Global Insider Threat User & Entity Based Analytics Advisor
What We'll Bring
At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation. This gives our people the opportunity to hone current skills while building and discovering new capabilities.
Come be a part of our team and work with great people and cutting-edge technology.
What You'll Bring
The Global Insider Threat Program (GITP) User & Entity Behavior Analytics (UEBA) Advisor is a cybersecurity professional and leader with experience identifying threats, vulnerabilities and exploitations, processing, analyzing and operationalizing cybersecurity intelligence as well as other threat indicators in order to enhance detection and prevention of insider threats within TransUnion’s environment. In addition to these technical proficiencies, the GITP UEBA Lead demonstrates excellent communication skills to include the ability to explain technical data relevance succinctly to the GITP Director and other TransUnion senior leadership. Finally, the GITP UEBA Lead brings with them validated leadership experience.
BS or BA degree preferably in computer or security related field or any combination of equivalent education, experience, and formal training that allows you to meet the requirements of this job
Previous experience in an information security operations role coupled with a strong understanding of the threat landscape
Ample experience operating with cloud platforms, container technologies, APIs and event-driven automation
Excellent technical capabilities including an understanding of enterprise security network architecture, user and entity behavior analytics and other risk-based security operations
An analytical mindset coupled with a proven ability to examine and utilize raw data and create refined timely intelligence relevant to Insider Threat operations
An understanding of the intelligence cycle
Ability to build strong relationships with business and technology stakeholders, self-motivation, personal drive and high energy are highly valuable for this position
Willingness to acquire in-depth knowledge of network and host security technologies and products
Demonstrated ability to lead a team of cybersecurity analysts
Strong written and verbal communication skills
Passionate about innovation and enjoys the challenges of creating something new
Stays current with evolving technologies via formal training and self-directed education
Any Security related certification(s)
We’d Love to See
SANS SEC460: Threat and Vulnerability Assessment
SANS SEC487: Open-Source Intelligence Gathering and Analysis
SANS SEC524: Cloud Security and Risk Fundamentals
SANS SEC545: Cloud Security Architecture and Operations
SANS FOR578: Cyber Threat Intelligence
SANS MGT414: CISSP Certification
SANS MGT512: Security Leadership Essentials for Managers
Any other Insider Threat related certification, procedure knowledge, experience
Impact You'll Make
The GITP UEBA Advisor will play a key role in developing and utilizing GITP’s risk-based scoring capability
Lead efforts and collaboration with UEBA technical support and cybersecurity engineers to best configure UEBA tools in order to map the company based on access and behavior
Lead all GITP analytic and interpretive cybersecurity intelligence efforts in order to identify, monitor or remediate Tactics, Techniques, and Procedures used by potential or actual insider threats in our cloud network
Develop tools and processes for sharing intelligence information and supporting GITP investigations
Provide actionable insights, guidance and subject matter expertise to the Director, GITP as well as other cybersecurity team directors and executive leadership
Utilize cybersecurity intelligence to improve hunt and lead generation efforts
Coordinate and conduct proactive hunting exercises, retrospective searching for known indicators of malicious activity for cloud users
Coordinate with Data Loss Prevention, security operations and incident response staff to tune and improve detection capabilities or to aid in investigations or respond to incidents