CrawlJobs Logo
Airbnb Logo Airbnb · IT - Administration

Lead Insider Threat Investigator

Australia, Sydney · Job Posted June 09, 2026
Apply Position
Job Link Share

Job Description

The Insider Threat Lead Investigator is responsible for conducting high-risk, complex insider threat investigations involving cybersecurity, financial misconduct, intellectual property theft, unauthorized access, and data exfiltration. This role focuses on investigating identified threats produced by the Information Security Engineering team or from other internal reporting. The investigator will conduct technical investigations, guide OSINT research, perform subject interviews, evidence collection, data deletion, and asset retrieval, while ensuring adherence to employment law, corporate policies, and regulatory requirements. This role requires deep technical expertise in digital forensics, cloud security, log analysis, and enterprise forensic tools while maintaining strong legal acumen to manage sensitive cases involving corporate risk, HR, and compliance considerations.

Job Responsibility

  • Conduct high-risk, complex insider threat investigations involving cybersecurity, financial misconduct, intellectual property theft, unauthorized access, and data exfiltration
  • Investigate identified threats produced by the Information Security Engineering team or from other internal reporting
  • Conduct technical investigations, guide OSINT research, perform subject interviews, evidence collection, data deletion, and asset retrieval
  • Ensure adherence to employment law, corporate policies, and regulatory requirements
  • Utilize a functional understanding of information security principles, practices, and frameworks
  • Investigate insider threat cases including financial misconduct, engineering production abuse, intellectual property theft, legal escalations involving executive personnel
  • Conduct structured investigative interviews
  • Manage incident response in coordination with Information Security, HR, Legal, and other relevant parties
  • Perform custom high-severity data deletions and secure asset retrieval
  • Collaborate with security engineering teams for forensic collection of digital evidence
  • Perform log analysis and coordinate event queries across enterprise systems
  • Ensure investigations adhere to employment law, corporate policies, data privacy regulations, and commercial legal frameworks
  • Collaborate with Legal, HR, Privacy, and Compliance teams
  • Provide clear, structured briefings on high-profile cases to executive leadership
  • Lead post-mortem reviews to refine investigative methodologies

Requirements

  • 10-12 years of experience in insider threat investigations, security, digital forensics, or related industries
  • Proven experience conducting high-risk, legally sensitive investigations involving corporate executives and critical business functions
  • Strong expertise in Windows, MacOS, and Chrome OS forensic tools
  • Experience in SQL-based forensic data correlation and behavioral anomaly analysis
  • Strong employment legal and commercial legal acumen, with experience handling workplace investigations and regulatory compliance
  • Familiarity in digital forensic tools
  • Advanced knowledge of Windows Event Viewer, MacOS Console, Chrome OS system logs for forensic evidence retrieval
  • Comprehension and skills in investigating cloud environments and Kubernetes
  • Experience with high-severity data deletion and asset retrieval in corporate environments
  • Ability to conduct investigative interviews and communicate findings clearly and effectively to legal, HR, and security teams

Nice to have

  • Sans GIAC, GCFA, or GCFE (Advanced Digital Forensics)
  • CISSP
  • AWS/Google/Azure Security certifications
  • CompTIA Cloud+
  • Kubernetes Security or Fundamentals
Airbnb - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Lead Insider Threat Investigator

8 matching positions

SOC Insider Threat Lead Analyst

SOC Insider Threat Lead Analyst position at Citi, responsible for monitoring, re...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years working in the security & operations fields
  • Bachelor's degree or higher (Computer Science or Cybersecurity preferred) or equivalent work experience
  • Excellent knowledge of network security, TCP/IP, various operating systems (Windows/UNIX), and web technologies
  • Ability to read and understand packet level data
  • Experience with user behavior analytics, DLP, IDS/IPS, firewalls, and host security products (HIPS, AV, EDR, etc)
  • Certifications from EC-Council, GIAC, or (ISC)² are preferred [CISSP, C|EH, GCIA, CCNA]
  • Good communication skills with the ability to articulate clearly in high stress situations
  • Skills and proficiency with MS PowerPoint, Excel, Access or other analytical tools
Job Responsibility
Job Responsibility
  • Perform monitoring, research, assessment and analysis on alerts from various security tools
  • Recommend and review new use cases for insider threat monitoring
  • Follow pre-defined actions to investigate security incidents or perform incident response actions
  • Execute daily ad hoc tasks or lead projects as needed
  • Participate in or lead daily and ad-hoc conference calls
  • Create, update or provide process documentation, or provide requested evidence for compliance & controls requests
  • Fulltime
Read More
Arrow Right

