Engineer II - Insider Threat

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Behavioral Science, or equivalent practical experience.
• 3–5 years of progressive experience in cybersecurity, investigations, or risk management, including 1+ year hands-on in DLP operations and/or insider threat monitoring.
• Practical experience administering or operating DLP controls: policy creation, tuning, alert triage, incident response support, and reporting.
• Strong written and verbal communication skills, including the ability to brief stakeholders and document investigations clearly.
• Demonstrated discretion handling sensitive/confidential investigations.
• Knowledge & Domain Familiarity
• Insider threat concepts: behavioral indicators, user activity monitoring, investigative methods, and evidence handling.
• Privacy/compliance/employment standards relevant to investigations (e.g., GDPR, HIPAA, SOX, CCPA) and the need-to-know principle.

Nice To Haves

• GIAC GCIH
• CompTIA Security+ or CySA+
• CEH
• SSCP

Responsibilities

• DLP Engineering & Operations (Core Focus)
• Administer and continuously tune DLP policies/rules to reduce risky data movement while minimizing false positives and business disruption.
• Investigate and respond to DLP alerts, validate severity, identify the data and pathway involved, and drive incident handling to resolution.
• Partner with stakeholders to refine data classification, detection logic, and control coverage across common exfil paths (email, web uploads, endpoints/USB, cloud sharing, collaboration platforms).
• Build and improve DLP-related playbooks, workflows, and response standards (triage steps, evidence collection, escalation paths, and post-incident improvements).
• Insider Threat Monitoring & Investigation
• Monitor user activity signals (identity, endpoint, email, collaboration tools, cloud activity, etc.) to identify suspicious behavior and potential insider risk.
• Lead low to moderate-complexity investigations involving data misuse/exfiltration, policy violations, fraud indicators, or compromised accounts, and escalate higher-risk cases with strong evidence and timelines.
• Produce high-quality documentation: investigation notes, evidence packages, root cause summaries, and stakeholder-ready reports.

Benefits

• We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day.
• In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness.
• This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave.
• To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.
• For details, visit https://www.virtualfairhub.com/cencora