Senior Insider Risk Analyst

About Analog Devices

Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, AI, and software technologies into solutions that combat climate change, reliably connect humans and the world, and help drive advancements in automation and robotics, mobility, healthcare, energy and data centers. With revenue of more than $11 billion in FY25, ADI ensures today's innovators stay Ahead of What's Possible. Learn more at www.analog.com and on LinkedIn and X.

          

About the Role

We are seeking a Senior Insider Risk Analyst to join our Insider Risk Program and serve as a critical line of defense against insider threats across our hybrid enterprise environment. This role is uniquely positioned at the intersection of proactive threat hunting and detection engineering, with an equal split of responsibilities between the two disciplines.

You will operate across a diverse technology landscape spanning Windows, Linux, cloud, and on-premises environments, leveraging enterprise security tooling to identify, investigate, and mitigate insider risk. You will work closely with Security Operations, Identity & Access Management, Data Protection, IT, and Legal/HR stakeholders to protect critical intellectual property and sensitive data.

This is a Philippines-based position supporting a global insider risk function with cross-time zone collaboration requirements.

Proactive Investigations & Insider Risk Sweeps

• You will conduct proactive insider risk investigations by identifying anomalous user behavior, policy violations, data exfiltration indicators, and unauthorized access patterns across the enterprise environment. This includes performing scheduled and ad hoc insider risk sweeps targeting high-risk user populations — employees on performance improvement plans, individuals in notice periods, privileged access holders, and users with access to critical intellectual property.
• You will leverage insider risk management platforms to triage and investigate alerts, correlating insights with signals from endpoint detection, identity monitoring, and network telemetry. You will also analyze cloud security and CASB telemetry to identify risky cloud application usage, unauthorized data uploads, shadow IT activity, and anomalous web/SaaS behavior indicative of insider threats.
• A significant part of this work involves investigating privileged access abuse using PAM platforms — reviewing privileged session recordings, credential checkout anomalies, and unauthorized privilege escalation, with particular focus on Linux-based engineering environments. You will conduct advanced threat hunting in SIEM platforms using structured query languages to uncover subtle indicators of insider activity that evade automated detection rules.
• You will monitor and investigate activity within Linux environments, including engineering tool usage, storage access patterns, and file operations across enterprise storage platforms. When investigations mature, you will prepare investigation packages with evidence, timelines, and findings for handoff to Legal, HR, Ethics, and/or Law Enforcement as required.
• All investigative activities must maintain chain-of-custody standards and comply with applicable global privacy regulations.

Detection Engineering & Coverage Growth

• You will design, build, test, and deploy insider risk detection rules across SIEM, insider risk management, endpoint detection, and cloud security platforms. A core deliverable is the development and maintenance of a detection coverage matrix that maps insider risk scenarios — data exfiltration, privilege abuse, unauthorized access, sabotage, and collusion — to detection capabilities across all platforms.
• You are expected to identify and close detection gaps by analyzing investigation outcomes, red team findings, industry threat intelligence, and the MITRE ATT&CK / MITRE Insider Threat frameworks. You will build correlation rules that combine signals across endpoint, cloud security, PAM, and Linux audit logs to create high-fidelity, multi-source insider risk detections.
• Tuning existing detections to reduce false positive rates while maintaining detection efficacy is an ongoing responsibility. You will track metrics such as true positive rate, mean time to detect (MTTD), and signal-to-noise ratio. You will also develop automated response playbooks to accelerate containment actions for confirmed insider risk scenarios, such as automated access revocation, session termination, and manager notification.
• A growth-oriented part of the role involves expanding data source coverage by onboarding new log sources into the SIEM environment, with a focus on Linux system logs, storage audit logs, VDI session logs, and PAM telemetry. You will create and maintain insider risk dashboards and reports for both operational and executive audiences, and you will document all detection logic, runbooks, and standard operating procedures to ensure operational continuity and knowledge transfer.

Required Experience

• We are looking for someone with 5–8+ years of experience in cybersecurity, with a minimum of 3 years focused on insider risk/insider threat, threat hunting, or detection engineering. You must have demonstrated experience conducting insider risk or insider threat investigations in an enterprise environment, including evidence collection, timeline reconstruction, and stakeholder reporting.
• Hands-on experience writing detection rules and performing advanced queries in one or more enterprise SIEM platforms is required. You should have working knowledge of insider risk management platforms, including policy configuration, alert triage, and integration with broader security tooling ecosystems. Experience with CASB/SSE platforms for monitoring cloud application usage, DLP policy enforcement, and user behavior analytics is also required.
• You must bring familiarity with Linux environments, including Linux file systems, POSIX permissions, audit logging, syslog, PAM authentication, and command-line investigation techniques. Experience with endpoint detection and response (EDR) platforms across both Windows and Linux endpoints is also expected.

Required Technical Skills

• You should be proficient in SIEM and detection engineering, including custom detection rule development, alert tuning, correlation rule design, and structured query languages used in modern SIEM platforms. You need strong experience with insider risk platforms and cloud access security tools, as well as endpoint security tooling across both Windows and Linux environments.
• In the PAM and identity space, you should be comfortable with enterprise PAM solutions, cloud identity providers, and conditional access policies. For cloud security, experience with CASB/SSE solutions and DLP policy frameworks is expected. You should be capable of working across both Windows and Linux operating systems and should understand data protection concepts including DLP, data classification, information protection, and storage-layer security.
• Scripting and automation skills in Python, PowerShell, and Bash are expected for investigation automation, data parsing, and response playbook development. Familiarity with MITRE ATT&CK, the MITRE Insider Threat TTP library, and NIST CSF is also required.

Soft Skills

You must bring analytical rigor — the ability to synthesize large volumes of telemetry into coherent investigative narratives. Discretion and integrity are non-negotiable; insider risk work involves highly sensitive information and absolute confidentiality is expected at all times. Cross-cultural communication is essential, as you will collaborate with global stakeholders across multiple time zones. Strong written communication skills are needed to produce clear, concise investigation reports and executive briefings. Finally, you must demonstrate independent judgment and the ability to prioritize and self-direct your work with minimal supervision.

Preferred Qualifications

• Experience working in semiconductor, EDA, or engineering IP-intensive industries is highly preferred. Familiarity with engineering design automation tools and the data workflows they generate would be a significant advantage. Experience with enterprise storage platforms and storage-layer access controls/audit logging, as well as experience with VDI environments and session-based security controls (clipboard, drive mapping, print redirection), are also preferred.
• Knowledge of data access governance platforms and experience with network detection and response (NDR) platforms for network-layer threat detection would be beneficial. Familiarity with the Philippine Data Privacy Act (RA 10173) and its implications for employee monitoring and insider risk investigations is also preferred.
• Relevant certifications are a plus, including GIAC Certified Enterprise Defender (GCED), GIAC Cyber Threat Intelligence (GCTI), Certified Insider Threat Professional (CITP), security operations analyst certifications, SIEM platform certifications, and cloud security certifications.

Key Performance Indicators

On the investigations side, you will be measured by the number of proactive sweeps conducted per quarter, mean time from detection to investigation closure, and the quality rating of investigation packages as assessed by Legal and HR feedback.

For detection engineering, success is measured by the number of new or tuned detection rules deployed per quarter, detection coverage percentage against the insider risk scenario matrix, false positive rate reduction quarter-over-quarter, and new data sources onboarded into the SIEM per quarter. At the program level, the target is zero insider risk scenarios with no detection coverage.

For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export  licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls.  As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process.

Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.

Job Req Type: Experienced

          

Required Travel: Yes, 10% of the time

          

Shift Type: Normal Time (Philippines)