Related skills
splunk siem edr dlp ueba๐ Description
- Develop and refine insider threat detections via log analytics and behavior data.
- Monitor for data exfiltration, privilege misuse, policy violations, and unusual behavior.
- Use SIEM (Splunk), endpoint telemetry (SentinelOne), and Microsoft Purview to detect activity.
- Build detection logic for USB transfers, cloud uploads, and mass file access.
- Support risk scoring models and behavioral analytics refinements.
- Conduct insider threat investigations using endpoint, identity, cloud telemetry.
๐ฏ Requirements
- 2+ years in information security investigations, incident response, SOC operations, or related cybersecurity roles.
- Experience with SIEM platforms (Splunk preferred).
- Experience interpreting endpoint telemetry (SentinelOne preferred or equivalent EDR).
- Experience with data governance or data loss prevention tools (Microsoft Purview preferred).
- Strong understanding of Windows, macOS, and enterprise authentication systems.
- Ability to write and tune log queries for investigation and detection.
๐ Benefits
- Total rewards include PTO, retirement, bonus eligibility, equity, and stock plan.
- Competitive health benefits and family-friendly perks including parental leave.
- Diversity and inclusion emphasis with Employee Resource Groups.
- EEO policy and equal opportunity commitment.
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Engineering Jobs. Just set your
preferences and Job Copilot will do the rest โ finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!