GreenSky Administrative Services LLC

Senior Insider Threat Engineer

Job Location(s) US-GA-Alpharetta | US-GA-Atlanta | US-KY-Crestview Hills
Posted Date 2 weeks ago(11/18/2020 4:12 PM)
Job ID
# of Openings
Information Technology


Headquartered in Atlanta, GreenSky is among the top 3 most valuable U.S. financial technology companies established since 2000, and our $1.0 billion Initial Public Offering marked the largest U.S. Technology IPO of 2018. Our mission is simple. We power commerce. Our highly scalable, proprietary technology platform enables over 12,000 merchants to offer frictionless promotional payment options to consumers at the point-of-sale, driving increased sales volume and accelerated cash flow. Our bank partners leverage GreenSky’s technology to provide loans to super-prime and prime consumers nationwide. Since our inception, over 1.7 million consumers have financed over $12 billion of commerce using our paperless, real time “apply and buy” technology. For more information, please visit


Looking for great talent to help us continue our rapid growth!


Position:   Senior Insider Threat Engineer

Location: Atlanta, Georgia

Organizational: This position is a full-time member of the Information Security team.

The Sr. Engineer is responsible for leading a comprehensive unauthorized activity program across the enterprise. The Sr. Engineer is responsible for closely monitoring activities of privileged resources. These analytics occurs across business units to ensure those responsible and accountable for data are kept consulted and informed. This position is a thought leadership position that works with multiple areas of the business, including human resources, credit, legal, physical security, operations, software development and information technology groups. Additionally, this position is responsible for the development and oversight of the insider threat protection program to ensure privileged access are managed, threats minimized, and operational efficiencies maintained.


The role requires technical competence in data analytics, writing SQL queries and ingesting appropriate data to gather the knowledge necessary to review anomalous behavior.  This position also requires the business acumen to foster and maintain strong relationships across business units. The role requires constant up-to-date familiarity with all threat tactics, techniques and procedures (TTPs) across all lines of business in complex environments. The role also contributes to the company IT security strategy and roadmap, and is expected to be an excellent facilitator, partner and communicator at both the staff and executive level.

Duties & Responsibilities

  • Determine what data should be ingested to analyze anomalous employee behavior or indicators of a compromise.
  • Build and automate queries to analyze indicators of compromise or anomalous behavior.
  • Report the overall process and progress of the threat program to key constituents and stakeholders.
  • Identify, classify, discover and monitor assets and sensitive information, such as personally identifiable information (PII), proprietary documents, intellectual property (IP) and regulatory-protected data.
  • Train other analysts on tools and insights to perform essential job duties.
  • Work closely with security operations to help identify top risks related to privileged access that may lead to compromise and exfiltration of sensitive information. Additionally, provide and require training that includes acceptable use and consequences of non-compliance.
  • Guide team to monitor for anomalous behavior or unauthorized changes and proceed to investigate according to procedures.
  • Focus on active threat monitoring while adhering to, and not overstepping, privacy requirements.
  • Baseline accounts and systems to identify deviation from expected behavior and investigate as required.
  • Plan and execute regular tabletop drills of insider threat incident response and postmortem exercises with a focus on measurable improvement and benchmarking to show progress (or deficiencies requiring additional attention).
  • Manage security event investigations, partnering with other departments as needed. This may be through reporting, automation, etc.
  • Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of threat analysts.
  • Assist the Fraud Operations, HR, and Legal teams on insider investigations.
  • Perform other duties as assigned.

Required Skills/Qualifications

  • At least 3-5+ years of information security administration, monitoring and response or related experience.
  • Investigation or Analyst experience including skill sets to extract data from multiple platforms, e.g. email, direct messaging apps, databases (SQL query knowledge), splunk (regex query knowledge), with knowledge of investigative data analytics tools.
  • Experience working with employee protection or fraud programs and leading analysts.
  • Demonstrated business acumen.
  • Excellence in communicating business risk from cybersecurity topics.
  • Proficient in driving measurable improvement in detection and response capabilities at scale.
  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.


  • Bachelor's degree in data analytics, computer science, information assurance, MIS or related field, or equivalent.
  • Security related certifications is a bonus.


GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.





Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed