Principal Information Security Analyst – Insider Threat Detection and Analytics
Primary Location: United States, New York, New York
As a global investments company, BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments, and safeguards nearly one-fifth of the world’s financial assets. Every day, our Technology employees make this happen while also seeking out new ways to do it more efficiently and effectively.
As part of BNY Mellon’s global Technology organization, you’ll have the opportunity to engage with some of the best and brightest, technology, business, and financial minds to find new and better ways to exceed our clients’ expectations and build the future of financial services. With more than 230 years of industry leading experience under our belts, you might even say that we are the original fintech.
At BNY Mellon, cybersecurity is a top priority for both technology and the business. The members of the Information Security Division are on constant alert, using their creativity and knowledge of cybersecurity, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security). Together with the CISO and his leadership team, staff provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise. We help our businesses, the bank’s executive team, and our board of directors understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation.
RELATED READ: Six Government Cyber Security Jobs for Veterans
The Information Security Division (ISD) develops and maintains the enterprise cybersecurity strategy for BNY Mellon. ISD collaborates with its colleagues across all three lines of defense, including Technology Risk Management, Internal Audit and our businesses and information technology teams. Our emphasis on collaboration ensures the development and delivery of services that are responsive to the evolving threat landscape and drive value to our customers. The successful candidate will be part of a high performance Cyber Security Analytics team within the Information Security Division of BNY Mellon. The Cyber Security Analytics team is responsible for providing platforms, analytics and visualization to the Information Security and other functional groups within BNY Mellon with goal of detecting and preventing adversarial attacks.
Position overview : This is a Sr. Insider Threat Hunter/Detection engineer role which will be an integral part of the dynamic, fast-paced Cybersecurity Threat Detection team. A successful candidate will bring a positive, passionate attitude to the team’s playbook and threat hunting initiatives by leveraging rich threat-hunting and Insider Threat detection tools & techniques experience. This is a challenging yet rewarding position that provides an opportunity to leverage cutting edge technologies in pursuit of a vital mission that protects people, sensitive information/intellectual property and the security posture of the bank.
Key Responsibilities and Deliverables
- Responsible for understanding the Insider Threat Landscape and applying innovative solutions to address threats using analytics.
- Triage data of anomalous events collected by User Behavior Analytics (UBA), User Activity Monitoring (UAM), DLP, SIEM technologies and other tools to decipher underlying trends or uncover anomalies and discern obscure patterns and attributes of potential Insider threat activities.
- Performs independent assessments, ensuring that the processes and designs of BNY Mellon systems will be effective, functional and secure with the ability to deter, protect, detect and mitigate Insider threats.
- Must demonstrate knowledge of tactics, techniques and procedures associated with malicious Insider threat activity, i.e., fraud, theft, sabotage, espionage, etc.
- Partner with other Cybersecurity Operations & Technology functions in conducting threat modeling exercises or in-depth assessments and tests against networks, endpoints, applications, etc., to find flaws with people/process/technology controls and prevent Insider threats from materializing.
- Provide guidance on potential Insider threat investigations to program stakeholders on methodologies/techniques.
- Day to day management of playbook content lifecycles including customer interactions and priority, content creation, testing & tuning, version/value documentation, and finally, user-acceptance testing and effectiveness analytics.
- Utilize Git repositories to store, comment, and version on playbooks with Threat Detection customers including the Security Operations Center, Insider Threat, and SIEM Engineering among other teams.
- Collaborate with cross-functional teams of legal, privacy, HR, ethics, Cybersecurity/Technology, Corporate Security and other program stakeholders to ensure customer issues and priorities are engaged via playbook work pipeline; ensure playbook processes are continually maturing including triage, escalation, incident, and change management.
- Prepares reports, presentations, research and other program deliverables related to Insider threat program.
- Engage in ongoing research in security tools, techniques, and procedures, as well as advance Threat Detection initiatives based on aggressive security principals, machine learning algorithms, and threat mitigation techniques.
- Ownership to reproduce, respond, document, and improve reported playbook issues as reported by Insider Threat team or customers.
Additional Responsibilitieswill Include
- Collecting, analyzing and interpreting qualitative and quantitative data from multiple sources for the purpose of documenting investigations, analyzing findings and provide Insider threat metrics.
- Collaborate with Insider Threat team, Threatdetection team, Operations and other stakeholders to develop innovative InsiderThreat capabilities to enhance our proactive and reactive analytical processes.
- Expert-level understanding of Insider Threat detection, networksecurity and traffic analysis, hunting for malicious activity and initiatingresponse actions.
- Demonstrable experience with Insider Threat detectiontechnologies and tools such as SIEM, UBA, UAM, DLP, etc.
- Previous experience with Insider Threat, threat datamanagement, data analytics, operations research is preferred
- Active listening and collaborative skills with variousaudiences, including direct team members, security team and executivestakeholders, in order to perform hunt and content development
- Demonstrable competency with InfoSec fundamentals includingLockheed Kill chain and MITRE ATT&CK-based analytics
- Experience with Social Intel or open source Intel for InsiderThreat detection.
- Demonstrable Threat hunting experience
- Demonstrable Incident Response Workflow experience
- Fundamental understanding of InfoSec threat sharing includingIoCs, artifacts, and forensic techniques
- Exceptional problem solving capabilities and strongdocumentation, communication skills both verbal and non-verbal
- Ability to self-manage workload and goals independently in afast-paced, multi-threaded, and deadline-driven organization
- Passion for communication and attention to detail, research,and articulate, value-driven reporting
- Proficiency inMicrosoft Office suite, including high-quality visual presentation of datawithin PowerPoint and Visio
- Bachelor’s degree incomputer science or a related discipline, or equivalent work experiencerequired
- Advanced degree preferred
- 10-12 years of experience in InformationSecurity or related technology experience required
- Experience in thesecurities or Financial Services industry is a plus
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world’s financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It’s the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-New York-New York
Internal Jobcode: 45183
Michelle writes about cyber security as well as how to protect data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers