# Insider Threat Engineer

**Company:** [Cloudflare](https://hotfix.jobs/companies/cloudflare)
**Location:** Unspecified
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** Digital Forensics, Incident Response, Threat Hunting, SIEM, Edr, Ueba, Python, PowerShell, Splunk, Elastic, Crowdstrike, Sentinelone, Encase, Ftk
**Posted:** 2026-07-15

> Lead technical investigations, threat hunting, detection development, and response for insider threats. Partner closely with Legal, HR, and Privacy teams while ensuring compliance with regulatory, legal, and ethical standards. Requires 5+ years in security with forensics/investigations focus.

## Job Description

## What you'll do

**Lead Insider Threat Digital Investigations:**
- Conduct comprehensive technical investigations individually and partnering with our incident response teams into potential insider threat incidents, including data exfiltration, intellectual property theft, unauthorized access, and other malicious activities.
- Knowledge and execution experience in collecting, preserving, and analyzing digital evidence from a variety of sources (e.g., endpoints, network logs, cloud services, email, etc.).
- Document all investigative steps and findings in a clear, concise, and defensible manner.
- Present findings to senior leadership and cross-functional partners (Legal, HR, Privacy) in a professional and objective manner.
- Ensuring regulatory, legal and privacy requirements are met through all.

**Insider Threat Hunting:**
- Proactively hunt for insider threats using a variety of security tools and data sources (e.g., SIEM, DLP, EDR, UEBA).
- Develop and execute threat hunting hypotheses based on emerging threats, attack techniques, and an understanding of our company's unique environment.
- Correlate disparate data points to identify anomalous or suspicious user behaviors.

**Detection & Response Improvement:**
- Collaborate closely with the Security Incident Response Team (SIRT) and Threat Detection teams to continuously enhance our insider threat detection capabilities.
- Design, develop, and implement new rules, alerts, and use cases in our security tools to identify insider threat indicators.
- Evaluate and recommend new technologies and processes to mature our Insider Threat program.
- Develop and refine response playbooks for various insider threat scenarios.

**Cross-Functional Collaboration:**
- Serve as the primary technical liaison for the Insider Threat program, building strong, trusted relationships with Legal, HR, and Privacy teams.
- Work in lockstep with these teams to ensure that investigations are conducted with sensitivity, respect for employee privacy, and within legal and ethical guidelines.
- Provide technical expertise and guidance during policy development and incident response planning.

## Required Qualifications
- 5+ years of experience in a technical security role, with at least 2+ years focused on insider threat, digital forensics, or security investigations.
- Proven experience in conducting and leading complex technical investigations, including the use of forensic tools (e.g., EnCase, FTK, X-Ways, or open-source alternatives).
- Deep understanding of security technologies such as SIEM (e.g., Splunk, Elastic), EDR (e.g., CrowdStrike, SentinelOne), and UEBA like data sources.
- Strong scripting and programming skills (e.g., Python, PowerShell) to automate tasks and analyze large datasets.
- Excellent communication skills, both written and verbal, with the ability to explain complex technical concepts to non-technical audiences.
- Experience working with legal and HR teams on sensitive employee-related matters.

## Preferred Qualifications
- Certifications such as GCIH, GCFA, GCTI, or similar.
- Experience with cloud-based security and investigations (e.g., AWS, GCP, Azure).
- Prior experience in a tech product or fast-paced startup environment.
- Knowledge of legal and regulatory frameworks related to data privacy and digital evidence (e.g., GDPR, CCPA).
- Legal/Court evidence handling, presentation and implementation of procedures

## Similar roles

- [Cloud Infrastructure Security Engineer](https://hotfix.jobs/jobs/c1242456-9dcd-4b44-b9cb-d19a59d3edac) - Runpod - Remote - $152k – $175k/yr
- [Full Stack Security Engineer](https://hotfix.jobs/jobs/8663cf4e-df75-4318-9410-189edd5593cc) - Runpod - Remote - $152k – $175k/yr
- [Engineering Manager, Agent & Product Security](https://hotfix.jobs/jobs/a65139d7-9502-4319-9abd-28bc7fa9e6b2) - Cursor - New York, NY
- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr

**Apply:** https://hotfix.jobs/jobs/bc8b5e01-3df2-4688-8776-c6cef3290d6c
**Canonical:** https://hotfix.jobs/jobs/bc8b5e01-3df2-4688-8776-c6cef3290d6c