Insider Risk Engineer

🔥 13 hours ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Dragonfli Group

WebsiteLinkedInAll Job Openings

11 - 50 employees

The Dragonfli Group is a Washington, DC based LLC specializing in management and technology consulting. Dragonfli transforms its clients’ businesses by leveraging high impact strategic planning and technology solutions coupled with our deep expertise in infrastructure, corporate strategy and operations. The Dragonfli Group's passionate and experienced consultants take a collaborative approach to provide strategic planning and information security solutions to organizations looking to increase profitability, streamline operations, manage risk, meet regulatory demands and build market share.

📋 Description

• Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering • Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives • Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity • Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement • Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse • Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation • Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents • Develop and maintain playbooks and response workflows for insider risk scenarios • Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies • Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage • Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses • Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture • Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status

🎯 Requirements

• 7+ years of experience in cybersecurity, security operations, threat detection, insider risk, or incident response • 3-5+ years of hands-on Splunk experience including Splunk Enterprise Security, UEBA, content development, alerting, and dashboarding • Demonstrated experience writing and optimizing Splunk Search Processing Language (SPL) • Experience with CrowdStrike Falcon including alert triage, incident response support, detection tuning, and false positive reduction • 2+ years of investigation experience involving insider risk, security incidents, technical investigations, intellectual property matters, fraud, or related areas • Experience developing and improving detection use cases, playbooks, and operational workflows • Experience working in a heavily regulated environment (federal or financial sector preferred) • Strong analytical, communication, and stakeholder coordination skills • U.S. Citizenship required

🏖️ Benefits

• Insurance - health, dental, and vision • Paid Time Off (PTO) and 11 Federal Holidays • 401(k) employer match