DLP Monitoring Analyst
The DLP Monitoring Analyst will work to monitor for indicators of attack and improve our processes and procedure. This person will be responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing. The ideal candidate will also have experience reviewing security events from multiple systems (Windows, Unix, routers, switches and endpoints) and be able to understand what events are benign and what may be malicious based on data classification, behavior and context.
· Review and triage events and design/implement correlation searches to respond to changes in the environment while reducing false positives.
· Monitor for and detect security events from SIEM, Log collection Engines and other security technologies, such as Splunk while performing investigations using various Monitoring Security technologies (i.e. IDS/IPS, DLP, etc.).
· Review alerts escalated by end users and perform initial triage of incoming issues (initially assessing the priority of the event, initial determination of event to determine risk and damage or appropriate routing of security or privacy data request).
· Responsible for reviewing and analyzing anomalous data activity events
· Monitor for and respond to events involving potential loss of consumer, employee, business sensitive data, or intellectual property
· Identify anomalous user behavior
· Conduct thorough analysis of reported security incidents
· Understand and follow established Data Protection playbooks
· Identify opportunities to improve existing monitoring and response processes
· Collect and analyze event metrics for DLP KRI/KPI metric reporting
Nice to Have:
· Experience with process automation and one or more programming/scripting languages (Python, etc)