Senior Security Engineer - Insider Threat
Costa Mesa, CA, USA
Posted on Wednesday, March 22, 2023
Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.
Anduril's Information Security (Insider Threat) Team is looking for an engineer whose mission is to protect Anduril’s employees, intellectual property, customer data and confidential business information from internal and external threats. Information drives our business and we must protect against unauthorized changes, improper destruction, loss, or theft of that information. As a highly visible and dynamic organization, we must also value and guard against damage to our reputation and brand. As an insider threat security engineer you will work closely with the Insider Threat team members as well as the Counterintelligence, Detection and Response, Product Security and Enterprise Security Engineering teams to develop Anduril’s program to deter, detect, and respond to threats. The insider threat program is part of the greater information security organization ultimately reporting into the Chief Information Officer.
WHAT YOU'LL DO
- Be a technical subject matter expert (SME) responsible for enterprise-wide Data Loss Prevention (DLP) controls to include policies, procedures & implementation, working directly with other functional and business teams to drive information protection initiatives.
- Build custom controls for a wide array of insider threat scenarios.
- Proactively identify and evaluate risks, and then discover, select, and implement technology and process solutions that mitigate those risks.
- Design, develop, test, document, deploy, and maintain the architecture, requirements, and designs for the tooling used to help mitigate insider threats to Anduril.
- Identify gaps in infrastructure and work to gain visibility through logging and detection.
- Build and maintain automation that supports the insider threat and broader information security mission.
- Contributes to tool optimization and automation initiatives to streamline analysis and response workflows.
- Contribute in internal investigations where needed providing support in forensic analysis, log review, analysis of alerts, summary of incident timeline, etc.
- Collaborate with the Detection & Response Team & Information Security Engineering team to expand and mature detections.
- Communicate status of projects and systems to the Insider Threat Team, management, and partner organizations.
- Develop rules to alert, prevent, and mitigate threats using network and endpoint technologies.
- Produce written analysis and visual presentation of findings. Ability to communicate findings to all levels of the management team.
- Produce and maintain team dashboards/metrics. Ensure metrics are complete and accurate, and findings are documented in our case management database
- Develop playbooks to improve internal processes and information sharing across teams.
- Must be able to maintain confidentiality and use discretion and good judgment at all times.
- Experience with AWS or Azure security ecosystem and tooling
- Experience architecting identity management or device trust mechanisms
- Experience with modern adversary tradecraft and mitigating controls
- Programming ability in one or more general purpose languages (Python, Go, C++, etc)
- Experience with Windows, Linux, and/or Mac internals and security controls for those systems
- Experience with Splunk and/or other SIEMs
- Proficiency with automating work-flows and streamlining processes in the security space
- Experience with Endpoint Detection and Response (EDR) tools, device management tooling and other telemetry sources
- Must be able to obtain and hold a U.S. Top Secret security clearance
- Have participated in or supported incident response events
- Experience building controls around export controlled information, CUI, and other sensitive data
- Experience working on insider threat teams and working insider threat investigations
- Experience performing analytics against aggregated log data, and building configurations to parse and handle log data from systems and tools
- Experience with broad system forensics
- Current or eligible for TS security clearance
- Proficient with cybersecurity tools such as UAM, CASB, etc
- Experience deploying Data Loss Prevention (DLP) tooling to large complex organizations
- Experience communicating technical security concerns and issues to a non-technical audience
- Bachelor’s degree in Information Systems, Information Security, Cyber Security, Computer Science, Computer Engineering and 3+ years of security engineering experience; or 5+ years of security engineering experience without a degree
- Security clearance and experience with classified systems
Although we list out what we generally look for, we are very likely missing other attributes and skills that you have that could make you a great fit, but are not currently listed. Research has shown this especially applies to women and other marginalized groups, who tend to apply if they check 100% of every box, versus men who apply if they hit roughly 60%. The point we’re getting at, it doesn’t hurt to take a chance and apply!
For Full Time Employment Opportunities: The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in all offers and are considered part of Anduril’s total compensation package. Additionally, Anduril offers top-tier benefits, including comprehensive medical, dental, and vision plans, employee life and disability, mental health and family planning benefits with all premiums paid by Anduril. Anduril provides fully paid medical leave, paid company holidays, and paid time off. A professional development stipend is available to all Andurilians and all on-site meals are fully subsidized during the work week through use of our gourmet kitchens. The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process.
Anduril is an equal-opportunity employer committed to creating a diverse and inclusive workplace. The Anduril team is made up of incredibly talented and unique individuals, who together are disrupting industry norms by creating new paths towards the future of defense technology. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws, including the CA Fair Chance Initiative for Hiring Ordinance. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process. If you are someone passionate about working on problems that have a real-world impact, we’d love to hear from you!