Senior Security Engineer- Insider Threat

About The Position

Requirements

• Eight to ten-plus years of experience spanning Insider Threat management, Detection Engineering, or Incident Response.
• Experience with Insider Threat technologies, such as Security Information and Event Management (SIEM), User Behavioral Analytics (UBA), Data Loss Prevention (DLP), and endpoint detection, coupled with a solid understanding of investigations and the intelligence cycle.
• Proficiency in scripting and automation (Python, PowerShell, or Bash) for detection and triage workflows.
• Experience with SIEM platforms, managing detection as code via CI/CD pipelines and detection frameworks (e.g., MITRE ATT&CK).
• Demonstrated ability to work cross-functionally and effectively communicate findings to both technical and non-technical stakeholders.
• Experience with cloud environments (AWS, GCP, etc.) and detection infrastructure.
• Staying abreast of the evolving insider threat landscape and understanding the legal, regulatory, and ethical considerations while handling sensitive information and situations.

Responsibilities

• Establish, implement, and oversee the Insider Threat Program, ensuring compliance with organizational goals, industry best practices, and legal requirements.
• Collaborate with multidisciplinary teams, including Physical Security, Legal, Human Resources, Engineering, and the broader Security team, to formulate and enforce policies, procedures, and controls to mitigate insider threats.
• Develop and utilize advanced tools and methodologies to monitor activities, identify anomalies, and investigate potential insider risks.
• Partner with the Detection Engineering and Threat Intelligence team on detection efforts, prioritizing alert reviews, correlation, analysis, playbook development, and recommendations for further investigation and mitigation.
• Provide support for critical security investigations, in conjunction with the Incident Response team and relevant departments, including Legal and HR, to ensure timely and effective resolution.
• Conduct regular tabletop exercises, security awareness training, and simulations to validate the efficacy of insider threat detection and educate employees on insider risks.
• Produce comprehensive investigative reports and executive summaries to present findings.