Insider Threat Signature Developer

Job description

OVERVIEW: A specialized security professional responsible for designing, implementing, and maintaining behavioral and rule-based signatures to detect insider threats. Collaborates with threat intelligence, security operations, and engineering teams to translate risk insights into actionable rules and automated responses. Works closely with business and IT stakeholders to identify critical assets and potential threat vectors and evaluate and recommend security technologies to improve the organization's insider threat posture. GENERAL DUTIES: - Design, implement, and maintain insider threat detection signatures tailored to organization data, user behavior, and access patterns. - Translate threat intelligence and incident learnings into practical, testable signatures; continuously refine signals to reduce false positives. - Collaborate with Insider Threat Program (ITP) stakeholders to align signatures with policies, acceptable use, and incident response playbooks. - Validate and test signatures in controlled environments, document detection logic, data sources, and tuning parameters. - Monitor performance and effectiveness of signatures; propose and implement improvements. - Contribut...