Cyber Defense Incident Responder

Role Cyber Defense Incident Responder (Senior Level)

Location Arlington VA Hybrid

Required Skills:

• 2 years of investigations work experience involving insider risk investigations security incident response technical investigations intellectual property investigations and/or financial fraud investigations.
• 35 years of experience in UEBA and/or Splunk Enterprise Security
• 7 years of experience in Cyber Security domain
• Experience thriving in a heavily regulated environment
• Experience in Splunk content development and Splunk Search Processing Language (SPL)
• Knowledge of Machine Learning (ML) and how it applies to Insider Risk programs.

Preferred Skills: Splunk ES/UBA

Daytoday Responsibilities:

• Assist in maturing an Insider Risk Programs operational support including the development of playbooks and workflows for monitoring against potential insider risks developing detection use cases and conducting incident analysis.
• Implement federal government and industry standards and best practices regarding insider risk programs including development and maintenance of OCISO programmatic gap analyses and implementation roadmaps.
• Assist in the creation of Gap Analysis on current tool usage for the Insider Risk program and make recommendations based on industry best practices and client organization.
• Develop and maintain a convergence model for insider risk mitigation that reduces risk to clients personnel and assets.
• Develop and improve insider risk modeling that leverages Splunk User Behavior and Entity Analytics (UEBA) Data Loss Prevention (DLP) Splunk Enterprise Security (ES) Microsoft Purview Machine Learning and automated solutions in place.

Expected Deliverables:

• Develop and improve insider risk modeling that leverages Splunk User Behavior and Entity Analytics (UEBA) Data Loss Prevention (DLP) Splunk Enterprise Security (ES) Microsoft Purview Machine Learning and automated solutions in place.
• Develop and expand situational playbooks that leverage clients automated capabilities.
• Leverage excellent interpersonal skills to coordinate with clients business and technology leaders to develop and maintain programmatic solutions to insider risk.
• Lead and assist in the investigation of all incidents involving insider risk.

Education: BS minimal

investigations work,financial fraud investigations,Cyber Security,UEBA and/or Splunk