[Remote] Senior Analyst - Insider Threat (Remote)
Auto ImportNote: The job is a remote job and is open to candidates in USA. United Airlines is a global company that operates in hundreds of locations, focusing on uplifting and providing opportunities in the communities they serve. They are seeking a Senior Analyst for Insider Threat to advance detection capabilities and improve insider threat monitoring, partnering with various teams to align detections with risk priorities.
Responsibilities
- Detection Engineering & Alert Fidelity Optimization: Design, build, and continuously refine insider threat detection logic, use cases, and analytics to improve signal quality. Focus on reducing false positives and increasing the percentage of actionable insider threat alerts
- Alert Triage, Investigation, & Feedback Loop: Lead triage and investigation of insider threat alerts, applying structured methodologies to assess risk Translate investigation outcomes into detection improvements, ensuring a continuous feedback loop between operations and engineering
- Detection Strategy & Use Case Development: Develop and implement a scalable detection strategy aligned to key insider threat risks (i.e., data exfiltration, employee exit risk, misuse). Identify gaps and prioritize new detection use cases to expand coverage and effectiveness
- Threat Hunting & Advanced Analytics: Conduct proactive threat hunting using behavioral, endpoint, and data activity signals to identify emerging insider risks. Translate findings into new detection use cases and improvements to existing detection logic
- Cross-Functional Partnership: Partner with Data Protection, Legal, HR, and Cyber teams to ensure detections are risk-aligned, context-aware, and operationally actionable. Incorporate business context and investigation requirements into detection design to improve alert fidelity and response effectiveness
Skills
- Bachelor's degree required (Cybersecurity, Information Technology, Computer Science majors preferred)
- 3+ years in STEM-related field
- Strong experience with insider threat detection methodologies, behavioral analytics, and risk indicators
- Proven ability to design, tune, and operationalize detection logic to improve alert quality and reduce noise
- Experience working with DLP, UEBA, or related telemetry to identify and investigate insider risk activity
- Analytical mindset with ability to translate investigation outcomes into detection improvements
- Understanding of data classification, data movement patterns, and exfiltration techniques
- Ability to measure and improve detection effectiveness (i.e., alert fidelity, actionable alert rate)
- Strong collaboration and communication skills to influence cross-functional stakeholders
- Must be legally authorized to work in the United States for any employer without sponsorship
- Successful completion of interview required to meet job qualification
- Reliable, punctual attendance is an essential function of the position
- Master's degree
- Certifications such as CISA, Security +
- Hands-on experience with DLP platforms, insider risk tools, or detection engineering workflows
- Experience using Splunk for Insider Threat
- Familiarity with M365 / Purview, endpoint telemetry, or cloud activity monitoring
- Experience building metrics or KPIs to track detection performance and program maturity
- Knowledge of automation or scripting to support detection tuning and scaling
Benefits
- Medical
- Dental
- Vision
- Life
- Accident & disability
- Parental leave
- Employee assistance program
- Commuter
- Paid holidays
- Paid time off
- 401(k)
- Flight privileges
Company Overview