Senior Security Analyst I

DigitalOceanBoston, MA
Remote

About The Position

DigitalOcean is seeking a highly experienced and motivated Senior Security Analyst passionate about advanced security monitoring, detection engineering, threat hunting, and maturing Insider Threat programs. This role reports to the Manager, Security Defense Engineering and will lead critical aspects of the insider threat program, focusing on detection, response, and prevention of internal risks and malicious threats. The analyst will leverage deep expertise to engineer sophisticated detection capabilities, develop metrics for program effectiveness, and drive continuous improvement in alerting and response. Collaboration with DFIR, Threat Intelligence, HR, Legal, and other cross-functional teams is essential to close detection gaps and enhance the organization's security posture.

Requirements

  • 6+ years in detection & response, insider risk, or security engineering.
  • Hands-on experience with UEBA, SIEM, DLP, UAM/SOAR concepts and tooling.
  • Scripting proficiency (e.g., Python, Go, Bash) for detection content and automation.
  • Familiarity with macOS, Windows, Linux, Kubernetes, and cloud infrastructure.
  • Working knowledge of adversary tactics, data exfiltration techniques, and frameworks (MITRE ATT&CK, NIST).
  • Demonstrated discretion and ethical judgment handling sensitive employee data.

Nice To Haves

  • Data-science/anomaly-detection background
  • Prior work securing AI/ML or GPU infrastructure

Responsibilities

  • Own and evolve the insider threat program strategy, ensuring alignment with evolving threat landscapes, privacy considerations, and business priorities.
  • Advise on and implement preventative controls, balancing risk reduction against user friction for engineers.
  • Engineer and automate end-to-end insider-threat detection and investigation workflows across DigitalOcean's cloud and corporate environments.
  • Build, measure, and tune detection content and risk-scoring logic on UEBA / SIEM / DLP / UAM platforms; reduce false positives while keeping coverage sustainable.
  • Work closely with Infrastructure Security Engineers to identify log sources, integrate, and maintain data pipelines (e.g., log sources, forwarders, parsing, enrichment) feeding insider-risk analytics.
  • Develop a use-case library with corresponding playbooks and escalation procedures.
  • Investigate anomalous activity (e.g., access abuse, data exfiltration, IP/source-code theft, including novel risks in AI/GPU infrastructure) and provide technical evidence to support cases.
  • Partner with HR, Legal, and other necessary teams; communicate findings to technical and non-technical stakeholders.
  • Uphold investigation and analytic tradecraft standards including confidentiality, objectivity, lawfulness, and timeliness.
  • Manage and safeguard sensitive information, including case files, employee PII, and intelligence reports.
  • Perform data analytics in large datasets using modern data science tools and techniques (e.g., Pandas) to spot anomalies and trace behaviors across disparate datasets.
  • Perform intelligence analysis including pattern-of-life, time-series, clustering/grouping, visualization, and write clear-and-actionable reports.
  • Stay ahead of the evolving threat landscape by tracking emerging insider risk TTPs, regulatory requirements, and best practices in privacy-preserving monitoring.

Benefits

  • Reimbursement for relevant conferences, training, and education
  • Access to LinkedIn Learning's 10,000+ courses
  • Employee Assistance Program
  • Local Employee Meetups
  • Flexible time off policy
  • Bonus opportunities
  • Equity compensation
  • Employee Stock Purchase Program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service