CrawlJobs Logo

Security Engineer, Insider Threat Detection & Response

United States, San Francisco 230000.00 - 385000.00 USD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

As a Security Engineer you will join our OpenAI engineers and researchers in building, operating and securing transformational AI technologies. This role will focus on all aspects of Detection & Response but with a strong emphasis on detecting insider threats and influencing controls to safeguard OpenAI's most sensitive assets.

Job Responsibility

  • Innovate on Detection and Response infrastructure to engineer and automate end-to-end detection and investigation workflows
  • Develop, measure, and tune detection rules to ensure effective and sustainable operations
  • Drive projects across OpenAI’s technology stack with a focus on insider threats, ranging from access abuse and intellectual property theft to novel risks emerging within AI infrastructure
  • Partner closely with cross-functional stakeholders, including HR, Legal, and peer investigative teams, providing technical expertise and evidence to support investigations
  • Collaborate on cutting-edge AI research, and use AI to improve OpenAI’s Security posture

Requirements

  • 5+ years experience working in a detection/response or insider-risk role
  • Broad familiarity with operating systems and platforms such as macOS, Windows, Linux, and Kubernetes, along with experience in cloud infrastructure
  • Knowledge of modern adversary tactics and attack paths, data exfiltration techniques, and have experience running and leading incidents
  • Proficiency with a scripting language (e.g. Python, Bash, PowerShell, or similar)
  • Independently manage and run projects, balance preventative controls with user friction, and prioritize efforts for risk reduction
  • Motivated by securing transformative technology and can adapt familiar security frameworks to new risks in AI infrastructure

What we offer

  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Relocation support for eligible employees
  • Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided
  • Offers Equity
  • Performance-related bonus(es) for eligible employees

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Security Engineer, Insider Threat Detection & Response

8 matching positions

Senior Security Engineer, Threat Intelligence

As a Senior Security Engineer specializing in Threat Intelligence on the Detecti...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in technical security engineering roles
  • 3+ years focused on threat intelligence
  • Strong understanding of modern attacker TTPs, including cloud-native, SaaS, identity-focused, and insider-adjacent threat patterns
  • Experience developing intelligence requirements, prioritization frameworks, analysis workflows, and emulation scenarios
  • Hands-on experience with scripting or automation (e.g., Python, APIs, SOAR workflows) to improve operational efficiency and cross-team execution
  • Ability to produce concise, high-quality written intelligence, including executive-level summaries
  • Familiarity with security telemetry, logs, and investigative workflows used by detection and response teams
  • Willingness to participate in an on-call rotation and support security incidents during high-severity or off-hours events
Job Responsibility
Job Responsibility
  • Research, track, and assess the threat landscape by analyzing relevant threat actors, campaigns, and behaviors affecting 1Password’s attack surface, identity systems, brand, third-party ecosystem, and insider risk scenarios
  • Analyze and prioritize information to develop actionable intelligence that informs detection coverage, hunting activities, and response readiness
  • Partner with Detection Engineering to design and validate threat-based detections, including through adversary emulation, simulation, or controlled testing
  • Use automation and scripting to improve how threat intelligence is collected, enriched, distributed, and actioned across Security workflows
  • Curate and deliver threat intelligence reporting for both technical teams and executive stakeholders
  • Build and maintain repeatable threat intelligence processes, workflows, and documentation that scale with the Detection & Response program
  • Participate directly in security operations by triaging alerts, supporting investigations, managing incidents, and contributing to post-incident learning
What we offer
What we offer
  • Health benefits
  • Dental benefits
  • 401k/RRSP
  • Generous paid time off
  • Equity grant
  • Participation in incentive programs
  • Maternity and parental leave top-up programs
  • RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Fulltime
Read More
Arrow Right

