Role: User Behaviour Analytics Specialist
Grafton Specialist recruitment has been retained to recruit a User Behaviour Analytics Specialist for a leading Global company based in Letterkenny.
The Analytics Specialist will report to the HTIU Manager of analytics-driven investigations. In this capacity, the Analytics Specialist is primarily responsible for the architecture of endpoint artifact-focused User Behavior Analytics alerts with ancillary investigative and forensic responsibilities where needed.
The Analytics Specialist will collect investigative information, a broad array of log data, and knowledge of endpoint forensics to build and refine the capabilities of our enterprise UBA tool. The Analytics Specialist will be tasked with other forensic activities relevant to User Behavior Analytics.
- Partner with Information Security team to serve as primary investigations-focused data analytics and UBA platform architect.
- Lead highly sensitive, complex, and confidential investigations into incidents of data loss and intellectual property theft, technology misuse, conflict of interest, and other types of matters.
- Actively work with partners across numerous cybersecurity and investigative focus areas.
- Perform real-time incident handling, including forensics collections and intrusion correlations and tracking
- Over 5 years professional experience, including at least two years of insider threat, UBA, or high-tech investigation program experience.
- Experience configuring and utilizing user and/or entity behavior analytics (UBA/UEBA) platforms.
- Knowledge of mainstream desktop/server operating systems (UNIX, Windows, OSX, Linux) and file systems (NTFS, exFAT, FAT, HFS/HFS+, APFS, EXT2/3/4).
- Excellent analytical and problem-solving skills.
- Excellent written and oral communication skills.
- Industry-accepted certifications (EnCE, CCE, GCFE, GCFA, GCFN, GCIH, GREM, CFCE, etc.)
- Bachelor's degree
- Advanced knowledge and experience using Splunk to execute complex search queries and generate reports.
- Advanced understanding of enterprise networking concepts and protocols.
- Experience with Data Loss Prevention concepts and tool sets
- Experience with analysis of security events from multiple sources including but not limited to events from Security Information Monitoring (SIEM) tools, network and host based intrusion detection systems, firewall logs, system logs (Unix and Windows), mainframes, mid-range, applications, and databases.
- Advanced understanding of common server, desktop, and mobile operating systems (Windows, OSX, Linux) and corresponding file systems (NTFS, FAT, HFS+, EXT, iOS, Android, etc.).
- Experience with Microsoft's Protection Center and the greater Office 365 architecture.
- Experience with endpoint detection and response software.
- Comprehensive understanding of adversarial exploitation, privilege escalation, persistence, and lateral movement techniques.
- Advanced knowledge of cloud computing platforms including Amazon Web Services (AWS) and Microsoft Office 365
- Experience with automation scripting (Python, Perl, Ruby, PowerShell, Bash, etc.)
- Experience with computer network surveillance/monitoring.
The Grafton Specialist Team is a dedicated division within Grafton Recruitment, focused on providing Permanent, Contract & Temporary staffing solutions across; Construction, Engineering, Accountancy & Finance, Health & Safety, HR, IT, Sales & Marketing, Manufacturing and Procurement.