Sr. Specialist, Information Security Analyst – Insider Threat Detection and Analytics
Asa global investments company, BNY Mellon can act as a single point of contactfor clients looking tocreate, trade, hold, manage, service, distribute or restructure investments,and safeguards nearly one-fifth of the world's financial assets. Every day, ourTechnology employees make this happen while also seeking out new ways to do itmore efficiently and effectively.
As part of BNY Mellon's global Technologyorganization, you'll have the opportunity to engage with some of the best andbrightest, technology, business, and financial minds to find new and betterways to exceed our clients' expectations and build the future of financialservices. With more than 230 years of industry leading experience under ourbelts, you might even say that we are the original fintech.
At BNY Mellon, cybersecurity is a top priority for both technology and the business. The members of the Information Security Division are on constant alert, using their creativity and knowledge of cybersecurity, technology and business processes to develop and deliver creative solutions. In this fast-paced environment, staff collaborate to respond to current risks, while identifying and anticipating future threats. Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security). Together with the CISO and his leadership team, staff provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise. We help our businesses, the bank's executive team, and our board of directors understand cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation.
Sr. Specialist Information Security Analyst->> Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities. Ensures that all significant security concerns are addressed. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives. Position overview
: This is a Sr. Insider Threat Hunter/Detection engineer role which will be an integral part of the dynamic, fast-paced Cybersecurity Threat Detection team. A successful candidate will bring a positive, passionate attitude to the team's playbook and threat hunting initiatives by leveraging rich threat-hunting and Insider Threat detection tools & techniques experience. This is a challenging yet rewarding position that provides an opportunity to leverage cutting edge technologies in pursuit of a vital mission that protects people, sensitive information/intellectual property and the security posture of the bank. Key responsibilities and deliverables:
Responsible for understanding the Insider Threat Landscape andapplying innovative solutions to address threats using analytics
Triage data of anomalous events collected by User BehaviorAnalytics (UBA), User Activity Monitoring (UAM), DLP, Splunk technologies andother tools to decipher underlying trends or uncover anomalies and discernobscure patterns and attributes of potential Insider threat activities.
Performs independent assessments, ensuring that the processesand designs of BNY Mellon systems will be effective, functional and secure withthe ability to deter, protect, detect and mitigate Insider threats.
Must demonstrate knowledge of tactics, techniques and proceduresassociated with malicious Insider threat activity, i.e., fraud, theft,sabotage, espionage, etc.
Partner with other Cybersecurity Operations & Technologyfunctions in conducting threat modeling exercises or in-depth assessments andtests against networks, endpoints, applications, etc., to find flaws withpeople/process/technology controls and prevent Insider threats from materializing.
Provide guidance on potential Insider threat investigations toprogram stakeholders on methodologies/techniques.
Day to day management of playbook content lifecycles includingcustomer interactions and priority, content creation, testing & tuning,version/value documentation, and finally, user-acceptance testing andeffectiveness analytics.
Utilize Git repositories to store, comment, and version onplaybooks with Threat Detection customers including the Security OperationsCenter, Insider Threat, and Splunk Engineering among other teams.
Collaborate with cross-functional teams of legal, privacy, HR,ethics, Cybersecurity/Technology, Corporate Security and other programstakeholders to ensure customer issuesand priorities are engaged via playbook work pipeline; ensure playbookprocesses are continually maturing including triage, escalation, incident, andchange management.
Prepares reports, presentations, research and other programdeliverables related to Insider threat program.
Engage in ongoing research in security tools, techniques, andprocedures, as well as advance Threat Detection initiatives based on aggressivesecurity principals, machine learning algorithms, and threat mitigationtechniques.
Ownership to reproduce, respond, document, and improve reportedplaybook issues as reported by Insider Threat team or customers.
Additionalresponsibilities will include:
- Collecting, analyzing and interpreting qualitative andquantitative data from multiple sources for the purpose of documentinginvestigations, analyzing findings and provide Insider threat metrics.
- Collaboratewith Insider Threat team, Threat detection team, Operations and otherstakeholders to develop innovative Insider Threat capabilities to enhance ourproactive and reactive analytical processes.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
- Expert-level understanding of Insider Threat detection, networksecurity and traffic analysis, hunting for malicious activity and initiatingresponse actions.
Demonstrable experience with Insider Threat detection technologiesand tools such as Splunk, UBA, UAM, DLP, etc.
Splunk-ES threat detection content development experiencerequired
Active listening and collaborative skillswith various audiences, including direct team members, security team andexecutive stakeholders, in order to perform hunt and content development.
- Demonstrable competency with InfoSecfundamentals including Lockheed Kill chain and MITRE ATT&CK-based analytics.
- Experience with Social Intel or open sourceIntel for Insider Threat detection.
- Demonstrable Threat hunting experience
- Demonstrable Incident Response Workflowexperience
- Fundamental understanding of InfoSec threatsharing including IoCs, artifacts, and forensic techniques
- Exceptional problem solving capabilitiesand strong documentation, communication skills both verbal and non-verbal
- Ability to self-manage workload and goalsindependently in a fast-paced, multi-threaded, and deadline-driven organization
- Passion for communication and attention todetail, research, and articulate, value-driven reporting
- Proficiency in Microsoft Office suite, including high-quality visualpresentation of data within PowerPoint and Visio
- Bachelor's degree in computer science or a related discipline, orequivalent work experience required, advanced degree preferred, 8-10 years ofexperience in information security or related technology experience required,experience in the securities or financial services industry is a plus.
Minorities/Females/Individuals With Disabilities/Protected Veterans. Primary Location:
United States-New York-New York Internal Jobcode:
Information Technology Organization:
Information Security-HR11724 Requisition Number: