Join NCS as an Insider Threat professional, where you will be part of an independent function dedicated to protecting the firm’s information technology and digital assets. You will play a critical role in safeguarding information assets and reputation by leading efforts to detect, investigate, and mitigate insider threats—both malicious and unintentional—thereby strengthening the overall cybersecurity posture.
What You'll Do
- Administer and enhance information protection policies, standards, and procedures.
- Partner with stakeholders to align insider threat controls with organizational risk management objectives.
- Monitor and respond to alerts from data loss prevention (DLP), endpoint detection and response (EDR), and other insider threat detection systems.
- Analyze system, application, and network logs to identify anomalous behaviors and potential threats.
- Proactively search for Indicators of Compromise (IOCs) and 'living off the land' techniques that bypass automated detection.
- Lead or support incident response activities, ensuring timely containment, investigation, and remediation.
- Provide actionable recommendations to infrastructure teams to harden environments and prevent re-entry.
- Conduct in-depth host-based forensic investigations across Windows and Linux environments, including memory analysis, filesystem auditing, and registry examination.
- Utilize digital forensics tools and methodologies to collect, preserve, and analyze evidence.
- Analyze and correlate data from multiple sources (e.g., DLP, SIEM, EDR, NTA) to reconstruct attacker timelines.
- Prepare detailed investigation reports and present findings to senior management.
- Work closely with HR, Legal, Compliance, and business units to ensure fair and consistent investigations.
- Contribute to awareness and training initiatives to strengthen insider threat resilience.
- Stay abreast of emerging insider threat tactics, industry trends, and regulatory developments.
- Recommend and implement enhancements to detection technologies, analytics, and response processes.
- Foster a culture of collaboration, vigilance, and continuous learning.
What We're Looking For
- Bachelor’s degree in Information Technology, Computer Engineering, Cybersecurity, Digital Forensics, or a related discipline.
- 5–7 years of experience in cybersecurity operations, threat analysis, or security engineering.
- Proven work experience in cybersecurity, with a focus on policy creation, monitoring, and incident response.
- Demonstrated experience managing cybersecurity projects, including planning, execution, and monitoring.
- Experience working with cross-functional teams and external vendors in a complex enterprise environment.
- Experience with Endpoint Detection and Response (EDR) and Endpoint Protection Platforms (EPP) such as CrowdStrike, Microsoft Defender, or Palo Alto.
- Familiarity with Security Information and Event Management (SIEM) tools (e.g., Splunk, QRadar, Sentinel).
- Strong knowledge of Network Traffic Analysis (NTA) and User and Entity Behavior Analytics (UEBA) tools.
- Hands-on experience with digital forensics tools such as EnCase, FTK, or SIFT.
- Ability to use scripting languages such as Python, PowerShell, or Bash to automate workflows.
- Expert-level knowledge of Windows internals (Event Logs, MFT, Prefetch) and Linux internals (Syslog, Auth logs, Cron, persistence mechanisms).
- Strong understanding of TCP/IP, DNS, and HTTP/S protocols.
- Experience responding to incidents in AWS, Azure, or GCP (e.g., identity theft, S3 bucket exposure).
Nice to Have
- Professional certifications such as CISSP, CISM, CEH, GIAC (GCIH, GCFA, GCTI), or equivalent.
- Familiarity with frameworks such as NIST, ISO 27001, or CIS Controls.
Technical Stack
- DLP, EDR, SIEM (Splunk, QRadar, Sentinel), NTA, UEBA
- Digital Forensics Tools (EnCase, FTK, SIFT)
- Python, PowerShell, Bash
- Windows, Linux
- AWS, Azure, GCP
Team & Environment
You will be part of the Infrastructure & Cybersecurity Resilience (ICR) team within the Technology Group.
Work Mode
This role operates on a hybrid work model.
We are an equal opportunity employer. As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.
