Cybersecurity Investigator

Experian is a global information services company that empowers consumers and clients to manage their data with confidence. We help individuals take financial control, businesses make smarter decisions, and organizations prevent identity fraud and crime.

The Cyber Fusion Center (CFC) is a critical component of Experian's cybersecurity efforts, and the Insider Threat Investigator plays a key role in leading proactive, predictive, and reactive data analysis and investigation of threats to Experian's environment.

Responsibilities include:

• Utilizing next-generation tools and technology to conduct behavioral analytics assessments and root cause analysis for insider and data loss threats.
• Authoring concise and written reports and executive summaries for leadership on cases and incidents.
• Managing high-risk information security incidents by working in conjunction with response partners and other risk teams.
• Conducting root cause analysis of alerts and associated tools and data to identify false positives, drive precision rate improvement, and streamline investigations effectiveness and impact.
• Conducting proactive data analysis and research on emerging trends to determine prevalence of threats in Experian's environment.
• Working with partner teams on internal threat detection and response projects.
• Authoring playbooks for new/changed investigative processes.
• Collaborating with CFC teams to improve and automate processes.

Required skills include:

• Understanding of core current cybersecurity technologies as well as emerging capabilities.
• Analyzing data and evaluating relevance to a specific incident under investigation.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
• Effectively communicating investigative findings to non-technical audiences.
• Ability to interact with and lead discussions with senior Experian executives across different functions and lines of business.
• Ability to manage high-risk regional information security incidents by working in conjunction with response partners and other risk teams.
• Maintaining an awareness of industry challenges and advancements in order to add value to existing technologies and processes used within the team.
• Creating and implementing countermeasures to specific weaknesses against known adversarial TTPs.

Qualifications include:

• 5-7 years of insider threat and insider investigation experience, and experience working in a Cyber Fusion Center environment.
• Proficiency with running queries in Splunk and building dashboards to create proactive tracking of threats.
• Experience with User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE Att&ck framework, and cybersecurity principles.
• Experience with security monitoring technologies, such as DLP, CASB, UEBA, SIEM, IPS/IDS.
• Investigative data analysis expertise and ability to detect threat patterns and risks.
• Experience with corporate investigations, security operations, incident analysis, incident handling, incident or vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration.