• Insider Threat and Threat Hunting Senior Analyst…

    KeyBank (Albany, NY)


    Location:

    4910 Tiedeman Road, Brooklyn Ohio

     

    Our Cyber Threat Management team rolls up into Key’s broader Cyber Defense function within Corporate Information Security. Cyber Defense’s mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat-centric defense.

     

    The Insider Threat and Threat Hunting Senior Analyst is a key member of the Cyber Threat Management (CTM) team and has responsibilities in both areas. In this role, you will focus on both technical insider threats and threat hunting. This role includes hands-on technical functions, along with helping both programs mature by evaluating the current state and recommending program and capability improvements.

     

    You will develop and maintain a deep understanding of the insider threat and cyber threat landscapes, by utilizing threat intelligence related to insider threats, along with threat actor Tactics, Techniques and Procedures (TTPs), and their associated threats, to support mitigation efforts while leveraging frameworks such as MITRE ATT&CK.

     

    This position requires strong threat hunting and insider threat investigation skills, and advanced knowledge of cybersecurity fundamentals and concepts. Success in this role demands an independent, thorough, and adaptable individual who can deliver accurate and complete intelligence outputs.

    Key Responsibilities

    + Hands-on experience in designing and executing proactive, hypothesis-driven threat hunts across endpoints, networks, and cloud environments, leveraging threat intelligence and behavioral indicators to uncover hidden threats.

    + Apply deep knowledge of attacker tactics, techniques, and procedures (TTPs) to build proactive detections and alerts for potential adversary activities, leveraging threat intelligence and analytical insights.

    + Skilled in using security platforms such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM), along with the ability to analyze logs from diverse sources including Windows, Linux, cloud environments, and network devices.

    + Hands-on experience in Insider Threat, including conducting sensitive investigations, use case development, detection development and Insider Threat platforms such as User and Entity Behavior Analytics (UEBA), User Activity Monitoring (UAM), or similar technologies.

    + Conduct comprehensive monitoring and analysis of insider threat indicators. Preserve evidence, prepare detailed reports, and present findings to key stakeholders, including HR and Legal.

    + Drive the evolution of the Insider Threat and Threat Hunt programs by advising on best practices, maintaining thorough documentation, enhancing metrics, and implementing improvements to increase organizational resilience.

    + Good knowledge of the cyber threat landscape (preferably in the financial sector) and the ability to communicate those threats to senior leadership, technical and non-technical audiences.

    + Apply frameworks (Ex. MITRE ATT&CK) to enhance detection and response.

    + Skilled in automation, including intelligence gathering and processing using scripts or platforms (e.g., python, APIs, STIX/TAXII).

    + Produce written reports, threat assessments, and briefings for technical and non-technical stakeholders.

    + Collaborate closely within and outside of the CTM team.

    + Participate, as needed, in technical incident response activities.

    + Actively participate in tabletop exercises and red/blue/purple team activities.

    + Interface with stakeholders within Cyber Defense, the broader security organization, and those outside of security such as technology, fraud, HR and other lines of business partners.

    + Provide mentorship and technical guidance to junior analysts and cross-functional partners.

    + Lead by example in fostering a culture of curiosity, rigor, and continuous learning within these functions.

    + Demonstrated presentation development; tailors the message as needed; comfortable presenting to all levels; strong writing skills; demonstrates creativity in articulating messages that support recommendations.

    + Performs other duties as assigned; duties, responsibilities and/or activities may change or new ones may be assigned at any time with or without notice

    + Complies with all KeyBank policies and procedures, including without limitation, acting professionally at all times, conducting business ethically, avoiding conflicts of interest, and acting in the best interests of Key’s clients and Key.

    Required Qualifications

    + Bachelor’s in Computer Science, Cybersecurity, or related field or equivalent experience

    + Minimum 5 years of experience in Insider Threat or Threat Hunting roles.

    + Minimum of 7 years of broadly based, progressive experience in information systems or information security environments.

    + Strong analytical, research, and writing skills.

    + Proficiency with Insider Threat and Threat Hunting tools, along with experience with log analysis.

    + Deep understanding of the MITRE ATT&CK framework and adversary TTPs.

    + Strong ability to communicate concisely, effectively and directly with executive management.

    + Ability to work independently and escalate risks appropriately.

    Skills

    + Working knowledge of the importance of inter-team collaboration in breaking down silos and achieving business results; ability to lead employees from various functions to communicate, coordinate work across divisions, and collaborate in solving problems as one team.

    + Working knowledge of major functional processes and associated operating requirements; ability to apply this knowledge appropriately to diverse situations.

    + Basic understanding of the importance of "big picture" thinking and planning; ability to apply organizational acumen and competitiveness to identify and maintain focus on key success factors for the organization.

    + Extensive experience with techniques and tools that promote effective analysis; ability to determine the root cause of organizational problems and create alternative solutions that resolve these problems.

    + Extensive experience with effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.

    + Extensive experience with being proactive and committing to action on self-identified job responsibilities and challenges; ability to seek out work and the drive to accomplish goals.

    + Working knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.

    + Working knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.

    + Working knowledge of methods and processes to monitor, analyze and respond to network attacks, intrusions or any unauthorized actions; ability to use techniques and tools to perform network defense.

    + Working knowledge of techniques, approaches and processes of digital threats; ability to detect, monitor, analyze and prevent digital threats.

    + Extensive experience with the processes, tools and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling and preventing violations of IT security.

    + Working knowledge of information security audits; ability to assess the effectiveness of information security measures, identify potential risk exposures, and protect the availability, confidentiality and audit trails of information from destruction or manipulation.

    + Basic understanding of information security architecture; ability to use the tools and techniques in creating software, hardware, networking and application infrastructure for information security.

    Preferred Certifications

    + GIAC Cyber Threat Intelligence (GCTI)

    + GIAC Certified Forensic Analyst (GCFA)

    + Certified Information Systems Security Professional (CISSP)

    + CompTIA Cybersecurity Analyst (CySA+)

    + CompTIA Security **Core Competencies**

    + All KeyBank employees are expected to demonstrate Key’s Values and abide by Key’s Code of Conduct.

    Physical Demands

    + General Office - Prolonged sitting, ability to communicate face to face in person or on the phone with teammates and clients, frequent use of PC/laptop, occasional lifting/pushing/pulling of backpacks, computer bags up to 10 lbs.

    COMPENSATION AND BENEFITS

    This position is eligible to earn a base salary in the range of $94,000.00 - $175,000.00 annually. Placement within the pay range may differ based upon various factors, including but not limited to skills, experience and geographic location. Compensation for this role also includes eligibility for incentive compensation subject to individual and company performance.

     

    Please click here (https://www.key.com/about/careers/working-with-us/benefits.html) for a list of benefits for which this position is eligible.

     

    Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.

    Job Posting Expiration Date: 12/28/2025

    KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, pregnancy, disability, veteran status or any other characteristic protected by law.

     

    Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing [email protected].

     

    \#LI-Remote

     

    KeyBank is an organization collectively committed to helping you unlock your potential and discover what truly drives you. Working here means sharing our purpose to help our clients, colleagues, and communities thrive. You’ll find genuinely supportive teammates, a flexible, inclusive work environment, challenging projects, accessible leaders, and opportunities to grow in your position and your career. For 200 years, Key has opened doors in our communities. Let us open one for you.