Sr Cybersecurity Engineer

At NiSource, our Enterprise Security department engineers sophisticated defenses to protect the critical cyber and operational infrastructure that powers our business. The Sr Cybersecurity Engineer – Insider Threat serves as a senior technical leader responsible for designing, engineering, and operationalizing capabilities that detect, prevent, and respond to insider risk across enterprise IT, cloud, and operational environments. This role focuses on the identification of malicious, negligent, and compromised-user behaviors through advanced monitoring, analytics, behavioral detection, and data protection controls. The Sr Cybersecurity Engineer partners closely with Security Operations, HR, Legal, Compliance, Privacy, and Data Governance to ensure insider risk capabilities are technically sound, legally defensible, and aligned to regulatory obligations (e.g., NIST CSF, NERC CIP where applicable). The engineer builds and sustains technical controls across identity systems, endpoint telemetry, DLP platforms, UEBA solutions, cloud environments, and security data platforms. This role is responsible for translating insider threat risk into actionable detection logic, automation, and engineered safeguards that protect intellectual property, customer data, and critical infrastructure. This position plays a strategic role in enabling trusted workforce operations while reducing organizational risk through measurable, defensible insider threat detection and mitigation capabilities. Key Disciplines for Insider Threat Engineering User & Entity Behavior Analytics (UEBA): Designing behavioral baselines and anomaly detection models leveraging SIEM, XDR, and data lake platforms. Data Loss Prevention (DLP) & Data Protection Engineering: Engineering and tuning controls across endpoint, cloud, email, collaboration platforms, and SaaS applications. Identity & Access Risk Engineering: Advanced IAM integrations, privileged access monitoring, identity anomaly detection, and federation risk analysis. Security Data Engineering & Analytics: Integrating telemetry from endpoints, identity providers, SaaS platforms, badge systems, and HR systems into unified detection pipelines. Insider Threat Detection Engineering: Developing high-fidelity use cases aligned to insider kill chains (data staging, privilege abuse, exfiltration, policy violations). Cloud & SaaS Monitoring: Engineering monitoring for M365, Azure, collaboration platforms, and other enterprise SaaS environments. Forensics & Investigative Support: Engineering audit retention, chain-of-custody readiness, and evidence collection capabilities. Automation & Response Orchestration: Building automated workflows for investigation, containment, and escalation. Regulatory & Privacy-Aware Monitoring: Designing monitoring solutions that balance workforce privacy considerations with enterprise risk reduction. AI/ML-Driven Risk Modeling: Leveraging advanced analytics to enhance anomaly detection, insider risk scoring, and alert prioritization.