Lead Cyber Defense Engineer, ITC

Who You'll Work With
This role is part of Corporate Information Security (CIS) and reports to the Director – Insider Threat ITC. You'll collaborate closely with:

• Insider Threat Operations Analysts, Data Protection Analyst and Data Protection Engineering teams
• Corporate Information Security Cyber Defense
• Legal, HR, Governance, Resilience, and CIS teams

Who We Are Looking For
We're seeking a Lead Insider Threat Analyst. This role is pivotal to the success of our Insider Threat program, responsible for leading technical investigations and analyzing user activity data to detect potential data compromise or loss of intellectual property.

The ideal candidate is a high-integrity, self-driven professional who thrives in a fast-paced, high-impact environment. You'll bring a passion for operational excellence, strong communication skills, and a collaborative mindset to help elevate team performance and foster innovation. A key part of this role includes mentoring and developing junior analysts, promoting a culture of continuous learning and growth, and contributing strategic input to elevate the program's maturity and enterprise impact - while maintaining the highest standards of confidentiality and discretion.

What You Bring

• Bachelor's degree in Intelligence, Social Sciences, Computer Science, or related field
• 7–10 years of experience in insider threat, counterintelligence, or cyber investigations
• Expertise in insider threat analysis, user activity monitoring, and DLP tools
• Familiarity with risk scoring models and data analytics platforms, DLP, UEBA, SIEM & Security tools
• Proven understanding of insider threat behaviors, motivations, and tactics
• Experience supporting government or large corporate Insider Threat Programs
• Strong leadership and cross-functional collaboration skills
• Ability to work independently while fostering team alignment
• Exceptional analytical, verbal, and written communication skills

What You'll Work On
As a Lead Analyst on the Insider Threat Operations (ITO) team, your responsibilities will include:

• Advanced Analysis & Assessment: Conduct all-source, cyber, and investigative analysis. Apply insider risk models and assign risk levels. Integrate data from network monitoring and analytics tools to identify trends, anomalies, and hidden patterns
• Technical Leadership: Drive development of detection logic, alerting mechanisms, and investigative tooling tailored to insider threat scenarios. Collaborate with engineering and threat analysts to ensure scalable, actionable, and context-rich capabilities that accelerate response and reduce risk
• Data Triage: Analyze anomalous events from User Entity & Behavioral (UEBA), Data Loss Prevention (DLP), and other security tools. Escalate and investigate events of concern and document findings thoroughly to support incident response, legal review, or disciplinary action as needed
• Investigations: Lead and support insider threat investigations in accordance with established policies. Document findings in clear, actionable reports.
• Case Support: Provide analytic support for investigations, security inquiries, risk assessments, and adjudicative processes.
• Reporting & Briefings: Prepare and deliver high-quality reports and briefings that communicate investigative findings to stakeholders with clarity and precision
• Mentorship & Development: Guide and mentor junior analysts, fostering their technical and professional growth. Promote knowledge sharing, skill development, and team cohesion
• Global Collaboration: Partner with cross-functional and global teams to align insider threat strategies, share insights, and ensure consistent execution across regions. Promote the program's value and influence across international stakeholders