Staff Insider Threat Engineer

At Early Warning, we’ve powered and protected the U.S. financial system for over thirty years with cutting‑edge solutions like Zelle, Paze, and so much more. As a trusted name in payments, we partner with thousands of financial institutions to increase access to financial services and protect transactions for hundreds of millions of consumers and small businesses. Positions located in Scottsdale, San Francisco, Chicago, or New York follow a hybrid work model to allow for a more collaborative working environment. Candidates responding to this posting must independently possess the eligibility to work in the United States for any employer at the date of hire. This position is ineligible for employment visa sponsorship. Overall Purpose The Staff Insider Threat Engineer is part of a high‑performance team, responsible for detecting, identifying, mitigating, and responding to critical or urgent insider threat situations. The individual will work closely with CSIRT, HR, Legal, Privacy, and other teams to identify, triage, and respond to insider threats. Responsibilities Lead the deployment, configuration, and tuning of insider threat detection tools to ensure optimal performance and integration with existing security systems. Mature and improve the comprehensive insider threat program aligned with organizational goals and regulatory standards. Monitor user and entity behavior analytics to identify suspicious activities and policy violations. Perform detection and investigative analysis activities for a variety of digital devices, computers, storage media, servers, networks, and cloud‑based services. Conduct advanced host and network forensics and malware analysis; investigate and respond to incidents; provide recommendations to improve the company’s security posture. Escalate complex issues as needed. Track investigations and incidents through resolution. Analyze vulnerabilities from an insider threat perspective and remediate as required. Use data from cyber defense tools (e.g., DLP, IDS alerts, firewalls, network traffic logs) to analyze events that occur within the environment for the purpose of mitigating insider threats. Maintain awareness of trends in security, regulatory, technology, and operational requirements, including the current threat landscape and adversary tactics, techniques, and procedures. Create intellectual property such as procedural documentation and tools for automated analysis and correlation activities. Represent the insider threat team at internal and external threat intelligence and cybersecurity forums. Perform on‑call activities when required. Ensure the company’s commitment to protecting the integrity and confidentiality of systems and data. Minimum Qualifications Education and/or experience typically obtained through completion of a bachelor’s degree or a 2‑year degree in Computer Science, Engineering, Math, Physical Science, or equivalent experience. Minimum 10 years of progressive information security technology experience. Proven advanced analytical skills across various technologies. Advanced understanding of networking and security concepts. Advanced understanding of insider threat techniques and detection. Ability to generate incident and event write‑ups for a non‑technical audience. Experience in identifying, triaging, and escalating tickets based on severity and malicious activity. Experience in responding to malicious threats from various sources. Experience with the incident response process. Ability to work within a team environment as well as independently. Effective communication skills to speak and write for all technology experience levels. Effective interpersonal skills, able to comfortably present to peers, coworkers, and customers. A propensity for continued development of skills through research and training. Background and drug screen. Preferred Qualifications Additional related education, certifications, and/or experience is beneficial. Subject‑matter expert within insider threat domains, threat actors, and data engineering. Subject‑matter expert in one or more security tools such as EDR platforms, SIEMs, or UBA tools. Experience in cloud technology. Experience utilizing Data Loss Prevention tools. Physical Requirements Work consists of a normal office environment. It is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Occasional standing, walking, kneeling, and reaching may be required. Ability to lift 10 pounds occasionally and/or negligible force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment, including personal computers. Requires ability to communicate with internal and/or external customers. The employee must be able to perform essential functions and conditions of the position with or without reasonable accommodation. Compensation Base pay scale (USD per year): Phoenix, AZ / Chicago, IL – $132,000 to $165,000; San Francisco, CA – $158,000 to $198,000. Candidates are also eligible for a discretionary incentive plan and benefits. The pay scale is subject to change and is not a guarantee of any specific pay. Benefits Health Coverage – Competitive medical (PPO/HDHP), dental, and vision plans; company contributions to Health Savings Account (HSA) or flexible spending accounts (FSA) for commuting, health, and dependent care expenses. 401(k) Retirement Plan – 100% company safe harbor match on first 6% deferral immediately upon eligibility. Paid Time Off – Flexible time offs for exempt employees, generous PTO for non‑exempt employees, 11 paid company holidays and a paid volunteer day. Paid Parental Leave – 12 weeks. Maven Family Planning support (egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work). Equal Employment Opportunity Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Early Warning Services, LLC (“Early Warning”) considers for employment, hires, retains and promotes qualified candidates on the basis of ability, potential, and valid qualifications without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law. The company also prohibits discrimination on other bases such as medical condition or marital status. Accommodation Information If you have a disability or a special need that requires accommodation to navigate our website or complete the application process, please email View email address on click.appcast.io for assistance. Other Legal Information This posting includes privacy and employment verification information. For full details visit the company’s privacy notice and E‑Verify pages. #J-18808-Ljbffr Early Warning Services LLC