Insider Threat Senior Analyst
KeyBank · United States
- Hybrid
- Full-time
- $181,000 / year
- United States
Job highlights
- Investigate insider threats and conduct proactive threat hunting.
- Develop and mature threat detection capabilities.
- Analyze logs and utilize security platforms.
- Communicate findings to stakeholders.
- Advance cybersecurity posture with strategic insights.
About the role
Insider Threat Senior Analyst - Brooklyn, Ohio
Our Cyber Threat Management team is a vital part of Key’s broader Cyber Defense function within Corporate Information Security. Our mission is to Deter, Detect, Deny, and Disrupt adversaries through proactive threat-centric defense.
About the Role
The Senior Insider Threat and Threat Hunting Analyst is a pivotal member of the Cyber Threat Management (CTM) team. This role encompasses responsibilities in both Insider Threat and Threat Hunting, with a primary emphasis on Insider Threat and a secondary focus on Threat Hunting. You will conduct hands-on technical analysis for insider threat investigations and proactive threat hunting. A critical aspect of this role involves maturing both programs by assessing capabilities, identifying enhancements, and recommending improvements for processes, tools, and detection strategies. This position uniquely combines deep technical execution with strategic program development to bolster KeyBank’s overall threat posture.
Key Responsibilities
- Develop and maintain a deep understanding of the insider threat and cyber threat landscapes, utilizing threat intelligence and attacker Tactics, Techniques and Procedures (TTPs) to support mitigation efforts, referencing frameworks like MITRE ATT&CK.
- Perform hands-on technical analysis for insider threat investigations and proactive threat hunting activities.
- Conduct sensitive investigations, develop use cases, and create detections using Insider Threat platforms (UEBA, UAM, SIEM, etc.).
- Monitor and analyze insider threat indicators, preserve evidence, prepare detailed reports, and present findings to HR and Legal.
- Design and execute hypothesis-driven threat hunts across endpoints, networks, and cloud environments.
- Apply knowledge of attacker TTPs to build proactive detections and alerts, leveraging threat intelligence.
- Utilize security platforms like XDR and SIEM, analyzing logs from Windows, Linux, cloud, and network devices.
- Drive the evolution of Insider Threat and Threat Hunt programs by advising on best practices, maintaining documentation, and enhancing metrics.
- Communicate cyber threats effectively to senior leadership, technical, and non-technical audiences.
- Apply frameworks like MITRE ATT&CK to improve detection and response.
- Leverage automation (Python, APIs, STIX/TAXII) for intelligence gathering and processing.
- Produce written reports, threat assessments, and briefings.
- Collaborate effectively within and outside the CTM team.
- Participate in technical incident response activities as needed.
- Engage in tabletop exercises and red/blue/purple team activities.
- Interface with stakeholders across Cyber Defense, security, technology, fraud, HR, and other business lines.
- Provide mentorship and technical guidance to junior analysts and partners.
- Foster a culture of curiosity, rigor, and continuous learning.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or related field—or equivalent experience.
- 5+ years in Insider Threat and/or Threat Hunting roles.
- Strong analytical, research, and writing skills.
- Proficiency with Insider Threat and Threat Hunting tools, and log analysis experience.
- Deep understanding of the MITRE ATT&CK framework and adversary TTPs.
- Strong ability to communicate concisely and effectively with executive management.
- Ability to work independently and escalate risks appropriately.
Preferred Certifications
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Certified Forensic Analyst (GCFA)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Cybersecurity Analyst (CySA+)
- CompTIA Security+
Compensation and Benefits
This position is eligible for a base salary between $96,000.00 and $181,000.00 annually. Placement within this range depends on skills, experience, and geographic location. The role also includes eligibility for incentive compensation.
Equal Opportunity Employer
KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, pregnancy, disability, veteran status or any other characteristic protected by law. Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.
