Senior Specialist - Insider Threat

Core Responsibilities

• Lead complex insider threat digital investigations, with primary focus on OT/ICS environments and support for IT investigations as required.
• Conduct enterprise-wide forensic evidence collection across IT and OT systems, ensuring accurate, secure, and defensible acquisition with proper chain of custody.
• Analyze digital artifacts to identify insider threat behaviors, attack vectors, indicators of compromise, timelines, and root causes.
• Prepare and deliver clear, concise investigative reports and strategic recommendations to technical teams and executive leadership.
• Serve as a technical subject matter expert (SME) and provide evidence to insider threat investigators and cross functional partners.
• Collaborate with cybersecurity teams (CSOC, Red Team, Engineering, Vulnerability Management) and OT operations teams to enhance detection, response, and mitigation of insider risk.
• Perform advanced forensic analysis, including malware reverse engineering and network traffic analysis using commercial and opensource tools.
• Research emerging insider threat trends and contribute to the development of alerting, detection logic, and investigative methodologies.
• Maintain and enhance digital investigation lab capabilities, support protective intelligence efforts as needed, and participate in oncall and emergency response activities., * The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.
• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

Come join us at Con Edison as a Senior Specialist Insider Threat Team! We are seeking a highly skilled and motivated investigator to join our growing Digital Security Investigations team. In this role, you will lead Insider Threat digital investigations with a strong emphasis on OT environments, while supporting IT-related cases as needed. You will conduct complex digital forensic investigations, manage enterprise-wide evidence collection, collaborate with a high performing team, and present impactful findings to senior leadership to drive strategic security decisions., * Bachelor's Degree and four years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience. or

• Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.

Preferred Education/Experience

• Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.

Relevant Work Experience

• Demonstrated experience conducting digital forensic investigations using commercial and opensource tools is required. Required
• Strong understanding of insiderthreat policies, investigative procedures, and evidence handling, including strict chainofcustody practices is required. Required
• Proven ability to analyze digital evidence, develop investigation timelines, perform rootcause analysis, and draw defensible conclusions is required. Required
• Experience producing clear, wellstructured reports and briefings for both technical teams and executive leadership is required. Required
• Knowledge of evolving insiderthreat trends, tactics, and threat behaviors is required. Required
• Understanding of OT/ICS systems, protocols, and architectures is preferred. Preferred
• Physical security investigative experience is preferred. Preferred

Skills and Abilities

• Demonstrated ability to maintain confidential information
• Strong verbal communication and listening skills
• Demonstrated analytical skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

• Other: Required
• Accredited Asset Management Specialist (AAMS) Relevant DFIR Certifications; GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar. Preferred

Physical Demands

• Ability to push, pull, and lift up to 25 pounds
• Ability to push, pull, and lift up to 40 pounds
• Sit or stand to answer a phone for the duration of the workday
• Sit or stand to use a keyboard, mouse, and computer for the duration of the workday
• Possess manual dexterity and the ability to use hands for the duration of the workday
• Ability to stoop, bend, reach, and kneel throughout the workday
• Stand to use/operate office equipment for the duration of the workday
• Ability to read small print and symbols
• Work rotating shifts, including nights, midnights, weekends and holidays