SOC Insider Threat Lead Analyst

The analyst will perform monitoring, research, assessment and analysis on alerts...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years working in the security & operations fields
  • Bachelor’s degree or higher (Computer Science or Cybersecurity preferred) or equivalent work experience
  • Excellent knowledge of network security, TCP/IP, various operating systems (Windows/UNIX), and web technologies (focusing on Internet security)
  • Ability to read and understand packet level data
  • Experience with user behavior analytics, DLP, IDS/IPS, firewalls, and host security products (HIPS, AV, EDR, etc)
  • Good communication skills with the ability to articulate clearly in high stress situations
  • Work independently and are self-directed
  • Detail oriented and perseverant individual
  • Positive attitude with the drive to get the work done
  • Self-starter with good problem solving skills, and you continuously look for ways to improve things
Job Responsibility
Job Responsibility
  • Perform monitoring, research, assessment and analysis on alerts from various security tools, including firewalls, antivirus systems, user behavior analytics tools, proxy devices and SIEM tools
  • Recommend and review new use cases for insider threat monitoring
  • Follow pre-defined actions to investigate security incidents or perform incident response actions, including escalating to other support groups
  • Execute daily ad hoc tasks or lead projects as needed
  • Participate in or lead daily and ad-hoc conference calls
  • Create, update or provide process documentation, or provide requested evidence for compliance & controls requests
  • Fulltime
Read More
Arrow Right

Security Engineer, Insider Threat Detection & Response

As a Security Engineer you will join our OpenAI engineers and researchers in bui...
Location
Location
United States , San Francisco; Seattle; New York City
Salary
Salary:
230000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years experience working in a detection/response or insider-risk role
  • Broad familiarity with operating systems and platforms such as macOS, Windows, Linux, and Kubernetes, along with experience in cloud infrastructure
  • Knowledge of modern adversary tactics and attack paths, data exfiltration techniques, and have experience running and leading incidents
  • Proficiency with a scripting language (e.g. Python, Bash, PowerShell, or similar)
  • Independently manage and run projects, balance preventative controls with user friction, and prioritize efforts for risk reduction
  • Motivated by securing transformative technology and can adapt familiar security frameworks to new risks in AI infrastructure
Job Responsibility
Job Responsibility
  • Innovate on Detection and Response infrastructure to engineer and automate end-to-end detection and investigation workflows
  • Develop, measure, and tune detection rules to ensure effective and sustainable operations
  • Drive projects across OpenAI’s technology stack with a focus on insider threats, ranging from access abuse and intellectual property theft to novel risks emerging within AI infrastructure
  • Partner closely with cross-functional stakeholders, including HR, Legal, and peer investigative teams, providing technical expertise and evidence to support investigations
  • Collaborate on cutting-edge AI research, and use AI to improve OpenAI’s Security posture
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right
New

Insider Risk Lead

Brown & Brown is seeking an Insider Risk Lead to join our growing team remotely ...
Location
Location
United States , Daytona Beach; Dallas; Atlanta
Salary
Salary:
200000.00 - 225000.00 USD / Year
bbrown.com Logo
Brown & Brown UK
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in cybersecurity, information technology, risk management, or related field (or equivalent experience)
  • 7+ years of experience in cybersecurity, insider threat, digital forensics, SOC operations, or similar roles
  • Proven experience developing or managing insider risk or behavioral analytics programs
  • Strong understanding of data protection, access management, monitoring tools, and investigative methodologies
  • Superior communication and judgment, especially in sensitive or confidential situations
  • Experience in decentralized or federated enterprise environments (preferred)
  • Relevant certifications (e.g., CISSP, CISM, CEH, GIAC certified tracks) (preferred)
  • Experience with UBA, SIEM, DLP, endpoint detection, or cloud analytics platforms (preferred)
  • Experience working with HR, legal, or compliance leadership on risk matters (preferred)
Job Responsibility
Job Responsibility
  • Lead the design, governance, and maturity roadmap of the Insider Risk Program
  • Develop policies, standards, and procedures aligned to enterprise cybersecurity objectives and regulatory expectations
  • Establish operational models for monitoring, escalation, and executive reporting
  • Oversee behavioral and technical monitoring tools (e.g., UBA, DLP, and privileged activity analytics)
  • Conduct and/or coordinate insider risk investigations, ensuring accuracy, discretion, and appropriate documentation
  • Partner with Cybersecurity Operations to triage and interpret insider related alerts
  • Serve as the primary liaison to Legal, HR, Compliance, Technology, and business units for insider risk processes
  • Facilitate communication and training to promote a culture of awareness and shared accountability
  • Work within Brown & Brown’s decentralized structure to ensure alignment, transparency, and consistent practices
  • Develop and deliver dashboards, reports, and insights for cybersecurity leadership and executive stakeholders
What we offer
What we offer
  • Medical/Rx
  • Dental
  • Vision
  • Life Insurance
  • Disability Insurance
  • ESPP
  • 401k
  • Student Loan Assistance
  • Tuition Reimbursement
  • Free Mental Health & Enhanced Advocacy Services
  • Fulltime
Read More
Arrow Right
New

