Insider Threat Investigator
At Bank of America, we are driven by a shared purpose to improve financial lives. We achieve this through responsible growth and delivering value to our clients, colleagues, communities, and shareholders every day.
We strive to be a great place to work by fostering diversity and inclusion, attracting exceptional talent, supporting the well-being of our colleagues, recognizing and rewarding performance, and making a positive impact in the communities we serve.
In Cyber Security Operations (CSO), we protect the organization and its customers from cyber threats by defending against insider risks. Insider Threat Investigators investigate and mitigate potential threats posed by insiders while collaborating with peer teams across the enterprise to ensure comprehensive controls and monitoring are in place.
Key Responsibilities:
1. Conduct investigations by analyzing data from various sources, including auditing and monitoring software resources, to detect and identify insider risk activities.
2. Complete written reports in compliance with current procedures and policies, requiring the ability to write detailed, concise, and accurate reports.
3. Manage high-risk regional information security incidents by working closely with response partners and other risk teams.
4. Utilize next-generation tools and technology to conduct deep behavioral analytics assessments/investigations focused on mitigating information security-related insider threats.
5. Collect and analyze data from various applications to fulfill an investigation or support request.
6. Document each stage of the investigation with clear and concise notes.
7. Effectively communicate complex information to non-technical audiences.
8. Collaborate with other teams to drive resolution to an investigation across multiple regions/countries.
9. Multi-task between several competing efforts while maintaining an awareness of industry challenges and advancements.
Requirements:
For this role, we require 5+ years of experience with an insider threat focus or technical background that can be applied to understand key insider risk components. This includes curiosity, diversity of thought, critical thinking, a willingness to learn, and persistence to identify risk.
The ideal candidate should have a methodical and systematic approach to utilizing technical tools, familiarity with Splunk, ENCASE, CrowdStrike, and similar investigative and/or monitoring tools, and excellent written and verbal communication skills.
Experience in conducting complex investigations with an insider threat emphasis is also necessary. Knowledge of computer forensics and participating in incident response events is preferred.
Desired Skills:
An understanding of human behavior/human psychology or investigative background is desired. Technical experience with information security/data loss prevention tools or controls, such as Intrusion Detection & Prevention technologies (IDS/IPS) and/or SIEM systems and other data correlation engines, is beneficial.
Extensive experience in Splunk, ENCASE, CrowdStrike, and other similar investigative and/or monitoring tools is also desirable. Certifications in security-related fields, familiarity with OSINT, working in cloud environments, networking/system administration experience, and scripting languages for databases are advantageous.
A Bachelor's degree in computer science or related fields is required.