Sr. Specialist - Digital Security Investigations
Company Con Edison
Location New York
Preferred GIAC Certifications GCIH, GCIA, GCFE, GREM
Travel 10%
Salary Not provided
URL https://ejcu.fa.us6.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1033/job/9079/?mode=location&sortBy=POSTING_DATES_DESCutm_medium&utm_source=google
Contact Name Anonymous
Contact Email Donotreply/at/sans.edu
Expires 2026-10-02

Job Description

Come join us at Con Edison as a Senior Specialist Insider Threat Team! We are seeking a highly skilled and motivated investigator to join our growing Digital Security Investigations team. In this role, you will lead Insider Threat digital investigations with a strong emphasis on OT environments, while supporting IT-related cases as needed. You will conduct complex digital forensic investigations, manage enterprise-wide evidence collection, collaborate with a high performing team, and present impactful findings to senior leadership to drive strategic security decisions.

Responsibilities
Core Responsibilities
Lead complex insider threat digital investigations, with primary focus on OT/ICS environments and support for IT investigations as required.
Conduct enterprise-wide forensic evidence collection across IT and OT systems, ensuring accurate, secure, and defensible acquisition with proper chain of custody.
Analyze digital artifacts to identify insider threat behaviors, attack vectors, indicators of compromise, timelines, and root causes.
Prepare and deliver clear, concise investigative reports and strategic recommendations to technical teams and executive leadership.
Serve as a technical subject matter expert (SME) and provide evidence to insider threat investigators and cross functional partners.
Collaborate with cybersecurity teams (CSOC, Red Team, Engineering, Vulnerability Management) and OT operations teams to enhance detection, response, and mitigation of insider risk.
Perform advanced forensic analysis, including malware reverse engineering and network traffic analysis using commercial and opensource tools.
Research emerging insider threat trends and contribute to the development of alerting, detection logic, and investigative methodologies.
Maintain and enhance digital investigation lab capabilities, support protective intelligence efforts as needed, and participate in oncall and emergency response activities.
Qualifications
Required Education/Experience
Bachelor's Degree and four years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience. or
Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Preferred Education/Experience
Master's Degree and two years of experience in Digital Forensics Investigations, Insider Threat Response, or other related DFIR experience.
Relevant Work Experience
Demonstrated experience conducting digital forensic investigations using commercial and opensource tools is required. Required
Strong understanding of insiderthreat policies, investigative procedures, and evidence handling, including strict chainofcustody practices is required. Required
Proven ability to analyze digital evidence, develop investigation timelines, perform rootcause analysis, and draw defensible conclusions is required. Required
Experience producing clear, wellstructured reports and briefings for both technical teams and executive leadership is required. Required
Knowledge of evolving insiderthreat trends, tactics, and threat behaviors is required. Required
Understanding of OT/ICS systems, protocols, and architectures is preferred. Preferred
Physical security investigative experience is preferred. Preferred
Skills and Abilities
Demonstrated ability to maintain confidential information
Strong verbal communication and listening skills
Demonstrated analytical skills
Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.
Licenses and Certifications
Other: Required
Accredited Asset Management Specialist (AAMS) Relevant DFIR Certifications; GCIH, GCIA, GCFE, EnCE, GREM, CFCE or similar. Preferred