Senior Employee Relations Lead

Astrion has an exciting opportunity for a Senior Employee Relations Lead on a hy...
Location
Location
United States , Huntsville, AL; Arlington, VA; Colorado Springs, CO
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Human Resources, Business Administration, Employment Law, Organizational Development, or a related field
  • equivalent combination of education and experience may be considered
  • 8+ years of progressive Human Resources experience, including at least 5 years focused on Employee Relations in a government contracting, defense, aerospace, engineering, or other highly regulated environment
  • Demonstrated experience independently managing complex employee relations matters, including workplace investigations, performance management, corrective action, employee misconduct, employee separations, accommodations, and conflict resolution
  • Proven ability to conduct and document complex workplace investigations involving harassment, discrimination, retaliation, ethics concerns, policy violations, and other sensitive matters
  • Deep knowledge of federal and state employment laws and regulations, including Title VII, ADA, PWFA, FMLA, FLSA, and other applicable employment requirements
  • Demonstrated ability to assess organizational risk, exercise sound judgment, and partner effectively with HR leadership, Legal Counsel, and business leaders
  • Proven experience coaching and advising HR Business Partners, HR professionals, and business leaders on employee relations, accommodations, performance management, investigations, and workplace risk mitigation
  • Experience managing employee relations case tracking systems, documentation standards, reporting processes, and compliance-related audits
  • Exceptional written and verbal communication skills
Job Responsibility
Job Responsibility
  • Serve as a primary employee relations resource for HR Business Partners, providing guidance on workplace concerns, investigations, corrective actions, performance management, separations, and other employee relations matters
  • Monitor employee relations activity across the organization to promote consistency, appropriate documentation, and alignment with company practices
  • Independently manage escalated, complex, and high-risk employee relations cases
  • Guide and/or prepare investigation summaries, findings, recommendations, and supporting documentation for HR leadership and Legal review
  • Partner with HR Business Partners, HR Directors, and Legal to assess risk and determine appropriate resolutions for sensitive matters
  • Own and continuously improve employee relations workflows, templates, documentation standards, and case management practices
  • Administer employee relations tracking systems, including EthicsPoint, ensuring accurate records, timely follow-up, and meaningful reporting
  • Maintain processes related to workplace investigations, accommodations, performance improvement plans, involuntary terminations, contractual descopes, and workforce reduction activities
  • Conduct periodic audits of employee relations files and documentation to ensure quality, consistency, and compliance
  • Serve as the organization's subject matter expert for the accommodation process, providing guidance to leaders, HR staff, and HR Business Partners
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Continuous Evaluation (Ce) / Vetting (Cv) Investigator Level Iii (3)

Amentum is seeking a Continuous Evaluation (CE) / Vetting (CV) Investigator Leve...
Location
Location
United States , Springfield
Salary
Salary:
110000.00 - 115000.00 USD / Year
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • TS/SCI clearance and must be willing to undergo a polygraph exam
  • Minimum 7-10 years of personnel security background investigation experience
  • Comprehensive interview skills to detect anomalies, issue resolution follow-up, and obtaining coverage for developed information
  • Clear and concise writing skills
  • Positive, engaging communication skills
  • Excellent organizational skills to ensure required timelines pertaining to the new Federal Personnel Vetting Investigative Standards, current Federal Investigative Standards (FIS) and Expandable Focused Investigation (EFI) requirements are met
Job Responsibility
Job Responsibility
  • Document, file, update, and maintain all investigative actions in the PeopleSoft (PS) and SISPV SharePoint (SP) security system of records
  • Collect, research, investigate, resolve security concerns, and document findings in accordance with Federal Investigative Standards (FIS) Expandable Focused Investigation (EFI) Module. Complete a Report of Investigation (ROI) not to exceed a 5% error rate and forward to the Adjudications Branch (SISPA) all relevant information received from investigated subjects for a final adjudicative determination within established Personnel Security Division (SISP) timelines
  • Collaborate, coordinate, and share information with internal/external stakeholders (e.g. NGA Office of the Inspector General, Office of Counter Insider Threat, Office of Counterintelligence, Office of General Council, Human Development), and/or others as directed by SISPV leadership
  • Collect and develop information from a variety of sources. Follow-up as appropriate to ensure timely action on all CEP events
  • Prepare quality ROIs which are accurate, detailed, succinct and in an organized manner not to exceed a 5% error rate
  • Coordinate with sources to resolve missing or discrepant information. Ensure attention to detail is thorough when resolving data sets
  • Prepare all applicable filer notifications regarding SFDP to NGA filers at intervals specified by the program
  • Investigate and process CE/CV cases in the timeframes designated by the SFDP Team Lead for that filing season
  • Accurately access the 13 adjudicative guidelines/areas of concern in accordance with the FIS Expandable Focused Investigation (EFI), new Federal Personnel Vetting Investigative Standards, and SEAD (3, 4, & 6) guidance
What we offer
What we offer
  • Health, dental, and vision insurance
  • Paid time off and holidays
  • Retirement benefits (including 401(k) matching)
  • Educational reimbursement
  • Parental leave
  • Employee stock purchase plan
  • Tax-saving options
  • Disability and life insurance
  • Pet insurance
  • Fulltime
Read More
Arrow Right

