Skip to content
CloudflareCloudflareUnited States

Insider Threat Engineer

Lead technical investigations, threat hunting, detection development, and response for insider threats. Partner closely with Legal, HR, and Privacy teams while ensuring compliance with regulatory, legal, and ethical standards. Requires 5+ years in security with forensics/investigations focus.

Salary not listed
Hybrid5+ YOESecurity Engineering

About the role

What you'll do

Lead Insider Threat Digital Investigations:

  • Conduct comprehensive technical investigations individually and partnering with our incident response teams into potential insider threat incidents, including data exfiltration, intellectual property theft, unauthorized access, and other malicious activities.
  • Knowledge and execution experience in collecting, preserving, and analyzing digital evidence from a variety of sources (e.g., endpoints, network logs, cloud services, email, etc.).
  • Document all investigative steps and findings in a clear, concise, and defensible manner.
  • Present findings to senior leadership and cross-functional partners (Legal, HR, Privacy) in a professional and objective manner.
  • Ensuring regulatory, legal and privacy requirements are met through all.

Insider Threat Hunting:

  • Proactively hunt for insider threats using a variety of security tools and data sources (e.g., SIEM, DLP, EDR, UEBA).
  • Develop and execute threat hunting hypotheses based on emerging threats, attack techniques, and an understanding of our company's unique environment.
  • Correlate disparate data points to identify anomalous or suspicious user behaviors.

Detection & Response Improvement:

  • Collaborate closely with the Security Incident Response Team (SIRT) and Threat Detection teams to continuously enhance our insider threat detection capabilities.
  • Design, develop, and implement new rules, alerts, and use cases in our security tools to identify insider threat indicators.
  • Evaluate and recommend new technologies and processes to mature our Insider Threat program.
  • Develop and refine response playbooks for various insider threat scenarios.

Cross-Functional Collaboration:

  • Serve as the primary technical liaison for the Insider Threat program, building strong, trusted relationships with Legal, HR, and Privacy teams.
  • Work in lockstep with these teams to ensure that investigations are conducted with sensitivity, respect for employee privacy, and within legal and ethical guidelines.
  • Provide technical expertise and guidance during policy development and incident response planning.

Required Qualifications

  • 5+ years of experience in a technical security role, with at least 2+ years focused on insider threat, digital forensics, or security investigations.
  • Proven experience in conducting and leading complex technical investigations, including the use of forensic tools (e.g., EnCase, FTK, X-Ways, or open-source alternatives).
  • Deep understanding of security technologies such as SIEM (e.g., Splunk, Elastic), EDR (e.g., CrowdStrike, SentinelOne), and UEBA like data sources.
  • Strong scripting and programming skills (e.g., Python, PowerShell) to automate tasks and analyze large datasets.
  • Excellent communication skills, both written and verbal, with the ability to explain complex technical concepts to non-technical audiences.
  • Experience working with legal and HR teams on sensitive employee-related matters.

Preferred Qualifications

  • Certifications such as GCIH, GCFA, GCTI, or similar.
  • Experience with cloud-based security and investigations (e.g., AWS, GCP, Azure).
  • Prior experience in a tech product or fast-paced startup environment.
  • Knowledge of legal and regulatory frameworks related to data privacy and digital evidence (e.g., GDPR, CCPA).
  • Legal/Court evidence handling, presentation and implementation of procedures

Skills

Digital ForensicsIncident ResponseThreat HuntingSIEMEdrUebaPythonPowerShellSplunkElasticCrowdstrikeSentineloneEncaseFtk
Runpod

Cloud Infrastructure Security Engineer

RunpodUnited States

Systems-focused Cloud Infrastructure Security Engineer responsible for securing Runpod's multitenant GPU bare-metal and virtualized environments. Requires 5+ years in infrastructure security, deep Linux kernel and virtualization expertise (KVM/QEMU), and low-level programming (C/Go/Rust) to prevent breakouts and harden against threats.

152k – 175k/yr
Remote5+ YOESecurity Engineering
Runpod

Full Stack Security Engineer

RunpodUnited States

Full Stack Security Engineer embedding with engineering teams to secure Runpod's AI cloud platform. Lead threat modeling, fix vulnerabilities by writing code in Python/Go/TS, implement DevSecOps pipelines, and champion security across web apps, APIs, and microservices.

152k – 175k/yr
Remote5+ YOESecurity Engineering
Cursor

Engineering Manager, Agent & Product Security

CursorNew York, NY +1

Lead the security engineering team building primitives for agent identity, authority, isolation, and policy enforcement to enable safe autonomous AI coding agents at Cursor. Requires strong product-systems judgment, modern appsec expertise, and comfort with ambiguity in a high-stakes environment.

Salary not listed
Hybrid5+ YOESecurity Engineering
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering