Engineer II - Insider Threat
About The Position
The Engineer II, Insider Threat is a mid-level role within our Cyber Defense organization focused on detecting, investigating, and reducing risk from malicious, negligent, or compromised insiders. In this role, you’ll combine investigative rigor with strong Data Loss Prevention (DLP) engineering skills to protect sensitive data and improve our detection capabilities over time. You’ll work cross-functionally with Human Resources, Legal, Compliance, and Corporate Security on sensitive matters, and you’ll help mature our insider threat program through better telemetry, tuned controls, repeatable playbooks, and clear reporting.
Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Behavioral Science, or equivalent practical experience.
- 3–5 years of progressive experience in cybersecurity, investigations, or risk management, including 1+ year hands-on in DLP operations and/or insider threat monitoring.
- Practical experience administering or operating DLP controls: policy creation, tuning, alert triage, incident response support, and reporting.
- Strong written and verbal communication skills, including the ability to brief stakeholders and document investigations clearly.
- Demonstrated discretion handling sensitive/confidential investigations.
- Insider threat concepts: behavioral indicators, user activity monitoring, investigative methods, and evidence handling.
- Privacy/compliance/employment standards relevant to investigations (e.g., GDPR, HIPAA, SOX, CCPA) and the need-to-know principle.
Nice To Haves
- GIAC GCIH
- CompTIA Security+ or CySA+
- CEH
- SSCP
Responsibilities
- Administer and continuously tune DLP policies/rules to reduce risky data movement while minimizing false positives and business disruption.
- Investigate and respond to DLP alerts, validate severity, identify the data and pathway involved, and drive incident handling to resolution.
- Partner with stakeholders to refine data classification, detection logic, and control coverage across common exfil paths (email, web uploads, endpoints/USB, cloud sharing, collaboration platforms).
- Build and improve DLP-related playbooks, workflows, and response standards (triage steps, evidence collection, escalation paths, and post-incident improvements).
- Monitor user activity signals (identity, endpoint, email, collaboration tools, cloud activity, etc.) to identify suspicious behavior and potential insider risk.
- Lead low to moderate-complexity investigations involving data misuse/exfiltration, policy violations, fraud indicators, or compromised accounts, and escalate higher-risk cases with strong evidence and timelines.
- Produce high-quality documentation: investigation notes, evidence packages, root cause summaries, and stakeholder-ready reports.
Benefits
- medical
- dental
- vision care
- backup dependent care
- adoption assistance
- infertility coverage
- family building support
- behavioral health solutions
- paid parental leave
- paid caregiver leave
- training programs
- professional development resources
- mentorship programs
- employee resource groups
- volunteer activities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