Job Posting Expiration Date: 06/05/2026
Key skills/competency
- Insider Threat Investigations
- Threat Hunting
- UEBA/UAM/SIEM Analysis
- MITRE ATT&CK Framework
- Cyber Threat Intelligence
- Log Analysis
- XDR Platforms
- Incident Response
- Python Scripting
- Risk Assessment
Skills & topics
- Insider Threat
- Threat Hunting
- Cybersecurity Analyst
- Information Security
- SIEM
- XDR
- UEBA
- Log Analysis
- MITRE ATT&CK
- Threat Intelligence
- Behavioral Analytics
- Security Operations
- Cyber Defense
- Risk Management
- Forensics
- Incident Response
How to get hired
- Tailor your resume: Highlight 5+ years in Insider Threat/Threat Hunting, tool proficiency, and MITRE ATT&CK expertise.
- Showcase analytical skills: Emphasize your research, writing, and log analysis capabilities in your application.
- Demonstrate communication: Prepare examples of concisely communicating complex threats to executive management.
- Research KeyBank's culture: Understand their mission of proactive defense and commitment to an inclusive environment.
- Highlight relevant certifications: Mention preferred certifications like GCTI, GCFA, CISSP, CySA+, or Security+ if applicable.
Technical preparation
Master SIEM, XDR, and UEBA platforms.,Practice log analysis on diverse systems.,Study MITRE ATT&CK TTPs extensively.,Develop Python scripts for automation.
Behavioral questions
Describe a complex insider threat investigation.,How do you handle sensitive HR/Legal findings?,Explain a proactive threat hunt hypothesis.,How do you communicate technical risks clearly?
Frequently asked questions
- What is the primary focus of the Senior Insider Threat Analyst role at KeyBank?
- The Senior Insider Threat and Threat Hunting Analyst role at KeyBank primarily focuses on insider threat investigations and program development, with a secondary focus on proactive threat hunting activities. This involves hands-on technical analysis and strategic improvement of detection strategies and tools.
- What are the key technical skills required for this position at KeyBank?
- Key technical skills include hands-on experience with Insider Threat platforms (UEBA, UAM, SIEM), log analysis across various sources (Windows, Linux, cloud, network), proficiency with XDR and SIEM tools, and understanding of the MITRE ATT&CK framework and attacker TTPs. Experience with automation scripting like Python is also beneficial.
- What experience level is expected for the Senior Insider Threat Analyst role?
- The role requires a minimum of 5+ years of experience specifically in Insider Threat and/or Threat Hunting roles. A Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience, is also expected.
- How does KeyBank approach threat detection and response for insider threats?
- KeyBank's Cyber Defense function, including the Cyber Threat Management team, aims to Deter, Detect, Deny, and Disrupt adversaries. The Senior Insider Threat Analyst contributes by developing and implementing advanced detection strategies, investigating incidents, and maturing the Insider Threat program.
- What kind of reporting and communication is expected from this role at KeyBank?
- The Senior Insider Threat Analyst is expected to produce detailed written reports, threat assessments, and briefings. Strong communication skills are essential for presenting findings to various stakeholders, including HR, Legal, executive management, and both technical and non-technical audiences.
- Are there specific certifications that are preferred for this KeyBank position?
- Yes, KeyBank prefers candidates with certifications such as GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Forensic Analyst (GCFA), Certified Information Systems Security Professional (CISSP), CompTIA Cybersecurity Analyst (CySA+), or CompTIA Security+. However, equivalent experience can also be considered.
- What is the salary range for the Insider Threat Senior Analyst position at KeyBank?
- The eligible base salary range for this position is $96,000.00 to $181,000.00 annually. The exact placement within this range will depend on factors like skills, experience, and geographic location. Incentive compensation is also possible.
- Does KeyBank offer remote work for the Insider Threat Senior Analyst role?
- The job posting specifies a location at 4910 Tiedeman Road, Brooklyn, Ohio. While KeyBank prioritizes in-office presence, they provide flexible options where roles can be performed effectively in a mobile environment, suggesting a potential for hybrid arrangements.