This job has closed.

KeyBank · 1 day ago

Insider Threat and Threat Hunting Senior Analyst (Senior Information Security Consultant)

Amherst, NY

Full-time

Onsite

Senior Level

$94K/yr - $175K/yr

7+ years exp

KeyBank is seeking an Insider Threat and Threat Hunting Senior Analyst to join their Cyber Threat Management team within Corporate Information Security. This role focuses on both technical insider threats and threat hunting, requiring hands-on technical skills and the ability to enhance existing programs through evaluation and recommendations.

Banking

Responsibilities

Hands-on experience in designing and executing proactive, hypothesis-driven threat hunts across endpoints, networks, and cloud environments, leveraging threat intelligence and behavioral indicators to uncover hidden threats

Apply deep knowledge of attacker tactics, techniques, and procedures (TTPs) to build proactive detections and alerts for potential adversary activities, leveraging threat intelligence and analytical insights

Skilled in using security platforms such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM), along with the ability to analyze logs from diverse sources including Windows, Linux, cloud environments, and network devices

Hands-on experience in Insider Threat, including conducting sensitive investigations, use case development, detection development and Insider Threat platforms such as User and Entity Behavior Analytics (UEBA), User Activity Monitoring (UAM), or similar technologies

Conduct comprehensive monitoring and analysis of insider threat indicators. Preserve evidence, prepare detailed reports, and present findings to key stakeholders, including HR and Legal

Drive the evolution of the Insider Threat and Threat Hunt programs by advising on best practices, maintaining thorough documentation, enhancing metrics, and implementing improvements to increase organizational resilience

Good knowledge of the cyber threat landscape (preferably in the financial sector) and the ability to communicate those threats to senior leadership, technical and non-technical audiences

Apply frameworks (Ex. MITRE ATT&CK) to enhance detection and response

Skilled in automation, including intelligence gathering and processing using scripts or platforms (e.g., python, APIs, STIX/TAXII)

Produce written reports, threat assessments, and briefings for technical and non-technical stakeholders

Collaborate closely within and outside of the CTM team

Participate, as needed, in technical incident response activities

Actively participate in tabletop exercises and red/blue/purple team activities

Interface with stakeholders within Cyber Defense, the broader security organization, and those outside of security such as technology, fraud, HR and other lines of business partners

Provide mentorship and technical guidance to junior analysts and cross-functional partners

Lead by example in fostering a culture of curiosity, rigor, and continuous learning within these functions

Demonstrated presentation development; tailors the message as needed; comfortable presenting to all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations

Performs other duties as assigned; duties, responsibilities and/or activities may change or new ones may be assigned at any time with or without notice

Complies with all KeyBank policies and procedures, including without limitation, acting professionally at all times, conducting business ethically, avoiding conflicts of interest, and acting in the best interests of Key’s clients and Key

Qualification

Insider Threat InvestigationThreat HuntingMITRE ATT&CK FrameworkLog AnalysisCybersecurity FundamentalsSecurity Platforms XDRSecurity Platforms SIEMAutomation PythonAutomation APIsAnalytical SkillsCommunication SkillsCollaboration SkillsProblem SolvingMentorship