Insider Risk Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Design, construct, and sustain insider risk detection use cases and monitoring workflows, primarily utilizing Splunk Enterprise Security, UEBA, and SPL content engineering.

• Write, enhance, and operationalize Splunk searches, correlation rules, dashboards, and alerts to boost fidelity and minimize false positives.

• Create and refine detection use cases aimed at identifying anomalous user behavior, data exfiltration, policy breaches, and suspicious endpoint activities.

• Analyze alert and case trends to pinpoint opportunities for rule optimization, use case expansion, and enhancements in operational maturity.

• Assist with incident triage, investigations, and responses related to insider risks, suspicious user behavior, and potential data misuse.

• Conduct reviews of CrowdStrike Falcon alerts, provide tuning, and support incident response, including identifying false positives and escalating credible threats.

• Lead and support investigations concerning potential insider threats, intellectual property issues, fraud, and significant security incidents.

• Develop and uphold playbooks and response workflows tailored for insider risk scenarios.

• Manage and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and related technologies.

• Assess current tool utilization and propose enhancements to increase detection visibility, investigation efficiency, and operational coverage.

• Implement federal government and industry standards pertaining to insider threat programs and maintain programmatic gap analyses.

• Collaborate with security operations, insider risk, cyber defense, and business stakeholders to enhance detection coverage and response strategies.

• Coordinate with technology and business leaders to devise programmatic solutions and deliver executive-level presentations regarding findings and program status.

⛳️ Requirements

• Over 7 years of experience in cybersecurity, security operations, threat detection, insider risk, or incident response.

• 3-5 years of hands-on experience with Splunk, including Splunk Enterprise Security, UEBA, content development, alerting, and dashboarding.

• Proven experience in writing and optimizing Splunk Search Processing Language (SPL).

• Familiarity with CrowdStrike Falcon, including alert triage, incident response support, detection tuning, and reducing false positives.

• At least 2 years of investigative experience related to insider risk, security incidents, technical investigations, intellectual property issues, fraud, or similar fields.

• Experience in developing and enhancing detection use cases, playbooks, and operational workflows.

• Experience in a highly regulated environment (federal or financial sector preferred).

• Strong analytical, communication, and stakeholder coordination capabilities.

• U.S. Citizenship is required.

🏝️ Benefits

• Insurance coverage including health, dental, and vision.

• Paid Time Off (PTO) along with 11 Federal Holidays.

• 401(k) employer matching contributions.