Senior Security Engineer, Insider Risk

About The Position

Requirements

• 7+ years experience in Security Engineering or Security Operation.
• 4+ years of DLP or user-centric monitoring experience.
• Demonstrated expertise in configuring and/or managing enterprise-grade DLP solutions (e.g. Proofpoint ITM, Netskope, Digital Guardian, Forcepoint or Symantec) and cloud-native security tools.
• Deep proficiency in analyzing and querying cloud audit logs to reconstruct user activity.
• Strong command of data analysis languages to parse large datasets and identify behavioral trends.
• Experience identifying gaps in telemetry or detection coverage and driving improvements.

Nice To Haves

• Experience building or maintaining User and Entity Behavior Analytics (UEBA) logic.
• Experience with Cloud Security Posture Management (CSPM) and managing visibility in multi-cloud environments.
• Knowledge of data classification frameworks and the technical implementation of data labeling/tagging.
• Familiarity with global privacy regulations (e.g.GDPR, CCPA) and the technical requirements for compliant data monitoring.
• Experience operating in high-sensitivity environments requiring strong judgment around privacy, ethics, and employee trust.

Responsibilities

• Lead the technical engineering of user-centric monitoring capabilities.
• Develop, tune, and optimize Data Loss Prevention (DLP) policies.
• Ingest and analyze cloud-native, endpoint, and SaaS audit logs.
• Design, implement, and evolve detection logic and telemetry pipelines.
• Transform raw telemetry into actionable behavioral intelligence.
• Design, develop, and deploy advanced detection logic and use cases within Insider Risk platforms to identify unauthorized data movement, anomalous system activity, and policy violations.
• Independently identify gaps in detection coverage and propose, implement, and tune new DLP use cases to address emerging insider risk scenarios.
• Work with Security Engineering department to ingest and normalize high-fidelity telemetry from cloud environments, SaaS services, and endpoint agents into the Insider Risk security stack/tooling.
• Design and implement technical “tripwires” and behavioral models that identify patterns associated with data exfiltration, such as unusual download volumes, unauthorized file sharing, or anomalous access to sensitive repositories.
• Define telemetry requirements and partner with Security Engineering to build and maintain high-fidelity data pipelines from DLP agents and cloud providers into our monitoring platforms.
• Serve as the technical subject matter expert during complex investigations, providing deep-dive forensic analysis, log reconstruction and evidence gathering and preservation.
• Drive improvements to investigative tooling, detection feedback loops, and post-incident telemetry requirements.
• Manage the health, configuration, and continuous optimization of the Insider Risk technology stack.

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption