IT Cybersecurity Lead - Insider Risk and Threat Intelligence at Mosaic in Riverview, Florida

Job Description:

The IT Cybersecurity Lead - Insider Risk and Threat Intelligence will serve as the lead over the Insider Risk and Threat Intelligence functions within the IT Cybersecurity Operations team. This role will lead the functions that support utilizing advanced skills in Insider Risk, incident response, digital forensics, and threat hunting to identify credible risks/adversaries to proprietary and sensitive data before a potential breach occurs. Primary responsibilities will include leading Insider Risk program activities such as overseeing our insider risk functions to continue enhancements for responding to insider risk inquiries and ensuring thorough investigations are completed and results are provided to the respective HR or Legal representatives as necessary. Other responsibilities will include leading threat intelligence activities within the environment to ensure our security technology stack has the latest indicators for prevention and detection and accurate reporting is maintained to leadership when necessary. This role will also be responsible for leading forensic investigations and ensuring they are completed when necessary to identify malicious activities and/or identify root cause from security incidents.



What will you do?

• Lead Insider Risk Program level functions such as monitoring, investigating, and managing incident response activities to ensure consistent handling is maintained and proper scoping, containment, mitigation, and documentation of security incidents are completed.


• Manage processes for in-depth analysis for security incidents and escalated events involving various data sources including but not limited to event logs, malware samples, packet captures, and memory and/or host-based forensics.


• Lead monitoring of internal and external threats through collection of relevant threat intelligence and supporting threat hunting activities; examine logs, events and any alerts generated by multiple platforms for indications of anomalous, unwanted activities, or other suspicious conditions that could be potential compromises.


• Collaborate with cross-functional teams, including risk management, engineering/architecture, operations, and other functional business areas to develop, establish and maintain relationships needed to support management of security incident investigations.


• Own the creation, development, and updating of Knowledge Base articles, runbooks / playbooks, processes, procedures, and other documentation as needed. Other job duties and projects as assigned.

• Bachelor's degree in computer science or related field with 5 years of experience or Associate's degree in computer science or related field with 7 years of experience in a technical hands-on role with a focus in Cybersecurity Operations is required. For those candidates without a degree, 9 years of experience is required.


• 5+ years ofrelatedexperience required.


• Operational experience working with EDR and SIEM platform solution to scale analysis and response across a global organization.


• Advanced understanding of incident response methodologies and practical application within a production environment.


• Advanced knowledge of system forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.


• Strong working knowledge and experience performing Insider Risk related investigations and communicating with non-technical personnel in review of the investigation results.


• Strong working knowledge and experience performing incident response and security operations in hybrid environments operating on-premise and public cloud environment infrastructures.


• Demonstrated experience leading security monitoring and incident response functions and personnel within a Security Operations function.


• Technical understanding of the Cybersecurity threat landscape and ability to apply that to threat hunting capabilities and techniques.


• Understanding of malware analysis fundamentals.


• Ability to clearly and concisely document and explain technical details (e.g. experience documenting incidents, forensic analysis reports, technical writings, etc.).