Inside Threat Investigations Specialist (Security Incidence Response Team)
Two Sigma is a different kind of investment manager. Since 2001, we have used data science and technology to derive insights that forecast the future and discover value in markets worldwide. Our team of scientists, technologists and academics looks beyond traditional finance to understand the bigger picture and develop creative solutions to some of the world's most challenging economic problems. Our work spans across markets and industries, from insurance and securities to private investments and new ventures.
The Security Incident Response Team ("SIR") at Two Sigma operates an internal investigations program aimed at understanding and resolving a variety of technical and human issues. The Investigations Specialist role will be responsible for high-tech, inside-facing investigations, DLP, UBA/UEBA, and other tools and log analysis. This position will support case management, including the reporting of case activity, investigative interviews, coordination across SIR and other Security functions, liaison with corporate groups, and assistance in managing other operational risks.
You will take on the following responsibilities:
You should possess the following qualifications:
- Participates as a team member performing threat analysis.
- Develops metrics of alerts, threats, and investigations and analyzes such to identify trends.
- Partners and liaises with other teams within Security and across the company.
- Prepares and submits reports to key stakeholders, including senior management.
- Utilizes insider threat tools to gather, analyze, triage, and escalate potential insider threat risks.
- Queries SIEM logs to identify malicious or anomalous activity.
- Conducts internal investigations, including investigative interviews.
- Contributes to the development of analytical threat models and provides functional guidance and direction to the SIR team in overall conduct of investigations and projects.
You will enjoy the following benefits:
5+ years total experience in an investigative role with a corporation, government agency, law enforcement, or military.
At least 1 year of experience conducting investigative interviews, preferably with formal training in such.
At least 2 years of experience in reviewing and resolving cyber security tool output, including DLP, SIEM and/or UBA/UEBA tools.
Ability to query logs for malicious or anomalous activity.
Undergraduate degree required; undergrad major, minor. or postgraduate degree related to cybersecurity, information security, criminology or investigations a plus.
- Core Benefits: Fully paid medical and dental insurance premiums for employees and dependents, competitive 401k match, employer-paid life & disability insurance
- Perks: Onsite gyms with laundry service, wellness activities, casual dress, snacks, game rooms
- Learning: Tuition reimbursement, conference and training sponsorship
- Time Off: Generous vacation and unlimited sick days, competitive paid caregiver leaves
We are proud to be an equal opportunity workplace. We do not discriminate based upon race, religion, color, national origin, sex, sexual orientation, gender identity/expression, age, status as a protected veteran, status as an individual with a disability, or any other applicable legally protected characteristics.