Biogen Sr Insider Threat Analyst in Weston, Massachusetts
The IROps Insider Threat Analyst plays an important role in researching, developing, and analyzing technologies, processes, and assessments of known insider threats and vulnerabilities to generate tailored, actionable events for Biogen’s emerging insider threat program. Drives, implements, and manages insider threat response procedures and remediation efforts using a variety of tools and technologies in order to rapidly identify and respond to threats and anomalies. This Analyst leverages leading-edge technologies, multitude of feeds, and innovative approaches to position Biogen for measurable success; improving efficiency, increasing security posture, supporting aggressive growth and improving the Security Operations program overall. The position reports to the Senior IR Operations Manager. We are looking for a strong contributor with an exceptional understanding and subject matter expertise in Insider Threat modeling, TTPs, incident response, threat correlation, and exceptional analytical skills. This is a highly visible role. The right candidate must have excellent engagement and communication skills with stakeholders, leadership, solution delivery peers, and must have a strong customer-focused, team-oriented, approach that balances security needs and user experience to provide best-in-class security to the organization. Job Responsibilities * Initiate, coordinate and conduct research efforts regarding information security threats. * Develop specific expertise in areas such as Insider Threat models, discern patterns of complex behavior, and provide an accurate understanding of present and future threats to company intellectual property. * Apply highly developed inductive reasoning skills to provide a proactive approach to potential threats. * Review and analyze content monitoring system incidents to identify, prioritize and report issues for review and correction. Identify, extract, analyze, and evaluate essential information from a variety of sources to support research and analysis. * Detect and investigate anomalous behavior that may indicate threats to Intellectual Property assets. Determine the significance, accuracy, and reliability of incoming information. * Provide forensic analysis support to other internal teams in relation to incidents and investigations. Initiate, establish, and maintain effective working relationships inside and outside the immediate team to facilitate information gathering or support joint investigative efforts. * Perform analytics work on root cause analysis to identify patterns and trends * Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. * Proactively analyze and classify insider threat groups based on TTPs and share learnings with the Security Team to develop an analytical capability to identify malicious behavior using existing internal data. * Participates as part of response teams during security incidents (phishing, ATP, DDOS, malware, etc) through resolution and to lessons learned stage. * Assists in developing tactical response procedures for insider threat incidents * Participates in product selection, vendor evaluations, and implementations of security technologies. * Recommends security and process enhancements to management * Assists in the design, implementation, and maintenance of security plans, policies, procedures, and standards. * Has excellent verbal and written communication skills and be comfortable presenting to different levels within and outside of the organization This role is based at Biogen, MA (Cambridge or Weston). * 2-5 Years of experience in Information Security * SANS GSEC - Certification * A minimum of 2 years experience acting in an insider threat and security incident response role with responsibility of analyzing insider threats, responding accordingly * Understanding of Insider Threat activity, modeling, and knowledge of attackers. * Experience with interpreting Reconnaissance, Delivery, and insider Threat modeling events in logs and traffic. * Previous experience using Splunk and Splunk Enterprise to analyze and correlate activity * Experience documenting incident cases and participating in lessons learned meetings. Preferred Qualifications * Training in Analytic Methodologies * A keen ability to identify trends and patterns in data * Demonstrate background using behavior analytics and/or event correlation systems. * Familiarity with SIEM tools * Familiarity with data protection techniques including encryption, backup and archiving * Prior experience working with a Security Operations Center (SOC) * Proven track record delivering cyber security, insider threat analysis reports, and IR services to the enterprise * An understanding of commonly used targeted Insider Threat and Data Exfiltration techniques, tactics, and procedures. * Strong communication skills including the ability to influence others, including proven ability to build strong relationships with leadership, IT staff and peers * Ability to document requirements and enhance existing processes * Masters degree is a plus * GCTI, GCIH, GCIA, GREM, or CEH * CISA or CISM certification * CISSP Certification /“Diversity is key for the survival of our ecosystem. I believe it is the single most important factor for a balanced flourishing environment where everyone thrives.”/ * Guy Hadari – Chief Information Officer- Biogen All your information will be kept confidential according to EEO guidelines.