Security Engineer - Detection Engineering, Surface Coverage

Meta Security is looking for a Security Engineer with experience in threat model...
Location
Location
United States , Bellevue
Salary
Salary:
122000.00 - 181000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of experience in Detection and Response Engineering or similar Security Engineering role
  • Bachelor's degree or equivalent experience in Cyber Security
  • Experience building complex automations and integrations using Security Orchestration, Automation and Response platforms
  • Experience designing systems used for responding to both external and insider threats
  • Experience analyzing network and host-based security events
  • Knowledge of networking technologies, specifically Transmission Control Protocol (TCP)/Internet Protocol (IP) and the related protocols
  • Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux
  • Coding/scripting experience in one or more general purpose languages
  • Experience with attacker tactics, techniques, and procedures
Job Responsibility
Job Responsibility
  • Lead cross-functional projects to improve our functionalities to effectively detect and respond to security incidents
  • Review security architecture of large-scale custom and commercial systems and under your own initiative propose logging, detection and prevention controls
  • Perform TTP-based Threat Modeling for a wide variety of assets including endpoints, mobile, servers, internal services, public & private cloud environments and networking equipment
  • Perform analysis against logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats and detection ideas
  • Build response workflows and actions that auto-resolve false positives and provide context scaling our capacity to investigate
  • Support security incident response in a cross-functional environment and drive incident resolution
  • Design and implement attack testing automation to validate detection coverage
  • Build logging pipelines using our custom datasets and infrastructure
What we offer
What we offer
  • bonus
  • equity
  • benefits
Read More
Arrow Right

Endpoint Security Engineer

Join our team at AMGEN Capability Center Portugal, consistently recognized among...
Location
Location
Portugal , Lisbon
Salary
Salary:
Not provided
amgen.com Logo
Amgen
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's degree
  • Or Bachelor's degree and 2 years of experience in Information Systems, or Computer Science
  • Or Associate degree and 4 years of experience in Information Systems, or Computer Science
  • Or High school diploma / GED and 6 years of experience in Information Systems, or Computer Science
Job Responsibility
Job Responsibility
  • Be a technical engineer for a very diverse endpoint tools
  • Play a key role in designing, deploying, and maintaining solutions to build our evolving endpoint protection capabilities
  • Operate, lead, and improve multiple endpoint security technologies
  • Protect Amgen from threats inside of the company's environment within both the global corporate network and manufacturing environments
  • Operate, manage, and improve Amgen's endpoint security posture solutions
  • Identify emerging risks related to endpoint protection, advise management, and develop technical remediations to address those risks
  • Be responsible for the development of processes and procedures for multiple solutions Amgen utilizes to deliver to the promise of a secure digital workplace
  • Run multiple projects simultaneously to implement and improve the endpoint security protections and use advanced analytics to demonstrate success
  • Play a key role in educating technologists and business leaders about the security strategies
  • Work daily alongside the digital workforce experience team to specify, implement, and validate security controls for Amgen's workstation and mobile platforms
What we offer
What we offer
  • Work That Matters
  • Modern Tech Stack
  • Global Scale, Agile Mindset
  • Continuous Learning
  • AMGEN Total Rewards Plan
  • Flexibility
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

The Senior Security Engineer is a hands-on technical expert responsible for desi...
Location
Location
United States , Houston
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong hands-on experience securing Microsoft enterprise environments, including: Microsoft Entra ID identity governance and administration
  • Privileged Identity Management (PIM) implementation and operations
  • Endpoint and identity protection using Microsoft Defender XDR
  • Endpoint management and hardening with Microsoft Intune
  • Data protection and monitoring using Microsoft Purview including: Data Loss Prevention (DLP), Insider Risk Management / Insider Threat monitoring
  • Deep operational and engineering experience with: CyberArk Privileged Access Manager
  • Experience designing and managing enterprise PKI environments including: Microsoft Active Directory Certificate Services, Certificate lifecycle management platform (Keyfactor, Secitgo, etc), TLS certificate automation and renewal processes
  • Hands-on engineering experience with enterprise network security platforms: F5 BIG-IP Local Traffic Manager (LTM), F5 Advanced WAF / Web Application Firewall configuration, Load balancing architecture and traffic management, High availability and disaster recovery design for network security platforms, Cisco Secure Access – Web Security
  • Strong foundational knowledge in: Enterprise networking (routing, segmentation, firewalls, load balancing), Windows enterprise environments, Active Directory architecture and security, Authentication protocols and identity infrastructure, VMware ESXi Architecture & operation
  • Strong capability in security operations including: Threat hunting, Incident detection and response, Incident containment and remediation, Root cause analysis and post-incident improvements
Job Responsibility
Job Responsibility
  • Designing, implementing, and operating security technologies in mid-size Enterprise environment
  • Engineering, maintaining, and continuously improving enterprise security controls across identity, endpoint, network, and application security domains
  • Collaborating closely with infrastructure, networking, and development teams to ensure security controls are seamlessly integrated into enterprise systems and services
  • Strengthening and advancing the organization’s overall security posture
  • Architecting and troubleshooting production-grade deployments
  • Leading investigations and coordinating response actions
What we offer
What we offer
  • Medical, vision, dental, and life and disability insurance
  • Enrollment in company 401(k) plan
Read More
Arrow Right

