Cyber Risk Analyst
GE Healthcare
30133 Krakow, Lesser Poland, Poland
4 d. temu


Job Description Summary

The Cyber Risk Analyst will be responsible for the detection, design, and testing of analytic frameworks, processes, procedures, and controls.

They will be responsible for threat identification, indicator development, data movement analytics, data collection and analysis, and identification of anomalous patterns of data, as well as supporting planning, hunting for insider threat incidents, and supporting investigations.


In this role, you will :

  • Lead the development and execution of the detection analytics capabilities within the Insider Threat program, including risk scoring models, thresholds, baselines, key indicators, and reporting.
  • Maintenance of a comprehensive response escalation process and procedures including the investigative processes.
  • Perform daily response operations that may involve occasional non-traditional working hours - act as escalation points where necessary.
  • Review of daily alerts, triage violations, raise cases and lead co-ordination of investigations across business and partner teams.
  • Improve state of our insider program and platforms by configuring and updating policies, building the knowledge base, metrics management and maturity overall.
  • Drive projects and work streams within the Insider Threat program including appropriate risk mitigation activities in the Data Protection space."
  • Lead threat hunting activities, triage work and case management with appropriate teams.
  • Lead log ingestion and threat modelling activities in partnership with application owners and analytics platform teams, co-relate data and build policies to identify insider threats.
  • Create alerts and generate reporting in the analytics platform to identify trends, risk indicators and highlight areas to address risk.
  • Support log ingestion activities in partnership with application owners and analytics platform teams, run threat modelling, co-relate data and build policies to identify insider threats in critical business applications.
  • Participate in threat hunting activities, support triage work and case management with appropriate teams.
  • Qualifications / requirements

    Bachelor’s Degree in Computer Science or STEM Majors (Science, Technology, Engineering and Math)

    Experience in anomaly detection, data analytics, behavior analytics

    Training in Information Security-specific disciplines (CISSP, Security+, SSCP, SANS, CERT, CMU-SEI, CEH certification, etc.)

    Experience detecting and responding to cyber incidents in an Information Technology environment

    Strong Splunk experience in advanced reporting and alerting, queries, and data modeling

    Detailed understanding of Insider Threat, Data Security, and associated tactics

    Experience with UEBA tools (Securonix, SNYPR, etc.)

    Experience with host-based detection and prevention suites (McAfee EPO, OSSEC, Yara,, Crowdstrike, Digital Guardian, etc.)

    Experience with host-centric tools for forensic collection and analysis (FTK, Encase, etc.)

    Experience with Network Security Monitoring (NSM) tools (Snort, Bro-IDS, PCAP, tcpdump, etc.)

    IT infrastructure background including familiarity with applications (HTTP, SMTP, DNS, FTP, SSH, etc.), operating systems (Windows, *Nix, and Mac), and Cloud, Networks, Databases, Cryptography, Identity & Access Management, Proxies etc.

    Basic scripting and coding skills (Powershell, VBscript, Bash, Python, Ruby, PHP etc.)

    Experience in working with Agile methodologies

    Desired Characteristics

    Leadership :

    Strong interpersonal, analytical, organizational, written and verbal communication skills

    Demonstrated ability to communicate and lead in a team based setting

    Experience in large global environments spanning multiple time zones

    Providing mentorship to junior team members

    Ability to influence across organizations

    Personal Attributes :

    Needs to be a self-starter

    Independent learner

    Successfully track multiple streams of work to completion


    Additional Information

    Relocation Assistance Provided : No

    Zgłoś tę pracę

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mój adres email
    Klikając przycisk "Kontynuuj", wyrażam zgodę neuvoo na przetwarzanie moich danych i wysyłanie powiadomień e-mailem, zgodnie z zasadami przedstawionymi przez neuvoo. W każdej chwili mogę wycofać moją zgodę lub zrezygnować z subskrypcji.
    Formularz wniosku