Senior Associate, Insider Threat Analyst

Center 3 (19075), United States of America, McLean, Virginia

Senior Associate, Insider Threat Analyst

Capital One is looking for an Insider Threat investigations analyst to join the Cyber Insider Threat and Technical Investigations program. As an Insider Threat investigator in our newly formed Exit Risk Mitigation (ERM) team, you will perform and help lead the ERM team in the monitoring, detection, analysis, and investigation of departing associates exhibiting anomalous behavior using a wide variety of security tools across multiple environments to identify, mitigate, and escalate potential insider threats. Candidates should be able to manage projects and related case workflows, document analyses and investigative findings, formulate and review escalation reports, and exercise attention to detail and discretion in sensitive investigative matters. Candidates should also thrive in a cross-functional and dynamic environment, where coordination with partner teams and stakeholders is required.

Job Responsibilities:

• Analyze, summarize, and report on activity data of an identified exiting population against insider threat alerts and referrals from partner Insider Threat (IT) and Data Loss Prevention (DLP) SecOps teams, other Cyber stakeholders including the Cybersecurity Operations Center (CSOC), and external stakeholders in Human Resources and Associate Relations , the HR Career Transition Support Center (CTSC), the Office of Corporate Investigations (OCI), Legal, and others.
• Initiate, execute, track and report on ERM programs and projects, engaging both internal and external stakeholders to accomplish objectives.
• Track and document investigations from referrals and escalations through to resolution including documenting requests and activities in a case management system, and follow investigative processes and procedures, exercising attention to detail and sound technical, interpersonal, and organizational judgment.
• Serve as the lead and escalation point for ERM program analyses and investigations, guiding teammates, and keeping leadership and teammates informed.
• Utilize insider threat and DLP tools, and cyber logging tools across several platforms to investigate insider threats and escalate to appropriate stakeholders including the Insider Threat Investigations team (Tier 2), the Office of Corporate Investigations, and Legal as appropriate.
• Effectively communicate with stakeholders and partner teams to ensure timely scoping, evidence collection, case coordination, and escalation.
• Present case artifacts and findings in informal meetings with other Insider Threat analysts and investigators.
• Exercise discretion and professionalism when conducting associate-based investigations and inquiries.
• Develop, follow, and maintain process 'playbooks' which provide a visual depiction of various operational investigative and risk mitigation workflows.
• Identify trends, gaps, and opportunities for process and alert improvement, and raise and present these issues to Insider Threat team leads for resolution.
• Identify and enhance processes where automation has the potential to improve efficiency.
• Create, prepare, and defend technical escalation reports for presenting findings to leadership, corporate investigations, and legal partners
• Work with alerting and monitoring technologies and other log sources available to the Cyber Operations and Intelligence Teams to refine investigation sequence and procedures
• Use technology, infrastructure and operational processes to enable a more effective user-based threat detection and investigation program.

Basic Qualifications:

• High school diploma, GED, or equivalent certification
• At least 2 years of experience in cybersecurity or information technology
• At least 2 years of experience in threat analysis
• At least 2 years of experience in Data Loss Prevention (DLP), incident management, or investigative programs

Preferred Qualifications:

• Bachelor's Degree in Computer Science, Information Systems, or Engineering
• 3 years of experience in the cyber or threat analyst field
• 3 years of experience in understanding and communicating Data Loss Prevention (DLP) concepts, trends, people risk, or conduct risk program management
• 2 years of experience in writing automated processes in Python, Bash, or PowerShell to query various data sources
• 2 years experience in JIRA or Kanban

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

This role is expected to accept applications for a minimum of 5 business days.

No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).