Principal Analyst - Insider Threat

At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

Job Description

U.S. Bank is seeking a Principal Security Analyst to support analysis and threat detection for the Insider Threat Program in Information Security Services. The candidate will have a broad understanding of insider threat detection/prevention and data loss prevention concepts, technical expertise and analytical capabilities to detect patterns and anomalies across data sets of technical and non-technical indicators. The candidate must be a self-starter that is able to lead various assignments and projects with little guidance. The candidate will also demonstrate the ability to be flexible with work assignments and adapt quickly to change.

The ideal candidate will have a well-rounded information security background including a strong understanding of IT risk management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the security configuration, as well as various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI) Additional preferred skills and experience relevant to the work include:

Responsibilities:

• Identify new threat tactics, techniques and procedures used by insider threat actors.

• Proactively search for threats in the environment that are created by people, process, or technology

• Review data and behaviors to identify problems from multiple angles and gather information, as well as be able to identify missing information/indicators needed to produce best results

• Work independently and with teams to define and complete analysis activities (both new and repeatable

• Create and maintain use cases for recurring investigation/incident triggers

• Ability to break down complex or vague problems and step through them in a rational way

• Champion the continuous improvement of analysis techniques and processes

• Lead engagement with insider threat-related table top and red team exercises

• Complete and evaluate metrics for management reporting

• Analyze information to identify risks, gaps and exploitation opportunities with people, process and technology

• Articulate implications of the risks relative to insider threats

• Query databases, including filtering, joins, unions and aggregate functions

• Conduct log file analysis

• Document findings in a manner that technical and non-technical stakeholders can consume

• Present findings to senior leaders, stakeholders, and working groups

• Assist in building processes, procedures, and training for the Insider Threat program

• Conduct quality control review of process output and reconcile data with original documents to ensure accuracy.

• Effectively lead meetings with both internal stakeholders and immediate team

• Proactively help team members/make suggestions to improve practices

• Actively participates in providing feedback on team members’ work

• Mentor junior members of the team

• Identify when junior resources need help and provide it in a positive way that promotes confidence.

Basic Qualifications

• Bachelor's degree or equivalent work experience

• At least seven years of experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data

EXPERIENCE SHOULD INCLUDE

• Experience using large data sets to conduct research, discover relationships and correlate data from various sources

• Provide expert analytic investigative support

• Advanced knowledge of SQL

• Experience with a variety data analysis and visualization tools

• Experience in computer networking, Network administration and/or database administration

• Experience querying systems like Splunk and SIEM solutions

• Advanced understanding of relational databases and big data databases

• Background in log analysis for network devices, servers (i.e., web servers) and clients.

• CERT Insider Threat course work/certifications

• Industry certifications in the area of information security, project management and technology auditing including, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP

• Excellent communication skills, both oral and in written

• Experience communicating the analysis of cyber threats (written and oral) at both a strategic and operational level

• Experience leveraging cyber analytic frameworks to analyze cyber threats and assess their risk. (NIST, Kill Chain Methodology, MITRE ATT&CK Framework)

• Experience leveraging intelligence data in control development and threat hunting activities

• General knowledge of the functions of various security infrastructure such as firewalls, intrusion prevention/detection systems, proxy servers, email controls, anonymizing technology, and SIEM

• General knowledge of web application technologies

• General knowledge of network and systems forensics

• General understanding of AWS, Azure and/or Google Cloud

• Working in an Agile environment

Preferred Skills/Experience

• ISACA Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• Certified Information System Security Professional (CISSP)

Extensive experience in: -Computer crime Subject matter expert in: -Information assurance -Network and internet security -Information security audits, architecture, technologies and management -IT governance, standards, procedures, policy -IT industry trends and direction and environment

#LI-REMOTE

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants .

Benefits:
Take care of yourself and your family with U.S. Bank employee benefits. We know that healthy employees are happy employees, and we believe that work/life balance should be easy to achieve. That's why we share the cost of benefits and offer a variety of programs, resources and support you need to bring your full self to work and stay present and committed to the people who matter most - your family.

Learn all about U.S. Bank employee benefits, including tuition reimbursement, retirement plans and more, by visiting usbank.com/careers .

EEO is the Law
Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal EEO is the Law poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program .

Due to legal requirements, U.S. Bank requires that the successful candidate hired for some positions be fully-vaccinated for COVID-19, absent being granted an accommodation due to a medical condition, pregnancy, or sincerely held religious belief or other legally required exemption. For these positions, as part of the conditional offer of employment, the successful candidate will be asked to provide proof of vaccination or approval for an accommodation or exemption upon hire.