This position will support the SOC AVP by managing and operationalizing the GTS Insider Threat program, which includes performing insider threat analysis, establishing baseline and enhanced monitoring levels; defining roles and appropriately instrumenting monitoring profiles; identifying, investigating, analyzing, responding to, and reporting upon anomalous behaviors; and designing and automating associated workflows. The individual maintains up-to-date knowledge of insider threat tactics, techniques, and procedures (TTPs) and best practices; prepares Insider Threat assessments; generates Insider Threat Program reporting; and maintains and reviews associated program data, statistics, and analytics. The individual will monitor notifications from security-centric systems, such as threat intelligence platforms, security automation and orchestration solutions, and DLP capabilities, as well as general-purpose IT systems, such as network devices, databases, mobile devices, workstations, and cloud-based infrastructure and services, that support security functions. The Insider Threat Program Manager will support the SOC by completing project assignments that improve processes or support new capabilities.
This position requires strong analytic and written communications skills, such as those that would be required to enable non-technical business managers to make informed, risk-based decisions related to incident containment and remediation.
This position should have a deep understanding and experience with network protocol analysis, symmetric cryptography, public key infrastructure, SSL, information security analytics, Microsoft Windows and Active Directory, Linux, open-source software, scripting, SQL, and software programming.
This individual should also act decisively and exhibit strong decision-making skills and other interpersonal skills, enabling them to work well with those around them and successfully partner with professionals inside and outside of the security program.
Auto req ID
Knowledge and Experience
Minimum of 7-10 years of relevant IT-related experience with an emphasis on information security, required
3+ years of Insider threat / risk or relevant experience, required
Knowledge of financial services industry and alternative asset management, strongly preferred.
Knowledge of compliance requirements (PCI, HIPAA, SOX, etc.).
Strong understanding of Insider Threat detection, network security and traffic analysis, hunting for malicious activity and initiating response actions.
Familiar with cybersecurity investigations using formal chain-of-custody methods, forensic tools and best practices.
Familiar with Carbon Black, ObserveIT, Moloch, Security Onion, Palo Alto XSoar, Microsoft CASB, Varonis, CyberArk and ElasticSearch, strongly preferred
Strong analytical skills with the ability to recognize relationships across multiple events.
Strong verbal and written communication skills for both technical and non-technical audiences.
Ability to make well-informed decisions under pressure.
Ability to stay current with current threat landscape.
Strong technical information security skills.
Education and Certifications
Four-year college degree, or equivalent years' of relevant experience, required.
SANS GIAC GPEN, GCIA, GCIH, GCFA, AWS Security, ISC2 CISSP, CISM, or equivalent preferred.
Position-Specific Technical Requirements
Proficiency with Windows, OSX, and Linux.
Proficiency with DAS, NAS, and SAN.
Proficiency with AWS (public, private, and hybrid models).
Proficiency with programming or scripting (Python & Powershell).
Proficiency with SQL, Lucene and other query languages.
Proficiency with network security and management tools.
Proficiency withInsider Threat detection technologies and tools such as UBA, UAM, DLP, etc.
Proficiency with ESI collection tools and/or eDiscovery Platforms.
Proficiency with log analysis software and techniques.
Proficiency with malware analysis, forensics solutions and utilities such as IDA Pro, Ollydbg, PCAP tools, hex editors, SIFT and YARA.
Proficiency with Hadoop and ElasticSearch.
Awareness of current active defense techniques.
Insider Threat Program Manager
Key Duties/ Responsibilities
Documents, manages, and operationalizes the ITP framework.
Reviews, monitors, and prioritizes Insider Threat Program (ITP) related functions, ensuring alignment with business strategy, information security practices, and adherence to program and broader firm-wide policies.
Generates reporting with a synthesized view of enterprise-wide, insider threat risks and impact.
Promotes alignment and coordinates priorities between the ITP and other key organizational functions across the firm.
Develops training materials for Carlyle users.
Administers and maintains inventory of ITP related tools and procedures, both inside and outside of the TTPL's direct purview, and works collaboratively for their continuous improvement.
Responds to e-discovery requests and performs day-to-day ITP operations, including investigations and incident management.
Responsible for analyzing, documenting and responding to security events.
This role will act as an escalation point from the managed service provider (Tier 1 SOC) for events that require further analysis and treatment.
Will work closely with Security team and the GTS team at large in the resolution/containment of security incidents. Will maintain the security incident response playbook.
Will tag and annotate assets and IOCs in internal security tools.
Develops methods and analytics for detecting advanced threats.
Performs routine hunting exercises.
Participate in technical and non-technical SOC projects to improve SOC operational efficiency and ensure that policies, procedures and standards are met.
Responsible for supporting information security systems.
Related tasking includes, among others, documentation, updating software, deploying new technologies, performing backups, scripting, submitting change requests, quality assurance testing, developing reports, and systems troubleshooting.
Responsible for analysing suspicious files across applications, networks and endpoints, including memory and disk forensics, to determine maliciousness.
Responsible for improving relevant knowledge, skills, and abilities through research, lab work, mentoring others, training, and other professional development activities.
The Carlyle Group (NASDAQ: CG) is a global investment firm with $221 billion of assets under management and more than half of the AUM managed by women, across 389 investment vehicles as of June 30, 2020. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 1,800 professionals operating in 31 offices in North America, South America, Europe, the Middle East, Africa, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across four segments - Corporate Private Equity, Real Assets, Global Credit and Investment Solutions - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation.