JOB TITLE: L1 Insider Threat Analyst
Work Setup: Hybrid (RTO 4x/month)
Schedule: Monday - Friday / EMEA Shift
Job Responsibilities:
- Perform initial system information analysis and triaging of Insider Threat and DLP alerts across the various egress channels in both on premise and cloud environments.
- Monitor Insider Threat and DLP alerts using available protection tools to respond, triage, and escalate as needed.
- Escalate Insider Threat and DLP alerts which require further investigation by the Global Security Operations Centre or L2 Insider Threat team.
- Adhere to established security policies and procedures while handling alerts to ensure consistency, compliance, and effective triage.
- Analyze alert patterns to properly interpret and priorities threats with available DLP and Insider Threat tools.
- Contribute to the fine tuning of rules across the detection tools by highlighting pain points to the L1 Insider Threat Manager.
- Contribute to the development and improvement of operational documents.
Secondary responsibilities:
- Other relevant tasks as designated by the L1 Insider Threat Manager.
- Provide support to projects and initiatives that enhance data protection policies and standards.
Job Requirements:
- It is essential that you have experience within a DLP or Insider Threat Analyst role in a global enterprise organization.
- Relevant Microsoft Qualifications for Purview DLP, Defender and Insider Risk Management (IRM).
- A good operational knowledge of Microsoft Purview DLP, Defender and IRM modules.
- Good analytical and triage skills to identify complex security issues and respond at the same level with a technical understanding of when to escalate impacting security events.
- Must possess requisite oral communication and writing skills.
- Must be self-motivated and capable of independent work while operating in a geographically and culturally diverse peer group.
- Must exhibit a history of reliability and good decision-making skills due to the trust imparted in them as a Insider Threat analyst.
Beneficial:
- Awareness of data protection laws, regulations, and compliance requirements (e.g., GDPR, CCPA, HIPAA).
- Entry-level Cyber Security qualifications such as Comptia Security+
- Understanding of common security tools and technologies such as SIEM.
- Prior experience in cyber security roles in areas such as incident response, threat detection or security operations.