Sr. Insider Threat Investigator

Company Description

Experian is the world’s leading global information services company. During life’s big moments - from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers - we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.

**Job Description**:
The insider threat investigator is an essential part of Experian’s Cyber Fusion Center (CFC), and will lead proactive, predictive, and reactive data analysis and investigation of threats to Experian’s environment by leveraging data analysis expertise using an array of analytical tools. This role will drive efficacy of security operations through analysis of alerts and associated tools to identify false positives, improve precision rates, and streamline tooling and investigations effectiveness and impact.

Being responsible for conducting data analysis of insider threat auditing and monitoring software resources and remediate escalated events to detect and identify insider risk activities. In addition, you will be required to complete investigations by analyzing and verifying information through various investigative techniques, internal resources, and conversations/interviews with persons of interest. The investigator should be comfortable working with incomplete facts, be able to quickly rationalize and drive clarity, translate to actionable tasks, and demonstrate tenacity by working assigned investigations through to completion.

**Responsibilities**:

- Utilize next generation tools and technology to conduct behavioral analytics assessments and root cause analysis for insider and data loss threats.
- Author concise and written reports and executive summaries for leadership on cases and incidents
- Manage high risk information security incidents by working in conjunction with response partners and other risk teams
- Conduct root cause analysis of
- Conduct data analysis to determine next steps for containment, eradication, and recovery of risk and data loss incidents.
- Conduct analysis and root cause analysis of alerts and associated tools and data to identify false positives, drive precision rate improvement to streamline investigations effectiveness and impact.
- Conduct proactive data analysis and research on emerging trends to determine prevalence of threats in Experian’s environment.
- Work with partner teams on internal threat detection and response projects.
- Author playbooks for new/changed investigative processes.
- Collaborate with CFC teams to improve and automate processes.

**Required Skills**:

- Understanding of core current cybersecurity technologies as well as emerging capabilities.
- Analyze data and evaluate relevance to an specific incident under investigation
- Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
- Effectively communicates investigative findings to non-technical audiences
- Ability to interact with and lead discussions with senior Experian executives across different functions and lines of business
- Ability to manage high risk regional information security incidents by working in conjunction with response partners and other risk teams
- Ability to navigate and work effectively across a complex organization that is geographically dispersed
- Maintain an awareness of industry challenges and advancements in order to add value to existing technologies and processes used within the team
- Create and implement countermeasures to specific weaknesses against known adversarial TTPs

**Qualifications**:

- 5-7 years of insider threat and insider investigation experience, and experience working in an Cyber Fusion Center environment.
- Proficiency with running queries in Splunk and building dashboards to create proactive tracking of threats.
- Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
- Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE Att&ck framework, and cyber security principles.
- Experience with security monitoring technologies, such as DLP, CASB, UEBA, SIEM, IPS/IDS.
- Investigative data analysis expertise and ability to detect threat patterns and risks.
- Experience with corporate investigations, security operations, incident analysis, incident handling, incident or vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration.
- Experience with conducting complex investigatio