Insider Risk Engineer Cyber

Job Title:

Insider Risk Engineer - Cyber

Location:

CityScape

What youll do:

As a Insider Risk Engineer - Cyber youll work both independently and as part of a cohesive team to manage and provide ownership of innovative threat detection security audit and logging solutions. Youll take the lead to communicate collaborate and justify cyber recommendations to a broad base of stakeholders throughout the IT Cyber and Audit department. Western Alliance Banks Insider Risk Program is a strategic initiative within the Security Risk & Compliance function supporting the banks growth into a Large Financial Institution. It focuses on identifying preventing and mitigating risks to the bank and its customers that may arise from inadvertent or intentional actions by employees contractors or third parties.

As the Insider Risk Engineer youll be a key member of a multidisciplinary team that partners closely with Data Security the Security Monitoring Center Privacy Legal and HR among others. Youll manage the full stack (front end and back end) of applications utilized to help Western Alliance Bank prevent detect and respond to insider risk events of interest. Youll own the review and development of new processes and technologies to enhance the programs ongoing maturity. Additionally youll lead the continuous review and improvement of the defense auditing access standards tactics and techniques to meet regulatory guidelines as well as owning the resiliency of insider risk applications and platforms via routine disaster recovery exercises. Youll partner with vendors routinely to optimize insider risk products as well as ensure costs/licenses do not exceed expectations while maintaining capacity planning to ensure quality and value delivery of insider risk program objectives.

• Proactively identify and fix issues to improve backend service scalability resiliency and fault tolerance. Respond to insider risk events of interest in a timely manner alongside team members and key stakeholders. Respond to audit inquiries and ensure processes and procedures are within regulatory guidelines.
• Foster the highest level of engineering practices and follow relevant company procedures in addition to being held accountable for relevant documentation.
• Design and implement advanced detection logic to surface subtle behavioral anomalies indicative of insider risk across diverse data sources.
• Continuously refine and tune Insider Risk policies to reduce false positives and improve signal-to-noise ratio in alerting workflows.
• Engineer scalable data pipelines to ingest normalize and correlate identity access and activity data for risk modeling.
• Collaborate with security monitoring threat intelligence and modeling teams to incorporate contextual enrichment and behavioral baselines into Insider Risk analytics.
• Prototype and evaluate emerging technologies (e.g. ML models graph analytics) to enhance Insider Risk detection capabilities.
• Revisit Insider Risk tooling architecture design routinely with vendor and peers to either or all: minimize cost optimize performance scale and meet new requirements.

What youll need:

• 6 years of related experience in IT--Security IT--App Support IT--Development or similar field.
• Bachelors degree in related field required.
• Previous leadership experience preferred.
• Advanced knowledge of general Financial Services or Banking is preferred.
• Advanced to expert experience with and knowledge of Linux Python PowerShell SIEM and Bash. Solid understanding of authentication protocols SAML SSO and LDAP. Solid understanding of concepts regarding SIEM SOAR Firewall Proxies SSL/TLS Secure Mail Gateways Application Firewalls NAC Vulnerability Scanners and EDR.
• Advanced experience with logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
• Solid understanding of load balancers DNS SMTP etc. for troubleshooting application functionality.
• Advanced experience of NIST MITRE and Administration of either or all of an IT Automation platform SOAR Firewall IAM platform SIEM cloud cyber defense platform etc.
• Hands-on experience deploying and operating a User & Entity Behavioral Analytics (UEBA) platform in a mid-large sized corporation preferably in Financial Services.
• Expertise building Application Program Interfaces (APIs) from source systems of record to bring technical and non-technical indicators into the UEBA.
• Intermediate - Advanced ability to query and extract data from security monitoring systems (e.g. SIEM EDR NDR etc.) for performing Insider Risk analysis.
• Experience correlating UEBA signals with identity access and data movement logs to detect anomalous behavior.
• Familiarity with government and industry best practice frameworks for managing Insider Risk (e.g. Carnegie Mellon SIFMA MITRE NIST etc.).
• Ability to translate behavioral indicators into risk scoring models and escalation thresholds.
• Experience working cross-functionally with Legal HR and Compliance teams to investigate and respond to Insider Risk cases.
• Advanced speaking and writing communication skills.

Benefits youll love:
We offer all the important things youd want like competitive salaries an ownership stake in the company medical and dental insurance time off a great 401k matching program tuition assistance program an employee volunteer program and a wellness addition youll have the opportunity to bolster your business knowledge learning the ins and outs of how successful companies operate and manage their finances giving you invaluable hands-on experience to help grow your career!

About the company:

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona Alliance Association Bank Bank of Nevada Bridge Bank First Independent Bank and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC. AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race sex color religion age nation origin marital status disability protected veteran status sexual orientation gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying please email or call . When contacting us please provide your contact information and state the nature of your accessibility issue. We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

Western Alliance Bancorporation