Security Engineer

At Etched, building and maintaining a secure yet friction-free computing environ...
Location
Location
United States , San Jose
Salary
Salary:
150000.00 - 250000.00 USD / Year
etched.com Logo
Etched
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7+ years of experience in security engineering, SOC operations, detection engineering, incident response, or a similar role that blends hands-on technical work with analytical problem solving
  • Strong software engineering skills with Python, Go, Bash, (C and Rust a major plus), including the ability to design, implement, and maintain high-quality code, automation frameworks, services, and integrations that improve security, observability, and operational efficiency
  • Proficiency with SIEM and SOAR platforms, including experience building detections, dashboards, and automated workflows
  • Deep understanding of EDR and XDR platforms, endpoint security hardening, and telemetry collection across macOS, Linux, Windows, and server environments
  • Experience implementing or supporting zero trust architectures, including conditional access, SASE, CASB, and identity-driven access control models
  • Familiarity with IAM and SSO systems such as Okta, Google Workspace, and FreeIPA and the ability to design secure identity, access, and authentication policies
  • Strong networking knowledge, including SDWAN, VPN, IDS and IPS, firewall administration, segmentation strategy, and monitoring of network traffic for anomalies
  • Hands-on experience managing or building security telemetry pipelines, log ingestion frameworks, or observability systems that support both structured and unstructured data
  • Solid understanding of threat modeling, the MITRE ATT and CK framework, attacker tradecraft, and common detection and response patterns
  • Experience performing vulnerability assessments, penetration testing, or secure configuration reviews and collaborating with teams to remediate identified risks
Job Responsibility
Job Responsibility
  • Manage and harden security baselines across on-prem, hybrid, and cloud systems, ensuring strong protection while maintaining speed and usability
  • Integrate telemetry, logging, tracing, and management of structured, semi-structured, and unstructured data across the entire environment to provide unified and comprehensive observability into infrastructure and application activity
  • Lead vulnerability management, patching, and configuration assurance programs to reduce exposure and maintain a consistent security posture
  • Partner with infrastructure, IT, and application teams to strengthen identity, access, and network security through Okta, Google Workspace, and FreeIPA
  • Implement and maintain zero-trust network architectures, SASE controls, CASB solutions, and conditional access policies that protect both users and data across environments to ensure full access and full control of our data and IP regardless of location or device
  • Operate and enhance security operations tooling, including SIEM, SOAR, and EDR/XDR platforms, to ensure comprehensive monitoring and rapid detection of threats
  • Develop and tune detection logic, automation, and playbooks for identifying and responding to threats such as insider activity, lateral movement, and anomalous behavior
  • Investigate and respond to security incidents, performing root-cause analysis, containment, and remediation while coordinating with engineering and IT
  • Build automation, scripts, AI agents, and integrations that streamline monitoring, alerting, and remediation workflows to improve efficiency and reliability
  • Establish metrics, dashboards, and feedback mechanisms to measure detection coverage, response time, and overall security health
What we offer
What we offer
  • Full medical, dental, and vision packages, with generous premium coverage
  • Housing subsidy of $2,000/month for those living within walking distance of the office
  • Daily lunch and dinner in our office
  • Relocation support for those moving to San Jose (Santana Row)
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

