Security Engineer - Insider Threat
Costa Mesa, CA
Applications have closed
Anduril Industries
Transforming US & allied military capabilities with advanced technology.Anduril's Information Security (Insider Threat) Team is looking for an engineer whose mission is to protect Anduril’s intellectual property and confidential business information from internal and external threats. Information drives our business and we must protect against unauthorized changes, improper destruction, loss, or theft of that information. As a highly visible and dynamic organization, we must also value and guard against damage to our reputation and brand. As a security engineer you will work closely with the insider threat team members as well as the Counterintelligence, Detection and Response and Security Engineering team to develop Anduril’s program to deter, detect, and respond to threats to the company’s intellectual property and confidential business information. The insider threat program is part of the greater information security organization ultimately reporting into the Chief Information Officer.
WHAT YOU'LL DO
- Be a technical subject matter expert (SME) responsible for enterprise-wide Data Loss Prevention (DLP) controls to include policies, procedures & implementation, working directly with other functional and business teams to drive information protection initiatives.
- Build custom controls for a wide array of insider threat scenarios.
- Proactively identify and evaluate risks, and then discover, select, and implement technology and process solutions that mitigate those risks.
- Design, develop, test, document, deploy, and maintain the architecture, requirements, and designs for the tooling used to help mitigate insider threats to Anduril.
- Identify gaps in infrastructure and work to gain visibility through logging and detection.
- Build and maintain automation that supports the insider threat and broader information security mission.
- Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.
- Contribute in internal investigations where needed providing support in forensic analysis, log review, analysis of alerts, summary of incident timeline, etc.
- Collaborate with the Detection & Response Team & Information Security Engineering team to expand and mature detections.
- Communicate status of projects and systems to the Insider Threat Team, management, and partner organizations.
- Develop rules to alert, prevent, and mitigate threats using network and endpoint technologies.
- Produce written analysis and visual presentation of findings. Ability to communicate findings to all levels of the management team.
- Produce and maintain team dashboards/metrics. Ensure metrics are complete and accurate, and findings are documented in our case management database
- Develop playbooks to improve internal processes and information sharing across teams.
- Must be able to maintain confidentiality and use discretion and good judgment at all times.
REQUIRED QUALIFICATIONS
- Experience with AWS or Azure security ecosystem and tooling.
- Experience architecting identity management or device trust mechanisms.
- Experience deploying Data Loss Prevention (DLP) tooling to large complex organizations.
- Experience with modern adversary tradecraft and mitigating controls.
- Programming ability in one or more general purpose languages (Python, Go, C++, etc).
- Experience with Windows, Linux, and/or Mac internals and security controls for those systems.
- Experience with Splunk and/or other SIEMs.
- Proficiency with automating work-flows and streamlining processes in the security space.
- Experience with Endpoint Detection and Response (EDR) tools, device management tooling and other telemetry sources.
- U.S. Person status is required as this position needs to access export controlled data.
PREFERRED QUALIFICATIONS
- Have participated in or supported incident response events.
- Experience building controls around export controlled information, CUI, and other sensitive data.
- Experience working on insider threat teams and working insider threat investigations.
- Experience performing analytics against aggregated log data, and building configurations to parse and handle log data from systems and tools.
- Experience with broad system forensics.
- Current or eligible for TS security clearance.
- Proficient with cybersecurity tools such as UAM, CASB, etc.
- Experience communicating technical security concerns and issues to a non-technical audience.
- Bachelor’s degree in Information Systems, Information Security, Cyber Security, Computer Science, Computer Engineering and 3+ years of security engineering experience; or 5+ years of security engineering experience without a degree.
#LI-CL1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Artificial Intelligence Automation AWS Azure C CASB Clearance Computer Science EDR Forensics Incident response Linux Python Security Clearance Splunk Windows
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs