Insider Investigations Analyst

CrowdStrike

full-time

Posted on: 9/18/2025

Origin: • 🇺🇸 United States

Visit company website

✨ AI Apply

Apply

Salary

💰 $100,000 - $155,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AssemblyCyber SecurityLinuxOpen SourcePerlPythonSplunkSQLTCP/IP

About the role

Participate in confidential insider risk investigations and support the Insider Risk Team Program via triage and investigation of detections
Create and implement insider risk related detections and assist in the development of detection criteria through ASM
Perform detailed investigations reviewing data from multiple sources (network, host, open source)
Communicate with end users regarding potential policy violations and assist in data recovery efforts
Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs)
Handle confidential or sensitive information with appropriate discretion
Assist in regular and sustained alert tuning efforts to minimize false positives
Ensure all investigations are properly documented and tracked in case management systems
Support Incident Response lifecycle via triage, live response, containment, escalation, and after-hours on-demand support
Identify security controls coverage and efficiency gaps in available data/logs and tooling
Provide information security summaries containing security metrics as required
Participate in incident response, manage escalations, and drive process development and documentation for the Incident Response lifecycle

Requirements

Experience with data classification or risk scoring methodologies
Excellent verbal and written communication skills with attention-to-detail
Ability to triage and manage 2-3 investigations simultaneously
Ability to work independently and coordinate with multiple internal departments
Experience responding to security event alerts, front-line analysis and escalation
Theoretical and practical knowledge with Mac, Linux, and Windows operating systems
Theoretical and practical knowledge with TCP/IP networking and application layers
Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation
Experience with access/application/system log analysis, IDS/IPS alerting and SIEM-based workflows
Experience with security data collection, processing, and correlation
Scripting experience (Bash, PowerShell, etc.)
Experience with REGEX and data stream editing binaries (SED, AWK, etc.)
Experience with host database enumeration and analysis (SQL, SQLITE3)
Experience with network analysis (TCPDump, TSHark/WireShark, etc.)
Experience with basic static and dynamic host analysis (Order of Volatility, etc.)
Experience with basic files analysis (permissions, ownership, metadata)
Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes
Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience
Obtained or pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science
Desire to continually grow and expand both technical and soft skills
Contributing thought leader within the incident response industry
Ability to foster a positive work environment and attitude
Bonus: scripting experience in Python or Perl
Bonus: Experienced user of Splunk or Falcon LogScale query language
Bonus: Experience with user behavior analytics and profiling tools or methodologies
Bonus: Experience creating and tuning detection/alert logic to reduce false positives
Bonus: Experience in data loss prevention, data classification, and knowledge of common data loss vectors
Bonus: Previous project management experience desirable

Insider Investigations Analyst

Salary

Job Level

Tech Stack

About the role

Requirements

Similar jobs on JobTailor

Security Analyst II

Cybersecurity Engineering Instructor

Information Systems Security Officer

Senior Cyber Security Engineer, Suricata

Operations Command Center Engineer