Full-Time Detection Engineering Lead (Insider Risk)

This is an exciting opportunity for a technically strong cybersecurity professional looking to take the next step into a leadership role. As Detection Engineering Lead (Insider risk), you will play a central role in helping define and build a scalable insider risk management program from the ground up. You’ll bring your hands-on experience in incident response, threat detection, and forensic analysis to lead investigations and develop processes for detecting and responding to insider threats. This role is ideal for someone ready to expand their scope beyond technical execution and start owning strategy, process design, and stakeholder collaboration. In this role, you’ll work closely with cross-functional teams to assess insider risks, manage cases, and implement mitigation strategies. You’ll also have the chance to mentor junior analysts, shape tooling and workflows, and grow your leadership skills while making a real impact.

Essential Duties and Responsibilities

Building a well-structured, resilient insider threat program that aligns with business goals and security standards is central to your success. You will develop and maintain effective automations, workflows, tools, and processes to detect and respond to high-risk insider activities with speed and precision. Working closely with cross-functional teams is crucial, ensuring insider risks are accurately classified, reported, and resolved, enhancing incident response procedures. You will serve as a reliable point of contact for insider risk matters. Implementing and overseeing monitoring systems will surface behavioral anomalies enabling early identification of suspicious insider activities.

Working with awareness teams is key in identifying emerging threat tactics and promoting behaviors to reduce the risk of data loss or misuse. Breaking down complex security challenges into clear and understandable messages will empower leaders across the organization to act with confidence. Effectively coordinating with Business Units, Security Operations, HR, Legal, and Compliance teams to ensure insider risks are addressed holistically and remediated efficiently while maintaining strict confidentiality is essential. Creating and maintaining meaningful use cases in UEBA and monitoring tools to enable early detection and prioritization of risky behaviors is a key success factor.

Defining relevant metrics and KPIs will help senior leadership clearly understand program health and progress. Your ability to translate data into insights is valuable. Continuously refining rules, analytics, and detection logic to adapt to evolving threats elevates the team’s detection capabilities. Aligning the insider risk program roadmap with organizational priorities ensures long-term relevance and impact. Demonstrating strong investigative instincts, identifying and scoping insider risks through detailed analysis, evidence collection, and sound judgment is important. Monitoring unauthorized activities while adhering to legal and privacy guidelines ensures investigative integrity and regulatory compliance. Evaluating and refining behavioral detection models to stay ahead of shifting insider threat patterns and false positive fatigue is critical.

Producing intelligence reports that clearly synthesize diverse data points into actionable insights is expected. Aligning your team’s projects and goals with the broader organizational strategy ensuring your insider risk program supports and advances enterprise priorities is vital. Mentoring junior analysts builds a strong team culture rooted in continuous learning and development.

Requirements

5+ years of experience in information security, including hands-on work in insider threat, incident response, threat hunting, and forensic analysis. 2+ years of experience leading or significantly contributing to an insider threat management program. Experience conducting end-to-end investigations, stakeholder interviews, and sensitive material handling.

Prior experience in healthcare or high-regulation environments is preferred. Strong understanding of cybersecurity principles, digital forensics, behavioral analytics, and network security. Expertise in insider threat detection tools (UEBA, SIEM, DLP, EDR), email security, OS forensics, data loss prevention, and network monitoring. Proficiency in scripting and automation (Python, Bash, Go, PowerShell). Familiarity with cloud security principles and platforms (AWS, GCP, Azure). Proven ability to develop and implement insider threat detection strategies, write detection signatures, and enhance SOC processes. Experience building workflows and governance documentation aligned with insider threat frameworks and industry best practices.

Excellent analytical, problem-solving, and decision-making skills; strong communication and interpersonal skills to convey technical information to both technical and non-technical audiences, including senior leadership. Strong interpersonal maturity with the ability to influence, collaborate, and build trust across diverse teams. Proven ability to work independently while aligning to organizational and client objectives.

What is the last date for applying to the job?

Which countries are accepted for this remote job?