Engineer IV - Sr. Insider Risk Investigator

Job Overview Position Schedule

Full-Time

The Digital Insider Risk (DInR) Department protects The Jones Financial Companies, and its subsidiaries (collectively, “the Firm”) against risk stemming from user digital activity. The Digital Insider Risk and Data Loss Prevention (DLP) Analyst will be responsible for monitoring, analyzing, investigating and reporting of User Behavior Analytics and Data Loss Prevention alerts across various tools, ensuring the protection of client and Firm data.

You will work closely with security analysts, engineers, and other IT professionals to enhance our security posture through the development and refinement of detection and enforcement rules.

• Monitor, triage, investigate, and elevate UEBA and DLP alerts from multiple systems (e.g., Gurucul, XSOAR, Microsoft Purview, Proofpoint, Zscaler).
• Quickly and accurately determine the level of urgency and address or investigate as necessary.
• Lead high-priority incident response activities related to insider risk and critical data exfiltration events.
• Assist in performing activities necessary for immediate containment and long-term resolution of events and incidents.
• Perform initial analysis of data from a variety of sources (to include but not limited to host, network, cloud, messaging, application), correlating it to meaningful DLP and Insider Risk events.
• Support confidential and complex digital investigations.
• Generate informative reporting around security events and metrics.
• Document investigations in adherence to all audit and legal requirements.
• Support the development of documentation in support of response processes and/or procedures.
• Analyze incidents for patterns of data misuse or exfiltration across email, endpoints, cloud, and web.
• Assist in rule development, tuning, and testing of DLP policies to reduce false positives and improve detection efficacy.
• Provide mentorship and guidance to junior analysts, fostering a culture of continuous learning and professional development.
• Develop threat models and use cases to proactively identify emerging insider risks.

Edward Jones’ compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage. Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account.

Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm’s Employee Assistance Program. For more information on the Benefits available to Edward Jones associates, please visit our benefits page.

Hiring Minimum: $101,700. Hiring Maximum: $173,200.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act. Edward Jones is prohibited from hiring individuals with certain specified criminal history as set forth in Section 3(a)(39) and 15(b)(4) and Rule 17a-3(a)(12) of the Securities and Exchange Act of 1934, and conducts background reviews consistent with FINRA Rule 3110(e).

A copy of a notice regarding the provisions of the Los Angeles County Fair Chance Ordinance is available at: dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30..

• Minimum of 5 years in Information Systems Security or Information Technology with a focus on security controls and processes.
• Possession of a recognized, advanced security certification.
• Proven experience enhancing an enterprise level Data Loss Prevention program (e.g., Microsoft Purview, Symantec, Trellix, Proofpoint).
• Demonstrated expertise in…