WHAT YOU’LL DO

• Be a technical subject matter expert (SME) responsible for enterprise-wide Data Loss Prevention (DLP) controls to include policies, procedures & implementation, working directly with other functional and business teams to drive information protection initiatives.
• Build custom controls for a wide array of insider threat scenarios.
• Proactively identify and evaluate risks, and then discover, select, and implement technology and process solutions that mitigate those risks.
• Design, develop, test, document, deploy, and maintain the architecture, requirements, and designs for the tooling used to help mitigate insider threats to Anduril.
• Identify gaps in infrastructure and work to gain visibility through logging and detection.
• Build and maintain automation that supports the insider threat and broader information security mission.
• Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.
• Contribute in internal investigations where needed providing support in forensic analysis, log review, analysis of alerts, summary of incident timeline, etc.
• Collaborate with the Detection & Response Team & Information Security Engineering team to expand and mature detections.
• Communicate status of projects and systems to the Insider Threat Team, management, and partner organizations.
• Develop rules to alert, prevent, and mitigate threats using network and endpoint technologies.
• Produce written analysis and visual presentation of findings. Ability to communicate findings to all levels of the management team.
• Produce and maintain team dashboards/metrics. Ensure metrics are complete and accurate, and findings are documented in our case management database
• Develop playbooks to improve internal processes and information sharing across teams.
• Must be able to maintain confidentiality and use discretion and good judgment at all times.

REQUIRED QUALIFICATIONS

• Experience with AWS or Azure security ecosystem and tooling
• Experience architecting identity management or device trust mechanisms
• Experience with modern adversary tradecraft and mitigating controls
• Programming ability in one or more general purpose languages (Python, Go, C++, etc)
• Experience with Windows, Linux, and/or Mac internals and security controls for those systems
• Experience with Splunk and/or other SIEMs
• Proficiency with automating work-flows and streamlining processes in the security space
• Experience with Endpoint Detection and Response (EDR) tools, device management tooling and other telemetry sources
• Must be able to obtain and hold a U.S. Top Secret security clearance

PREFERRED QUALIFICATIONS

• Have participated in or supported incident response events
• Experience building controls around export controlled information, CUI, and other sensitive data
• Experience working on insider threat teams and working insider threat investigations
• Experience performing analytics against aggregated log data, and building configurations to parse and handle log data from systems and tools
• Experience with broad system forensics
• Current or eligible for TS security clearance
• Proficient with cybersecurity tools such as UAM, CASB, etc
• Experience deploying Data Loss Prevention (DLP) tooling to large complex organizations
• Experience communicating technical security concerns and issues to a non-technical audience
• Bachelor’s degree in Information Systems, Information Security, Cyber Security, Computer Science, Computer Engineering and 3+ years of security engineering experience; or 5+ years of security engineering experience without a degree
• Security clearance and experience with classified systems