POSITION SUMMARY: PVH is seeking a Senior, Cyber Security Insider Threat Analyst to join its Global Information Security Group (ISG). This is a new position that will be a vital member of the Threat Response team, participating in Cyber Security Incident Response Team (CSIRT) activities and capabilities.The Senior, Cyber Security Insider Threat Analyst will develop and implement new security policies, help with supporting SOC analysts and incident responders globally using a wide variety of tools. The Senior, Cyber Security Insider Threat Analyst will triage, analyze, and assess alerts and document report findings. This role will work closely with cross-functional teams to gather evidence, analyze data, and take appropriate actions to mitigate insider threats effectively. This person will conduct internal forensic investigations for PVH and coordinate with our legal team if necessary.The Threat Response team continually deploys, maintains, and tunes countermeasures in response to new or changing insider threat tactics, techniques, and procedures (TTPs), the Senior, Cyber Security Insider Threat Analyst will play a major role in ensuring those responsibilities are executed seamlessly to protect the company from unauthorized activities.PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
QUALIFICATIONS & EXPERIENCE:Experience:
Triage and analyze insider threat alerts with industry standard tools such as Varonis, MS Information Protection, DTEX and others.
Maintain the insider threat tools to ensure that the objectives defined by leadership are met.
Maintain the Data Leak Prevention (DLP) tools and respond to identified incidents.
Conduct in-depth investigations into suspected insider threats, including interviews, evidence collection, and digital forensics analysis.
Collect and preserve digital and physical evidence related to insider threat incidents, ensuring chain of custody, and maintaining strict confidentiality.
Document and report findings to impacted business units and teams for company investigations
Provide information to our SOC lead for trending, reporting and deeper forensic analysis.
Create and implement countermeasures to specific weaknesses against known adversarial TTPs
Support meetings where insider threat representation is needed.
Work with legal and provide forensic data to internal teams and support the investigation.
Develop and implement insider threat policies and standards and engage leadership on ways to improve the insider threat program.
Education: Bachelor's degree in related fieldCertifications: SANS GCIH, GSOC, GSOM, GCIA, GPEN, GMON, GCDA, GDAT or certifications relating to security operations or incident response preferredSkills:
10+ years of cybersecurity professional experience
At least 3 years of incident response experience
At least 3 years of data leak prevention (DLP) experience
At least 1 year of insider threat detection experience
Additional Skills a Plus:
Experience with insider threat detection capabilities and common insider threat TTPs.
Experience with DLP capabilities, principles and methods.
Knowledge of network traffic and communications, including known ports and services.
Demonstrated experience in coordinating with external business units outside of Information Security.
Knowledge of incident handling procedures.
Strong understanding of incident response processes, workflows, communications and reporting, escalations, and cross-department collaboration.
Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT, and modern penetration testing techniques.
Understanding of core current cybersecurity technologies as well as emerging capabilities.
Demonstrated understanding of the life cycle of cybersecurity threats (internal and external), attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
Knowledge of computer security principles
Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings.
Demonstrated experience with the Windows operating system and other operating systems (e.g., Mac, Linux or Unix).
Technical understanding of UEBA, UAM and DLP technologies and their use in detecting and preventing insider threats
Technical understanding of SIEM, SOAR, EDR, firewalls, network, and email security tools with a variety of enterprise IT and cloud-based architectures and technologies, such as networking, server infrastructure, operating systems, web applications, databases, containerization and mobile
Knowledge of digital cybersecurity and data privacy laws
PVH Corp. or its subsidiary ("PVH") is an equal opportunity employer and considers all applicants for employment on the basis of their individual capabilities and qualifications, consistent with applicable law and without regard to race, color, sex, gender identity or expression, age, religion, creed, national origin, citizenship status, sexual orientation, genetic information, physical or mental disability, military status or any other characteristic protected under federal, state or local law. In addition to complying with all applicable laws, PVH also has a strong corporate commitment to inclusion, diversity and to ensuring that all current and future PVH associates are compensated solely on job-related factors such as skill, ability, educational background, work quality, experience and potential. To achieve these goals, across the United States and its territories, PVH prohibits any PVH employee, agent or representative from requesting or otherwise considering any job applicant's current or prior wages, salary or other compensation information in connection with the hiring process. Accordingly, applicants are asked not to disclose this salary history information to PVH