This job has expired, please see additional jobs below
Associate
Prudential Securities
Roseland, NJ, United States
Job Details - this job has expired, please see similar jobs below
Description
Intro:
The Cyber Security Operations Center (CSOC) within the Information Security Office (ISO) of Prudential is looking for a talented CSOC Insider Threat Analyst. As a CSOC Insider Threat Analyst, you would be functioning as part of the Blue team (Defensive Cyber Ops, or in this case Cyber-Enabled Insider Threat Detection). This position is much more than just watching an incident queue or actioning incidents. You will have the opportunity to develop integrations, correlations, and SIEM/UEBA content to better protect the environment. The CSOC, and the larger ISO, are dynamic teams that look for self-motivated talent, meaning the CSOC will embrace and leverage the background and skill sets you bring to the table to better the overall organization.
Ideal candidates will enjoy solving complex puzzles (also known as security or insider incidents) in a fast-paced Information Security environment. Ideal candidates are comfortable working in a potentially high stakes environment, while working off potentially incomplete/not ideal information/conditions. Candidates will be working under an experienced management team that has collectively over 25 years of InfoSec experience and has lived the life of an analyst.
Additionally, ideal candidates would utilize their background in analytics and information security to model on-network authentication, data movement, and web activity in a cutting-edge niche of behavioral analytics. From creating and implementing detection models to remediating incidents for this cross functional security program, candidates will have opportunities to become involved in building bad actor scenarios, misuse cases, mapping cyber observables to intent, and conceptualizing tool chain requirements from atomic events through fully formed incidents.
The purpose of this CSOC Insider Threat Analyst role is to analyze Internal Threat Detection [ITD] security alerts, engineer new ITD data models, onboard new data sources from the SIEM [Security Information & Event Management] platform. While, operating, managing, and maintaining the User Entity Behavior Analysis (UEBA) platform in support of the ITD program.
Besides the more traditional ITD work, the candidate will have opportunities to become involved in the configuration of the tools/products used by the CSOC to better the CSOC as a whole. By joining the Prudential CSOC, the candidate will have the opportunity to not just join a rapidly evolving team but provide their input towards the direction of the organization.
Shifts: This position would follow a normal Eastern Time US 9am to 5pm schedule, Monday to Friday.
Location: This position is located in Roseland, NJ, with an expectation analysts will be working on site.
Training: Prudential believes in growing our staff while continuing to develop them into more senior positions as they progress.
Expectations:
• Responsibility for developing and operationalizing ITD use cases
• Operating and extending the UEBA platform models and scenarios
• ITD alert analysis tuning/configuration and event mitigation/remediation, Including creation and coordination of TTPs [tools / techniques / procedures]
• Create TTPs for the internal threat detection ITD program
• Develop, execute, and maintain standard operating procedures (SOPs) for program
• Work with CSOC / HTIU (High Tech Investigation Unit) personnel in support of cross functional Security investigations
• Perform gap analysis of capability development scenarios and current tooling/data sources to make recommendations to reduce the risk from internal threats
• Collaborate with ISO, HTIU, CSOC, and other groups in the enterprise to identify and document controls, processes, and security event monitoring opportunities
• Perform analysis, classification, and mitigation of ITD event alerts
• Tune platform and data sources to high fidelity UEBA alert signals and risk scores
• Review and refine behavioral contexts behind internal threat incidents
• Develop and transform behavioral context patterns into models for internal threat events
• Collect & analyze data [to / from Splunk] to enrich and correlate UEBA patterns
• Evaluate and run proof of concepts in development environments
• Model data movement, authentication, and web activity events and event sets
• Develop dashboards, data cubes, action plans, watchlists, and workflow queues
• Track, develop matrices, and report on effectiveness of tool scenarios and risk vectors
Qualifications
Basic/Required Qualifications:
• Bachelor's degree in Information Technology, Information Security, Computer Science, or a related discipline; OR 2 years equivalent direct work-related experience in lieu of a degree
• Entry level (0-2 yrs.) experience in a corporate IT environment in addition to a degree
• Information Security skillset, passion, experience, and/or background
• Analytics experience, skillset, and/or background
• Experience with and/or exposure to Splunk
• Network and enterprise application operations familiarity
• Strong technical capability in Windows & Linux environments
• Organized, attentive to detail, with planning and deductive reasoning skillset
• Technical writing, communication & presentation skills to non-technical audiences
• Team player that can work with team members and businesses around the world in different time zones and with a diverse cultural background while being respectful of local customs
Desired Qualifications:
• Experience in infrastructure security log analysis and correlation
• Splunk & Splunk Enterprise Security data onboarding skills
• Transforming & mapping data [data munging] - onboarding data sources
• Scripting capability [e.g. Python, Perl, R, PowerShell]
• MSSQL, REST, Data Warehousing, analysis cubes, MDX
• Understanding of identity compromise, account entitlements, and service accounts
• Knowledge of internal threat scenarios, exploits and vulnerabilities
• Knowledge of ports, protocols, & services typical in web servers, file servers, and workstations
• Understand and be able to create queries to support data correlation
• Independent-thinker who works well within team environment and works with stakeholders to ensure the ITD program is successful
• Familiar with UEBA concepts and other security tooling platforms.
• Ability to identify patterns in data and translate those patterns into ITD indicators
Bonus Qualifications:
• Language experience with any of the following: Japanese, Korean, Portuguese, Spanish, or Chinese
• A background in Information Security and Incident Response is highly desired
• Splunk, SQL, MDX query development experience highly desirable