Security Engineer - Insider Threat

Anduril is a defense technology company, bringing Silicon Valley talent and funding to the defense sector. Our technology helps our customers solve their toughest challenges by enabling them to make better, more informed decisions in life-and-death situations. We've assembled a diverse team of experts in artificial intelligence, computer vision, sensor fusion, optics, and data analysis that are creating software and hardware solutions to radically evolve the capabilities of the United States and our allies. If you are passionate about solving problems that have real impact, come join Anduril and build the future of defense.

Anduril's Information Security (Insider Threat) Team is looking for an engineer whose mission is to protect Anduril’s intellectual property and confidential business information from internal and external threats. Information drives our business and we must protect against unauthorized changes, improper destruction, loss, or theft of that information. As a highly visible and dynamic organization, we must also value and guard against damage to our reputation and brand. As a security engineer you will work closely with the insider threat team members as well as the Counterintelligence, Detection and Response and Security Engineering team to develop Anduril’s program to deter, detect, and respond to threats to the company’s intellectual property and confidential business information. The insider threat program is part of the greater information security organization ultimately reporting into the Chief Information Officer.

WHAT YOU'LL DO

• Be a technical subject matter expert (SME) responsible for enterprise-wide Data Loss Prevention (DLP) controls to include policies, procedures & implementation, working directly with other functional and business teams to drive information protection initiatives.
• Build custom controls for a wide array of insider threat scenarios.
• Proactively identify and evaluate risks, and then discover, select, and implement technology and process solutions that mitigate those risks.
• Design, develop, test, document, deploy, and maintain the architecture, requirements, and designs for the tooling used to help mitigate insider threats to Anduril.
• Identify gaps in infrastructure and work to gain visibility through logging and detection.
• Build and maintain automation that supports the insider threat and broader information security mission.
• Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.
• Contribute in internal investigations where needed providing support in forensic analysis, log review, analysis of alerts, summary of incident timeline, etc.
• Collaborate with the Detection & Response Team & Information Security Engineering team to expand and mature detections.
• Communicate status of projects and systems to the Insider Threat Team, management, and partner organizations.
• Develop rules to alert, prevent, and mitigate threats using network and endpoint technologies.
• Produce written analysis and visual presentation of findings. Ability to communicate findings to all levels of the management team.
• Produce and maintain team dashboards/metrics. Ensure metrics are complete and accurate, and findings are documented in our case management database
• Develop playbooks to improve internal processes and information sharing across teams.
• Must be able to maintain confidentiality and use discretion and good judgment at all times.

REQUIRED QUALIFICATIONS

• Experience with AWS or Azure security ecosystem and tooling.
• Experience architecting identity management or device trust mechanisms.
• Experience deploying Data Loss Prevention (DLP) tooling to large complex organizations.
• Experience with modern adversary tradecraft and mitigating controls.
• Programming ability in one or more general purpose languages (Python, Go, C++, etc).
• Experience with Windows, Linux, and/or Mac internals and security controls for those systems.
• Experience with Splunk and/or other SIEMs.
• Proficiency with automating work-flows and streamlining processes in the security space.
• Experience with Endpoint Detection and Response (EDR) tools, device management tooling and other telemetry sources.
• U.S. Person status is required as this position needs to access export controlled data.

PREFERRED QUALIFICATIONS

• Have participated in or supported incident response events.
• Experience building controls around export controlled information, CUI, and other sensitive data.
• Experience working on insider threat teams and working insider threat investigations.
• Experience performing analytics against aggregated log data, and building configurations to parse and handle log data from systems and tools.
• Experience with broad system forensics.
• Current or eligible for TS security clearance.
• Proficient with cybersecurity tools such as UAM, CASB, etc.
• Experience communicating technical security concerns and issues to a non-technical audience.
• Bachelor’s degree in Information Systems, Information Security, Cyber Security, Computer Science, Computer Engineering and 3+ years of security engineering experience; or 5+ years of security engineering experience without a degree.

Anduril is an equal-opportunity employer, and we encourage candidates from all backgrounds to apply. If you are someone passionate to work on problems that matter, we’d love to hear from you!

#LI-CL1