as applied to technical solutions
- Relevant experience of information security and risk
- Sound technical knowledge of network, application, and system security controls and logging
- Respond, triage, and escalation of policy violations from our UEBA monitoring applications.
- Analyze policy violations for behavioral trends and patterns to find anomalies and identify gaps in monitoring.
- Documentation of investigation from initial triage and through response and remediation using case management systems.
- Tuning of UEBA policies to improve accuracy and reduce false positives.
- Playbook development for triage, incident response, and remediation of policy violations.
- Identifying new data sources to provide additional context and alerting.
- Development of metrics and analysis briefings for presentation to management and stake holders.
- Engage with teams across the bp enterprise including the Security Operation Center (SOC) and Cyber Intelligence (CI) teams as necessary.
- Seeks opportunities for continuous improvement within the specialism in response to internal and external developments and working with team members to identify continuous improvement plans.
Bachelor's degree (e.g., Information Security, Network Security, Information Assurance, Information Technology, Computer Science) or equivalent experience and/or qualifications.Technical capability:
Leadership and EQ
- Deep technical analysis ability.
- Skilled at reviewing security data and ability to recognize threats related to insider activities.
- Skilled in user and entity trend analysis related to malicious activities.
- Skilled at accuracy tuning for UEBA application policies.
- Knowledge of triage, incident response, handling procedures and remediation.
- Knowledge of the tooling related to UEBA and logging technologies.
- Knowledge of the insider threats and risks impacting our industry.
- Knowledge of cyber-attack stages and techniques used by insider threats.
- Knowledge of industry standard forensic investigative tools and techniques.
- Exceptional written and verbal communication skills.
- You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
- You are an effective teammate, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences
- You continually enhance your self-awareness and seek input from others on your impact and effectiveness
- Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time
- COMPTIA Security+ / CYSA+ CASP+
- SANS Certification GSOC; GCIH
- CISSP Certification and accreditation
- Please note, the correct experience level for this role is intermediate