# Information Security Engineer - Insider Risk

**Company:** [Palantir](https://hotfix.jobs/companies/palantir)
**Location:** New York, NY, Seattle, WA
**Role:** Security Engineering
**Experience:** 3+ years
**Skills:** Python, PowerShell, SIEM, Soar, AWS, Azure, Linux, Windows, Forensics, Incident Response
**Posted:** 2026-04-14

> Develops detection strategies and automates workflows to identify insider risks and sophisticated threats. Investigates security events using forensics and requires 3+ years experience with platforms like AWS/Linux and tools like SIEM/SOAR.

## Job Description

## Core Responsibilities
- Engineer and automate end-to-end detection and investigation workflows, continuously improving Detection and Response infrastructure
- Develop alerting and detection strategies to identify malicious or anomalous behavior, including new and novel defensive techniques that adapt to evolving adversary tactics and tradecraft
- Dissect network, host, memory, and other artifacts originating from multiple operating systems and applications.
- Investigate security events and active attacks across the enterprise, uncovering sophisticated threats and identifying patterns of behavior that indicate insider risk
- Influence and inform security controls designed to safeguard Palantir's most critical assets
- Partner closely with other members of the Information Security team to lead changes in the company's network defense posture.

## What We Value
- Broad exposure to multiple security subject areas, including a strong background in **forensics** or **threat intelligence**
- Deep exposure in **Incident Response** or **Detection Engineering**
- Desire to further the information security community through substantive contributions (e.g. conference talks, blog posts, public tool development, etc.)
- Comfort in operating autonomously and engaging across business levels to advise on security outcomes.

## What We Require
- Extensive security experience (**3+ years**) in at least one major platform (e.g. **AWS**, **Azure**, **Windows**, **OS X**, **Linux**, etc.)
- Proficiency in **Python** (preferred), **PowerShell**, or similar
- Familiarity with endpoint telemetry and log sources from at least one major operating system
- Experience with common **SIEM/SOAR** platforms and proficiency writing queries against security event data
- Active **TS/SCI** security clearance or eligibility to obtain a security clearance.

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/a34696d4-207d-49ef-8a96-549df71dd7d3
**Canonical:** https://hotfix.jobs/jobs/a34696d4-207d-49ef-8a96-549df71dd7d3