Senior Specialist - Insider Threat
Consolidated Edison Company of New York, New York, NY, United States
Overview
Come join us at Con Edison as a Senior Specialist Insider Threat Team! We are seeking a highly skilled and motivated investigator to join our growing Digital Security Investigations team. In this role, you will lead Insider Threat digital investigations with a strong emphasis on OT environments, while supporting IT-related cases as needed. You will conduct complex digital forensic investigations, manage enterprise-wide evidence collection, collaborate with a high performing team, and present impactful findings to senior leadership to drive strategic security decisions.
Core Responsibilities
Lead complex insider threat digital investigations, with primary focus on OT/ICS environments and support for IT investigations as required.
Conduct enterprise-wide forensic evidence collection across IT and OT systems, ensuring accurate, secure, and defensible acquisition with proper chain of custody.
Analyze digital artifacts to identify insider threat behaviors, attack vectors, indicators of compromise, timelines, and root causes.
Prepare and deliver clear, concise investigative reports and strategic recommendations to technical teams and executive leadership.
Serve as a technical subject matter expert (SME) and provide evidence to insider threat investigators and cross functional partners.
Collaborate with cybersecurity teams (CSOC, Red Team, Engineering, Vulnerability Management) and OT operations teams to enhance detection, response, and mitigation of insider risk.
Perform advanced forensic analysis, including malware reverse engineering and network traffic analysis using commercial and open‑source tools.
Research emerging insider threat trends and contribute to the development of alerting, detection logic, and investigative methodologies.
Maintain and enhance digital investigation lab capabilities, support protective intelligence efforts as needed, and participate in on‑call and emergency response activities.
Qualifications
Required Education/Experience
Bachelor's Degree and four years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Preferred Education/Experience
Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Relevant Work Experience
Demonstrated experience conducting digital forensic investigations using commercial and open‑source tools.
Strong understanding of insider threat policies, investigative procedures, and evidence handling, including strict chain of custody practices.
Proven ability to analyze digital evidence, develop investigation timelines, perform root cause analysis, and draw defensible conclusions.
Experience producing clear, well‑structured reports and briefings for both technical teams and executive leadership.
Knowledge of evolving insider threat trends, tactics, and threat behaviors.
Understanding of OT/ICS systems, protocols, and architectures is preferred.
Physical security investigative experience is preferred.
Skills and Abilities
Demonstrated ability to maintain confidential information.
Strong verbal communication and listening skills.
Demonstrated analytical skills.
Proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint.
Licenses and Certifications
Other: Required.
Accredited Asset Management Specialist (AAMS) and relevant DFIR certifications: GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar.
Physical Demands
Ability to push, pull, and lift up to 25 pounds.
Ability to push, pull, and lift up to 40 pounds.
Sit or stand to answer a phone for the duration of the workday.
Sit or stand to use a keyboard, mouse, and computer for the duration of the workday.
Possess manual dexterity and the ability to use hands for the duration of the workday.
Ability to stoop, bend, reach, and kneel throughout the workday.
Stand to use/operate office equipment for the duration of the workday.
Ability to read small print and symbols.
Work rotating shifts, including nights, midnights, weekends, and holidays.
Additional Physical Demands
The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non‑business hours during emergencies, which may include nights, weekends, and holidays.
#J-18808-Ljbffr
Come join us at Con Edison as a Senior Specialist Insider Threat Team! We are seeking a highly skilled and motivated investigator to join our growing Digital Security Investigations team. In this role, you will lead Insider Threat digital investigations with a strong emphasis on OT environments, while supporting IT-related cases as needed. You will conduct complex digital forensic investigations, manage enterprise-wide evidence collection, collaborate with a high performing team, and present impactful findings to senior leadership to drive strategic security decisions.
Core Responsibilities
Lead complex insider threat digital investigations, with primary focus on OT/ICS environments and support for IT investigations as required.
Conduct enterprise-wide forensic evidence collection across IT and OT systems, ensuring accurate, secure, and defensible acquisition with proper chain of custody.
Analyze digital artifacts to identify insider threat behaviors, attack vectors, indicators of compromise, timelines, and root causes.
Prepare and deliver clear, concise investigative reports and strategic recommendations to technical teams and executive leadership.
Serve as a technical subject matter expert (SME) and provide evidence to insider threat investigators and cross functional partners.
Collaborate with cybersecurity teams (CSOC, Red Team, Engineering, Vulnerability Management) and OT operations teams to enhance detection, response, and mitigation of insider risk.
Perform advanced forensic analysis, including malware reverse engineering and network traffic analysis using commercial and open‑source tools.
Research emerging insider threat trends and contribute to the development of alerting, detection logic, and investigative methodologies.
Maintain and enhance digital investigation lab capabilities, support protective intelligence efforts as needed, and participate in on‑call and emergency response activities.
Qualifications
Required Education/Experience
Bachelor's Degree and four years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Preferred Education/Experience
Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Relevant Work Experience
Demonstrated experience conducting digital forensic investigations using commercial and open‑source tools.
Strong understanding of insider threat policies, investigative procedures, and evidence handling, including strict chain of custody practices.
Proven ability to analyze digital evidence, develop investigation timelines, perform root cause analysis, and draw defensible conclusions.
Experience producing clear, well‑structured reports and briefings for both technical teams and executive leadership.
Knowledge of evolving insider threat trends, tactics, and threat behaviors.
Understanding of OT/ICS systems, protocols, and architectures is preferred.
Physical security investigative experience is preferred.
Skills and Abilities
Demonstrated ability to maintain confidential information.
Strong verbal communication and listening skills.
Demonstrated analytical skills.
Proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint.
Licenses and Certifications
Other: Required.
Accredited Asset Management Specialist (AAMS) and relevant DFIR certifications: GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar.
Physical Demands
Ability to push, pull, and lift up to 25 pounds.
Ability to push, pull, and lift up to 40 pounds.
Sit or stand to answer a phone for the duration of the workday.
Sit or stand to use a keyboard, mouse, and computer for the duration of the workday.
Possess manual dexterity and the ability to use hands for the duration of the workday.
Ability to stoop, bend, reach, and kneel throughout the workday.
Stand to use/operate office equipment for the duration of the workday.
Ability to read small print and symbols.
Work rotating shifts, including nights, midnights, weekends, and holidays.
Additional Physical Demands
The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non‑business hours during emergencies, which may include nights, weekends, and holidays.
#J-18808-Ljbffr