Capital One
Principal Associate, Insider Threat and Technical Investigations
Capital One, Mc Lean, Virginia, us, 22107
Principal Associate, Insider Threat and Technical InvestigationsCapital One is looking for an Insider Threat Investigator to join the Cyber Insider Threat team.
The Insider Threat Investigator role is responsible for the detection and investigation of anomalous user activities and indicators of potential insider threats. This position will be part of the Cyber Insider Threat and Technical Investigations program, responsible for utilizing a wide variety of security tools across multiple environments.
You will perform analysis, investigation, monitoring, and management of user and endpoint based insider threats. These tasks include but are not limited to: creating and maintaining investigation and incident tracking information; planning, coordinating and performing user behavior-based investigations; drafting and presenting detailed investigative reports and summaries; investigation analysis tasks including preservation and examination of all available information, and supporting evidence or artifacts collection related to incident or event.
Responsibilities:
Track and document investigations from initial detection through final resolution including documenting requests and activities in a case management system.
Effectively and professionally secure handling and collection of digital evidence.
Exercise sound technical, interpersonal, and organizational judgment while evaluating and solving complex problems.
Conduct highly technical investigations utilizing data from detection tools, including UEBA, SIEM, and others.
Exercise discretion and professionalism when conducting user-based investigations and inquiries.
Identify and enhance processes where automation has the potential to improve efficiency.
Create, prepare, and defend technical escalation reports for presenting findings to leadership, corporate investigations, and legal partners.
Basic Qualifications:
High School Diploma, GED or equivalent certification.
At least 3 years of experience in the cybersecurity, investigative analysis, or intelligence field.
At least 2 years of experience leading or conducting non-technical and technical investigations utilizing insider threat tools (UEBA, SIEM).
Preferred Qualifications:
Bachelor's Degree.
3+ years of experience leading or conducting non-technical and technical investigations utilizing insider threat tools (UEBA, SIEM).
Knowledge of Insider Threat or Data Loss Prevention programs, incident management, or investigative programs.
Ability to identify anomalous activities and associated risks.
#J-18808-Ljbffr
The Insider Threat Investigator role is responsible for the detection and investigation of anomalous user activities and indicators of potential insider threats. This position will be part of the Cyber Insider Threat and Technical Investigations program, responsible for utilizing a wide variety of security tools across multiple environments.
You will perform analysis, investigation, monitoring, and management of user and endpoint based insider threats. These tasks include but are not limited to: creating and maintaining investigation and incident tracking information; planning, coordinating and performing user behavior-based investigations; drafting and presenting detailed investigative reports and summaries; investigation analysis tasks including preservation and examination of all available information, and supporting evidence or artifacts collection related to incident or event.
Responsibilities:
Track and document investigations from initial detection through final resolution including documenting requests and activities in a case management system.
Effectively and professionally secure handling and collection of digital evidence.
Exercise sound technical, interpersonal, and organizational judgment while evaluating and solving complex problems.
Conduct highly technical investigations utilizing data from detection tools, including UEBA, SIEM, and others.
Exercise discretion and professionalism when conducting user-based investigations and inquiries.
Identify and enhance processes where automation has the potential to improve efficiency.
Create, prepare, and defend technical escalation reports for presenting findings to leadership, corporate investigations, and legal partners.
Basic Qualifications:
High School Diploma, GED or equivalent certification.
At least 3 years of experience in the cybersecurity, investigative analysis, or intelligence field.
At least 2 years of experience leading or conducting non-technical and technical investigations utilizing insider threat tools (UEBA, SIEM).
Preferred Qualifications:
Bachelor's Degree.
3+ years of experience leading or conducting non-technical and technical investigations utilizing insider threat tools (UEBA, SIEM).
Knowledge of Insider Threat or Data Loss Prevention programs, incident management, or investigative programs.
Ability to identify anomalous activities and associated risks.
#J-18808-Ljbffr