Senior Security Engineer - Insider Trust and DLP

This role will ideally be seated on Menlo Park, CA, Seattle, WA, or New York, NY

About the Team and Role:

The Insider Trust Program is a cornerstone of security at Robinhood. We exemplify our Safety First value by mitigating the risk of insider threats to Robinhood’s people and resources.  Our team is committed to safeguarding Robinhood and our customers, while also prioritizing the protection and well-being of our valued employees.  We proactively detect, assess, and mitigate potential insider threats by implementing robust security measures, fostering a culture of awareness and accountability, and promoting the responsible use of company resources.

We are seeking a proactive, creative, and independent senior security engineer with experience in both Data Loss Prevention (DLP) and Insider Threat investigations and analysis. Our holistic approach to Insider Trust includes protecting data. The best candidate for this opportunity will be well-versed in data safety and data loss prevention, while also understanding the full range of Insider Trust use cases.  As a member of the Insider Trust Program, you'll work cross-functionally to optimize and integrate DLP  tooling and detections, as well as support insider threat analysis and investigations. 

This role is within Safety & Productivity (S&P), reporting directly to the Head of Insider Trust. Not all applicants will have skills that fully match a job description. We value diversity, and we encourage anyone who meets the required qualifications to apply. 

What you’ll do day-to-day:

• Create and tune policies and detections using DLP and Insider Trust tooling
• Build detections to expand DLP and Insider Trust use case coverage, including building detections that depend on data classification. 
• Integrate data from multiple sources to mature visibility of data movement and loss events in Splunk
• Produce and maintain dashboards/metrics; ensure metrics are complete and accurate
• Drive programmatic improvements through automation and data-driven insights
• Author playbooks to codify internal processes
• Triage alerts linked to anomalous insider behaviors
• Conduct source interviews and author reports in support of insider threat investigations
• Consistent communication with cross-functional stakeholders, including Legal, Employee Relations, and leadership. 

About you:

• 5+ years of security engineering experience across both DLP and insider threat.
• Technical Expertise: Strong background in cybersecurity, experience with DLP technologies and methods, experience crafting insider threat detections, and working knowledge of incident response procedures. Knowledge of industry practices for data classification, data encryption, and mitigating risk of data leakage.
• Insider Threat Knowledge: Deep understanding of insider threat detection and mitigation techniques and use cases. This includes behavioral analytics, user monitoring, and privileged access management. Experience in identifying insider threat indicators, conducting insider threat investigations, and analyzing patterns of activity is essential.
• Analytical Skills & Investigative Mindset: Strong quantitative and qualitative analytic capabilities, including ability pattern recognition, anomaly detection, and ability to identify use-case specific suspicious behaviors that may be early indicators of insider threat. The ability to correlate and analyze large volumes of data from various sources is critical. Experience in gathering evidence, conducting interviews, and documenting findings in a forensically sound manner is necessary.
• Ethics and Integrity: Given the sensitivity and confidentiality of insider threat investigations, you should demonstrate the highest level of ethics and integrity, with a commitment to maintaining confidentiality, professionalism, and compliance with applicable laws and regulations.
• Continuous Learning: You should have a mindset of continuous learning and keeping up-to-date with the latest trends, technologies, and best practices in DLP and insider threat detection and mitigation.

Top Skills & Experience 

• Experience/familiarity with MacOS and GSuite
• Expertise in SaaS application configurations to support DLP and Insider Trust use cases
• Experience creating regex for custom data classification needs 
• Deep understanding of data environments and data movement, including protecting endpoints, data threat vectors, and relevant mitigating controls
• Splunk proficiency, including API integration and joining indices 
• Deep understanding of insider threat TTPs and technologies
• Experience conducting source and subject interviews

Bonus points:

• Prior experience on an Insider Threat/Counterintelligence Program
• Experience in Security Operations and/or Digital Forensics & Incident Response (DFIR)
• Experience in a cloud-native company
• Experience in the financial sector