The Principal Security Engineer, under the direction of the Director of Security...
Location
Location
United States , Palo Alto
Salary
Salary:
147050.00 - 220800.00 USD / Year
wsgr.com Logo
Wilson, Sonsini, Goodrich & Rosati
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • 5+ of experience in Information Security
  • One or more of the following certifications preferred: GIAC, CISSP, CISM, CEH, CIPP
  • Focus on knowledge of direct support for Security Information and Event Management (SIEM) systems (e.g. configuration of feeds, developing alarm/report concepts), Red Teaming concepts and execution, and Linux skills including command line and operational/administrative usage
  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls
  • Experience with windows desktop, server, and database security
  • Ability to identify security technology risks and perform incident response
  • Extensive knowledge of TCP/IP networking including wireless, network monitoring/design and routing
  • Extensive understanding of the cyber kill-chain
  • Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments
Job Responsibility
Job Responsibility
  • Provide subject matter expertise in information security as it relates to networks and systems
  • Manage the Firm’s security technology including but not limited to: anti-virus, vulnerability scanning, intrusion detection, content filtering, and insider threat systems
  • Review security events from all monitoring environments not integrated with the firm SIEM, and those events escalated by the SOC, on a daily basis, and follow defined incident response processes in their analysis and reporting
  • Monitor appropriate venues for threats to the security of the Wilson Sonsini Goodrich & Rosati environment. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality
  • Manage and lead evaluations of the firm’s environment by external 3rd parties. Produce recommendations that integrate any findings with the business needs of the firm
  • Maintain knowledge of the information security needs of firm clients and implement measures to satisfy those requirements in the most efficient manner
  • Keep abreast of emerging security technologies and discipline developments. Make appropriate recommendations that meet the firms needs
  • Design and build operational environments that scale to meet the needs of our security products and assure appropriate reliability
  • Support general troubleshooting related to information security tasks and provide support to end users as needed
  • Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects
What we offer
What we offer
  • discretionary year-end merit bonus based on performance
  • highly competitive salary and benefits package
  • Fulltime
Read More
Arrow Right

Insider Risk Security Manager

The Insider Risk team is primarily focused on the security of our people and dat...
Location
Location
United Kingdom , Kingston
Salary
Salary:
Not provided
unilever.com Logo
Unilever
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel
  • Proven ability to lead, develop, and motivate a team
  • The ability to lead through accountability with delegated responsibilities
  • Ability to manage conflicting priorities and multiple tasks
  • Stakeholder management and interpersonal skills at both a technical and non-technical level
  • Able to work in a collaborative environment with international team members
  • Outstanding critical reasoning and problem-solving skills
  • Customer-orientated, whether responding to queries or delivering new services
  • Skills in Programme and Project Management
  • Good experience in using Purview E Discovery
Job Responsibility
Job Responsibility
  • Ensuring the deployment and running of security tooling, in conjunction with the Tech & Ops team
  • Playing an active role in the definition and iteration of the Unilever Cyber Security transformation
  • Continuously explore and implement cost effective measures to optimize security investment
  • Influencing a broad range of stakeholders in various teams across the business, including IT architects, developers and engineers, programme managers, and business data owners
  • Managing and utilizing cyber security tooling and capabilities, including detection and monitoring activities
  • Investigating and managing investigations into any suspicious activities on our systems and taking any necessary steps to remedy them in a timely manner
  • Providing sensitive investigative services to other key UL functions
  • Reducing any risk or impact caused by a cyber incident
  • Advising the broader organization on security best practices where applicable
  • Fulltime
Read More
Arrow Right

Information Security Manager

We are looking for a Lab Security Manager who can rise to the complexity of prot...
Location
Location
United States , Austin
Salary
Salary:
152000.00 - 228000.00 USD / Year
amd.com Logo
AMD
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Background in semiconductor, hardware engineering, or other R&D-intensive industries where pre-release IP protection is mission-critical
  • Experience evaluating and securing connectivity to ODC (Outsourced Design Center) or OSAT (Outsourced Semiconductor Assembly and Test) partners, or equivalent third-party manufacturing and engineering partners in the semiconductor supply chain
  • Experience securing AI/ML compute infrastructure, including familiarity with GPU cluster deployments, fabric interconnects, and associated operational environments
  • One or more relevant certifications: CISSP, CISM, GIAC or equivalent
  • Experience working in or alongside a Security Operations Center (SOC), including familiarity with SIEM platforms, UEBA tools, and alert triage workflows
  • Prior experience in a role that required coordination across physical security, IT security, and legal/compliance functions simultaneously
  • BS/MS preferred in related field
  • SANS, MCSE, RHCSS, CISSP, CISA, CISM certification(s)
Job Responsibility
Job Responsibility
  • Define and enforce security standards across global labs and compute facilities
  • Partner with facilities teams to embed security into lab design and operations
  • Maintain site-specific security plans for critical locations
  • Establish security controls for large-scale compute environments (e.g., GPU clusters, AI farms)
  • Enforce network segmentation, monitoring, and anomaly detection
  • Mitigate risks at the intersection of physical and logical access
  • Lead protection of sensitive IP, including pre-release hardware and software
  • Develop insider threat controls and collaborate with HR, Legal, and SOC
  • Manage protocols for handling sensitive assets, visitors, and contractors
  • Ensure compliance with EAR, ISO, NIST, and other frameworks
  • Fulltime
Read More
Arrow Right