Security Engineer - Insider Threat Detection

about 5 hours ago

Chennai, India

Mid Level / Senior

H1B Sponsor

Responsibilities

Develop and refine insider threat detections using log analytics and behavioral data.
Monitor for data exfiltration, privilege misuse, policy violations, and unusual user behavior.
Use SIEM, endpoint telemetry, and data governance platforms to detect suspicious activity.
Build detection logic for USB transfers, cloud uploads, and identity misuse scenarios.
Conduct structured insider threat investigations using various telemetry sources.
Correlate evidence across multiple data sources to establish timelines and assess risk.
Produce investigation summaries for Legal, HR, and executive collaborators.
Support chain-of-custody documentation and evidence preservation guidelines.
Partner with various teams during active security incidents.
Assist in identifying control gaps and recommending improvements.
Contribute to the development of insider threat playbooks and SOPs.

2+ years of experience in information security investigations or related cybersecurity roles.
Experience with SIEM platforms, preferably Splunk.
Experience interpreting endpoint telemetry, preferably SentinelOne.
Experience with data governance or data loss prevention tools, preferably Microsoft Purview.
Strong understanding of Windows, macOS, and enterprise authentication systems.
Ability to write and tune log queries for investigation and detection use cases.
Strong analytical and documentation skills.

Paid time off and retirement savings options.
Bonus/incentive eligibility and equity grants.
Participation in employee stock purchase plan.
Competitive health benefits and family-friendly benefits including parental leave.
Support for diverse culture and employee resource groups.

macOSSplunkWindows