What are the responsibilities and job description for the Threat Incident Response Analyst position at TekWissen LLC?
Overview:
TekWissen is a global workforce management provider headquartered in Ann Arbor, Michigan that offers strategic talent solutions to our clients world-wide. Our client is a global operator, franchisor, and licensor of hotel, residential, and timeshare properties. The company is primarily focused on management, franchising, and licensing of its lodging properties. It also occasionally develops, acquires or renovates hotel and residential properties, directly and through partnerships, joint ventures, and other business structures with third parties.
Position: Threat Incident Response Analyst
Location: Bethesda, MD, 20814
Duration: 7 Months
Job Type: Contract
Work Type: Remote
Job Description:
JOB SUMMARY
- The Manager, Insider Threat Incident Response Analyst will respond to potential insider threat incidents by reviewing/analysing data from a variety of data security and data loss prevention tools; and collaborating with multiple areas of the business to determine root cause of the events to make recommendations on how to improve our data loss prevention systems to mitigate insider risk.
- Knowledge of payment card data, personally identifiable information (PII), and other sensitive data types is required.
- Through a strong understanding of insider threat behaviour and data security events and incidents, helps track and manage metrics (KPI/KRI) to ensure the advancement of the program across the enterprise, while mitigating risk to the organization.
Required Experience and Education
- 5 years of experience in Information Security
- 3 years of experience in cybersecurity and/or insider threat incident response that must include experience in:
- Experience with data loss/information protection solutions (Splunk, Netskope, Microsoft O365, etc.)
- Identification of potential insider threat tools, tactics, and procedures (TTPs)
- Security data analysis from a variety of sources and tools, including contributing to DLP policy/alert creation and maintenance.
- 1 year of experience with Windows log analysis and memory forensics Network traffic analysis
- Undergraduate degree in computer science or related field, or equivalent work experience
- Ability to work flexible schedule that may include shift work.
Attributes and Preferred Experience:
- Development of incident response assessments and other similar reporting (demonstrated writing & comms skills).
- Experience in a similarly sized organization with significant complexity.
- Strong time management skills to balance multiple activities.
- Security Certification (i.e., GCIH, GCFA, CCSP, OSCP, etc.)
- Experience with DLP tools and/or methodologies to enhance insider threat incident response procedures.
- Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.
CORE WORK ACTIVITIES
- Conducts data security incident analysis in support of client's Insider Threat Management Program, working to help develop and maintain "playbooks" to ensure effective and efficient response processes and procedures.
- Handle escalations from internal and external sources to quickly triage and respond to potential insider threat incidents, as needed.
- Develop and present comprehensive reports for both technical, executive, and non-security stakeholder audiences.
- Provide technical subject matter expertise related to projects and initiatives that advance the maturity and capability of client's security program.
- Develop and follow detailed operational processes and procedures to appropriately analyze, escalate and assist in the remediation of information security-related incidents.
- Apply technical acumen and analytical capabilities to speed and enhance response.
- Work in a flexible environment, including shift work, as required to meet business and operational needs.
TekWissen Group is an equal opportunity Employer supporting workforce diversity.
