Insider Threat Senior Analyst

Location:

Our Cyber Threat Management team rolls up into Keys broader Cyber Defense function within Corporate Information Security. Cyber Defenses mission is simple: We aim to Deter Detect Deny and Disrupt adversaries through proactive threat-centric defense.

The Senior Insider Threat and Threat Hunting Analyst is a key member of the Cyber Threat Management (CTM) team. This role has responsibilities across both Insider Threat and Threat Hunting functions with a primary focus on Insider Threat and a secondary focus on Threat Hunting.

In this role you will perform handson technical analysis related to insider threat investigations and proactive threat hunting activities. You will also play a critical role in maturing both programs by assessing current capabilities identifying potential enhancements and recommending improvements to processes tools and detection strategies. This position blends deep technical execution with strategic program development to strengthen KeyBanks overall threat posture.

You will develop and maintain a deep understanding of the insider threat and cyber threat landscapes by utilizing threat intelligence related to insider threats along with threat actor Tactics Techniques and Procedures (TTPs) and their associated threats to support mitigation efforts while leveraging frameworks such as MITRE ATT&CK. This position requires strong insider threat and threat hunting investigation skills and advanced knowledge of cybersecurity fundamentals and concepts. Success in this role demands an independent thorough and adaptable individual who can deliver accurate and complete intelligence outputs.

Key Responsibilities

• Hands-on experience in Insider Threat including conducting sensitive investigations use case development detection development and Insider Threat platforms such as User and Entity Behavior Analytics (UEBA) User Activity Monitoring (UAM) Security Information and Event Management (SIEM) or similar technologies.
• Conduct comprehensive monitoring and analysis of insider threat indicators. Preserve evidence prepare detailed reports and present findings to key stakeholders including HR and Legal.
• Hands-on experience in designing and executing proactive hypothesis-driven threat hunts across endpoints networks and cloud environments leveraging threat intelligence and behavioral indicators to uncover hidden threats.
• Apply deep knowledge of attacker tactics techniques and procedures (TTPs) to build proactive detections and alerts for potential adversary activities leveraging threat intelligence and analytical insights.
• Skilled in using security platforms such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) along with the ability to analyze logs from diverse sources including Windows Linux cloud environments and network devices.
• Drive the evolution of the Insider Threat and Threat Hunt programs by advising on best practices maintaining thorough documentation enhancing metrics and implementing improvements to increase organizational resilience.
• Good knowledge of the cyber threat landscape (financial sector experience is beneficial) and the ability to communicate those threats to senior leadership technical and non-technical audiences.
• Apply frameworks (Ex. MITRE ATT&CK) to enhance detection and response.
• Leverage automation to enhance intelligence gathering and processing utilizing scripting languages and standardized frameworks such as Python APIs and STIX/TAXII.
• Produce written reports threat assessments and briefings for technical and non-technical stakeholders.
• Collaborate closely within and outside of the CTM team.
• Participate as needed in technical incident response activities.
• Actively engage in tabletop exercises and red/blue/purple team activities.
• Interface with stakeholders withing Cyber Defense the broader security organization and those outside of security such as technology fraud HR and other lines of business partners.
• Provide mentorship and technical guidance to junior analysts and cross-functional partners.
• Lead by example in fostering a culture of curiosity rigor and continuous learning within these functions.

Required Qualifications

• Bachelors in Computer Science Cybersecurity or related fieldor equivalent experience
• 5 years in Insider Threat and/or Threat Hunting roles.
• Strong analytical research and writing skills.

• Proficiency with Insider Threat and Threat Hunting tools along with experience with log analysis.

• Deep understanding of the MITRE ATT&CK framework and adversary TTPs.
• Strong ability to communicate concisely effectively and directly with executive management.
• Ability to work independently and escalate risks appropriately.

Preferred Certifications

• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Cybersecurity Analyst (CySA)
• CompTIA Security

COMPENSATION AND BENEFITS

Please click here for a list of benefits for which this position is eligible.

Key has implemented an approach to employee workspaces which prioritizes in-office presence while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing