L2 Insider Threat Analyst

Requirements

• Indepth experience within a Senior DLP or Insider Threat Analyst role in a global enterprise organization.
• Relevant Microsoft Qualifications for Purview DLP Defender and IRM.
• Excellent operational knowledge of Purview DLP Defender and IRM.
• Excellent analytical and investigative skills to identify complex security issues and respond at the same level with a technical understanding of when to escalate impacting security events.
• Ability to identify trends and patterns in data usage behavior.
• Must possess excellent oral communication and writing skills.
• Must be selfmotivated and capable of independent work while operating in a geographically and culturally diverse peer group.
• Must possess good stakeholder management skills.
• Must exhibit a history of reliability and strong decisionmaking skills due to the trust imparted as an Insider Threat analyst.
• Amenable to work in a hybrid setup (2x WFH/week) in Taguig

Beneficial:

• Understanding of data protection laws regulations and compliance requirements (e.g. GDPR CCPA HIPAA).
• Industry certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Privacy Professional (CIPP).
• Proficiency in using security tools and technologies such as SIEM EDR and forensic analysis tools.
• Familiarity with KQL may also be beneficial for automating tasks and conducting advanced analysis.
• Prior experience in cyber security roles in areas such as incident response threat detection or security operations.
• Understanding of risk scoring.

About the Role

As part of the Cyber Defence department this role will investigate Insider Threat and Data Loss Prevention (DLP) cases that have been escalated by our L1 Insider Threat team. Reporting to the Global Head of Insider Threat the L2 Insider Threat Analyst role is suited to someone who has strong Microsoft Purview DLP and Insider Risk Management (IRM) analyst experience. It is a businessfacing role and requires working proactively with stakeholders and colleagues to investigate Insider Threats and DLP cases.

Scope:

• Perform advanced analysis and investigation of Insider Threat and DLP alerts across the various egress channels in both onpremise and cloud environments.
• Analyse event/alert patterns to properly interpret and prioritize threats with available DLP and IRM tools and other data protection devices.
• Help Identify trends and drive requirements aimed at improving and enhancing existing DLP and IRM detection policies.
• Work closely with Cyber Defence teams such as the Global Security Operations Centre as well as Legal Privacy and HR teams if necessary during investigations and incidents.
• Prepare detailed reports on security incidents investigations and mitigation efforts.
• Contribute to the finetuning of rules across the detection tools by highlighting pain points to the Global Head of Insider Threat and Insider Threat Engineering Manager.
• Contribute to the development improvement and review of operational documents.

Secondary responsibilities:

• Other relevant tasks as designated by the Global Head of Insider Threat.
• Help coach and mentor L1 Insider Threat Analysts.
• Provide support to projects and initiatives that enhance Insider Risk and data protection policies and standards.

Remote Work :

No