All Jobs
New
Develop and refine insider threat detections via log analytics and behavior data. Monitor for data exfiltration, privilege misuse, policy violations, and unusual behavior. Use SIEM (Splunk), endpoint telemetry (SentinelOne), and Microsoft Purview to detect activity. Build detection logic for USB transfers, cloud uploads, and mass file access. Support risk scoring models and behavioral analytics refinements. Conduct insider threat investigations using endpoint, identity, cloud telemetry. 2+ years in information security investigations, incident response, SOC operations, or related cybersecurity roles. Experience with SIEM platforms (Splunk preferred). Experience interpreting endpoint telemetry (SentinelOne preferred or equivalent EDR). Experience with data governance or data loss prevention tools (Microsoft Purview preferred). Strong understanding of Windows, macOS, and enterprise authentication systems. Ability to write and tune log queries for investigation and detection. Total rewards include PTO, retirement, bonus eligibility, equity, and stock plan. Competitive health benefits and family-friendly perks including parental leave. Diversity and inclusion emphasis with Employee Resource Groups. EEO policy and equal opportunity commitment.