Sr Engineer, Cyber Insider Threat - Network Activity Logs - Remote

2 days ago - Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Lensa is the leading career site for job seekers at every stage of their career. Our client, Molina Healthcare, is seeking professionals. Apply via Lensa today!

The Sr Engineer, Insider Threat will implement cyber intelligence (CyInt) collection, compilation, and analysis for the insider threat program. Implements data sets, tools, and provides program support to insider threat analysts and investigations. Works closely with cybersecurity teams, other technical teams, and business stakeholders to develop advanced insider threat systems and processes.

1. Lead the design, development, and implementation of a comprehensive insider threat monitoring and detection strategy integrating technical and non-technical components.
2. Collaborate with cybersecurity analysts, engineers, and other program stakeholders to develop and refine insider threat monitoring and detection capabilities.
3. Correlate information from multiple technical user activity monitoring (UAM), user entity behavior analytics (UEBA), data loss prevention (DLP), security information and event management (SIEM), and non-technical data sources to enable proactive insider risk/threat detection.
4. Utilize cybersecurity expertise, knowledge of insider threat detection, and data analytics to create innovative strategies for detecting and preventing malicious activities.
5. Conduct in-depth analysis of logs received from various data sources.
6. Architect and implement automation of investigation and escalation workflows.
7. Contribute to internal investigations by providing support for forensic analysis, log review, and alert analysis.
8. Execute rigorous testing on internal security mechanisms to validate their effectiveness.
9. Develop and maintain insider risk techniques and procedures, including use cases around data exfiltration, internal fraud, privilege escalations, and sabotage.
10. Evaluate, recommend, and improve existing technical and non-technical solutions for insider threat detection and response.
11. Guide the technical architecture of insider threat systems, ensuring alignment with security and business goals.
12. Publish internal CyInt threat intelligence products and briefings to provide actionable information to stakeholders.
13. Define security controls and metrics to measure the effectiveness of the insider threat program.
14. Stay informed of emerging insider threat trends and update strategies accordingly.
15. Coordinate with stakeholders on CyInt activities to ensure policy and regulatory compliance.

• Bachelor’s degree in computer science, Cybersecurity, Information Systems, or equivalent experience.
• Expert understanding of cybersecurity and insider threat concepts, protocols, and tools.
• Experience with UEBA deployment, administration, data source integrations, and configurations.
• Strong knowledge of data protection and privacy regulations.
• Proficient in programming or scripting languages such as Java, Python, .NET, JavaScript, or C+.
• Experience in scripting languages like PowerShell, Perl, or Bash.
• Exceptional leadership, communication, and presentation skills.
• At least 6 years of experience in cybersecurity, DLP, Security Operations, investigative analysis, or related fields.
• Experience leading or conducting technical investigations using insider threat tools.
• Ability to manage confidential matters professionally with appropriate judgment.
• Experience with data analytics tools for insider threat information collection and risk scoring.
• Action-oriented engineer capable of autonomous work and project ownership.
• Experience developing and implementing defensive controls across Windows, MacOS, Linux, and SaaS applications.
• Proficiency in automating workflows and integrating security tools within IT environments.

• Experience with UEBA/SIEMs.
• Experience with Endpoint Detection and Response (EDR) tools, device management, and telemetry sources.
• Experience working on insider threat teams or investigations.
• Experience with broad system forensics.
• Ability to communicate technical security concerns to non-technical audiences.
• Experience with insider threat tools (e.g., Red Vector, Code42, Exabeam, DTEX).
• Experience handling confidential/sensitive information.
• Familiarity with cybersecurity fundamentals, networking, internet protocols, digital forensics, and data exfiltration methods.
• Experience using Excel or SQL for complex data analysis.
• Proficiency in developing PowerPoint presentations.
• Relevant certifications such as Security+, CISSP, CISM, CERT Insider Threat, CEH.

$80,412 - $188,164 per year. Actual compensation may vary based on location, experience, education, and skills.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Engineering and Information Technology
• Industries: IT Services and IT Consulting