Senior Industrial Security Consultant

We are seeking an experienced Sr Industrial Security Specialist/COMSEC Officer t...
Location
Location
United States , Reston
Salary
Salary:
96500.00 - 188400.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years experience in security program or program management or related field OR equivalent experience
  • Active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Verification of U.S. citizenship
Job Responsibility
Job Responsibility
  • Self-Motivation & Problem-Solving: Demonstrate ability to solve complex problems independently and proactively
  • Time Management & Independence: Effectively manage time, prioritize tasks, and work independently to meet deadlines
  • Decision Making: Make informed decisions that enhance the security program and foster strong relationships with internal and external stakeholders
  • Attention to Detail: Maintain a high standard of organization, punctuality, and attention to detail in all tasks
  • Core Values: Exhibit integrity, flexibility, adaptability, and a growth mindset in all aspects of the role
  • Collaboration: Work closely with internal teams such as Insider Threat & Counterintelligence, Personnel Security, Information Systems Security, and Legal
  • Regulatory Compliance: Engage with Government Security authorities to ensure compliance with regulations and directives, including CFR 32 Part 117, ICDs, DoDM 5105.21, and DoDM 5205.07
  • Training: Conduct Security Education and Training (SETA) sessions
  • Customer Engagement: Serve as a liaison between internal and external customers or government officials in the performance of security duties
  • Accreditation: Maintain ICD705 accreditations in accordance with the guidelines set by the Cognizant Security Agency
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

The Senior Security Engineer is a hands-on technical expert responsible for desi...
Location
Location
United States , Houston
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong hands-on experience securing Microsoft enterprise environments, including: Microsoft Entra ID identity governance and administration
  • Privileged Identity Management (PIM) implementation and operations
  • Endpoint and identity protection using Microsoft Defender XDR
  • Endpoint management and hardening with Microsoft Intune
  • Data protection and monitoring using Microsoft Purview including: Data Loss Prevention (DLP), Insider Risk Management / Insider Threat monitoring
  • Deep operational and engineering experience with: CyberArk Privileged Access Manager
  • Experience designing and managing enterprise PKI environments including: Microsoft Active Directory Certificate Services, Certificate lifecycle management platform (Keyfactor, Secitgo, etc), TLS certificate automation and renewal processes
  • Hands-on engineering experience with enterprise network security platforms: F5 BIG-IP Local Traffic Manager (LTM), F5 Advanced WAF / Web Application Firewall configuration, Load balancing architecture and traffic management, High availability and disaster recovery design for network security platforms, Cisco Secure Access – Web Security
  • Strong foundational knowledge in: Enterprise networking (routing, segmentation, firewalls, load balancing), Windows enterprise environments, Active Directory architecture and security, Authentication protocols and identity infrastructure, VMware ESXi Architecture & operation
  • Strong capability in security operations including: Threat hunting, Incident detection and response, Incident containment and remediation, Root cause analysis and post-incident improvements
Job Responsibility
Job Responsibility
  • Designing, implementing, and operating security technologies in mid-size Enterprise environment
  • Engineering, maintaining, and continuously improving enterprise security controls across identity, endpoint, network, and application security domains
  • Collaborating closely with infrastructure, networking, and development teams to ensure security controls are seamlessly integrated into enterprise systems and services
  • Strengthening and advancing the organization’s overall security posture
  • Architecting and troubleshooting production-grade deployments
  • Leading investigations and coordinating response actions
What we offer
What we offer
  • Medical, vision, dental, and life and disability insurance
  • Enrollment in company 401(k) plan
Read More
Arrow Right