Insider Threat Analyst

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We are expanding our Insider Threat Operations Team. This role supports and analyzes threat detection for the Cybersecurity Defense Insider Threat program.

This resource will work with a team of analysts in the identification and development of new processes and techniques to analyze information with the goal of detecting risks and gaps in the areas of people, processes, and technology. This resource will also utilize understanding of Insider Threat and DLP principles to identify trends and patterns which can assist in the development of new detection rules and models.

The role offers a hybrid/flexible schedule, which means there’s an in-office expectation of 4 or more days per week and the flexibility to work outside the office location for the other day.

What you have

You are discreet, thoughtful, and seek to coordinate systemic, cross functional solutions to mitigate risk. You are adept at translating complex problems into ‘byte-sized’, readily implemented (and preferably automated) solutions. You are familiar with Insider Threat technologies (such as Security Information Event Management - SIEM, User Entity Behavioral Analytics - UEBA, Endpoint Detection and Response - EDR, Data Loss Prevention - DLP) and have an understanding of investigations and/or the intelligence cycle.

Your opportunity:

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We are expanding our Insider Threat Operations Team. This role supports and analyzes threat detection for the Cybersecurity Defense Insider Threat program.

This resource will work with a team of analysts in the identification and development of new processes and techniques to analyze information with the goal of detecting risks and gaps in the areas of people, processes, and technology. This resource will also utilize understanding of Insider Threat and DLP principles to identify trends and patterns which can assist in the development of new detection rules and models.

The role offers a hybrid/flexible schedule, which means there’s an in-office expectation of 4 or more days per week and the flexibility to work outside the office location for the other day.

What you have:

You are discreet, thoughtful, and seek to coordinate systemic, cross functional solutions to mitigate risk. You are adept at translating complex problems into ‘byte-sized’, readily implemented (and preferably automated) solutions. You are familiar with Insider Threat technologies (such as Security Information Event Management - SIEM, User Entity Behavioral Analytics - UEBA, Endpoint Detection and Response - EDR, Data Loss Prevention - DLP) and have an understanding of investigations and/or the intelligence cycle.

Required qualifications:

• Understanding of computer networking concepts, communication protocols, primary threat actor attack methods and tools

• Competent in collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources, documenting results, and analyzing findings to provide viable threat intelligence

• Ability to understand and learn technical specifications, system requirements and other application design information as needed

• Detail-oriented person who is passionate about quality and is enthusiastic about innovative technology offerings

• Strong verbal and written communication skills and you are comfortable composing briefs and assessments for leadership

• Familiar with analytical programming languages such as SQL

• Ability to thrive in ambiguity and rapid change

• Comfortable with process flow diagrams

• Familiar with applying Agile Methods

• Basic understanding of a variety of security and compliance policies and incident response processes

• Experience monitoring and analyzing Data Loss Prevention (DLP) and Database Activity Monitoring (DAM) incidents to ensure compliance with company policies

• 6 months+ of Schwab technology domain experience gained as a current or recent contractor or employee

• Ability to exercise sound judgment when determining which events require follow-up response or escalation

• Comfortable working with internal customers to respond to escalations

• Maintaining incident documentation, analyzing incident trends

• Experience maintaining and generating audit evidence for internal and external regulatory compliance

• Ability to function as a technical conduit between IT and the business

Preferred qualifications:

• 4 - 7 years related experience including developing requirements, designing, and executing test cases in insider threat and data loss prevention

• Bachelor’s degree in computer science or related field

What’s in it for you:

At Schwab, we’re committed to empowering our employees’ personal and professional success.Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry.Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

We offer a competitive benefits package that takes care of the whole you – both today and in the future:

• Base salary + bonus opportunity (for eligible positions)

• 401(k) with company match and Employee stock purchase plan

• Paid time for vacation, volunteering, and a 4-week sabbatical after 5 years of service for eligible positions

• Paid parental leave and family building benefits

• Tuition reimbursement

• Health, dental, and vision insurance