CrawlJobs Logo

Senior Security Investigator

United States, Seattle 180000.00 - 200000.00 USD / Year · Job Posted January 31, 2026
Apply Position
Job Link Share

Job Description

The CyberSecurity Incident Response team (CIRT) is at the forefront of protecting Uber. We are a hands-on, fast-paced team that responds to security incidents, conducts forensic investigations, and builds automated solutions to scale our defenses. As a Senior Security Investigator, your role is to lead complex, high-impact security investigations across a global, large-scale environment. This role is ideal for a seasoned security professional who excels at uncovering sophisticated threats, driving automation at scale, shaping investigative strategy, and mentoring teams to deliver world-class response. You will partner with Security Engineering, Detection & Response, Threat Intelligence, Legal, HR, and Executive Leadership to contain threats, protect user and corporate data, and elevate our overall security posture.

Job Responsibility

  • Lead complex security investigations end-to-end and perform deep forensic analysis across endpoints, cloud environments, identity systems, networks, and application logs to uncover root cause and attack paths.
  • Own & Build automation and tooling to accelerate evidence collection, log enrichment, triage workflows, and decision-making at global scale.
  • Improve detection and response capabilities by partnering with Threat Intelligence, Detection Engineering, and Platform teams.
  • Lead major cross-functional security initiatives that strengthen investigative readiness, digital forensics, cloud incident response, and threat-hunting capabilities.
  • Mentor and develop investigators and analysts, providing technical guidance, reviewing casework, and elevating investigative rigor.
  • Continuously evolve investigation methodology by analyzing trends, identifying gaps, and embedding lessons learned back into the security ecosystem.

Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in Security Investigations, Incident Response, Threat Hunting, or Digital Forensics within large-scale or high-risk environments.
  • Proven expertise with forensic tooling, log analysis, SIEM platforms, EDR solutions, and cloud investigation workflows (AWS/GCP/Azure).
  • Strong understanding of attacker TTPs, modern threat landscape, and frameworks like MITRE ATT&CK.
  • Hands-on experience building automation using Python, APIs, SOAR, or equivalent frameworks.
  • Ability to lead complex investigations end-to-end and communicate findings effectively to senior leadership.
  • Experience running or contributing to large cross-company security projects.

Nice to have

  • Experience in a large-scale, global, distributed systems environments
  • Knowledge of identity ecosystems (Okta, Azure AD), container security, and SaaS platform logs.
  • Experience in a programming language (e.g., Python, Go, C++, Java, etc) for incident response related automation and data analysis.
  • Experience with GenAI in incident response and investigations is a plus.
  • Experience mentoring or leading security teams.

What we offer

  • Eligible to participate in Uber's bonus program
  • May be offered an equity award & other types of comp
  • Eligible for various benefits (details at provided link)

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Security Investigator

8 matching positions

Senior Security Investigator

Do you have a passion for security and excitement about impacting some of the la...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Cyber Security, or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
  • Active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph
  • Verification of U.S. citizenship
Job Responsibility
Job Responsibility
  • Skilled working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, Splunk, and Power BI
  • Perform investigation on suspected vulnerable or compromised assets and services, and analyze log data and other artifacts to determine what occurred
  • Identify potential issues with detection (e.g., false positives, noise)
  • Analyze potential or actual intrusions identified as a result of monitoring activities
  • Create detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP])
  • Continue to drive automation of detection and response
  • Plan and execute proactive adversary hunt for malicious activity using myriad log sources, network- and host-based tools, and threat intelligence to identify the threat actors and their tools and techniques
  • Analyze key metrics and key performance indicators (KPIs) and other data sources (e.g., bugs, unhealthy data pipeline) and identifies trends in security issues and escalates appropriately
  • Recommend improvements and/or metrics to address gaps in measurement
  • Proactively identify and investigate potential issues in controls (e.g., network, identity, etc.)
  • Fulltime
Read More
Arrow Right

Senior Security Investigator - CTJ - Poly

Do you have a passion for security and excitement about impacting some of the la...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Cyber Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements
  • The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph
  • This position requires verification of U.S. citizenship due to citizenship-based legal restrictions
Job Responsibility
Job Responsibility
  • Skilled working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, Splunk, and Power BI
  • Perform investigation on suspected vulnerable or compromised assets and services, and analyze log data and other artifacts to determine what occurred
  • Identify potential issues with detection (e.g., false positives, noise). Analyze potential or actual intrusions identified as a result of monitoring activities. Create detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Continue to drive automation of detection and response
  • Plan and execute proactive adversary hunt for malicious activity using myriad log sources, network- and host-based tools, and threat intelligence to identify the threat actors and their tools and techniques
  • Analyze key metrics and key performance indicators (KPIs) and other data sources (e.g., bugs, unhealthy data pipeline) and identifies trends in security issues and escalates appropriately. Recommend improvements and/or metrics to address gaps in measurement
  • Proactively identify and investigate potential issues in controls (e.g., network, identity, etc.). Leverage expertise and team members to address and drive down issues accordingly. Identify and/or recognize patterns and recommend potential mitigation strategies
  • Identify and raise opportunities for automation to improve efficiency and effectiveness. Create automation as appropriate to drive greater efficiency with high value
What we offer
What we offer
  • Certain roles may be eligible for benefits and other compensation
  • Fulltime
Read More
Arrow Right

Senior Field Security Investigator

We have an exciting opportunity to join the SIU team as a Senior Field Security ...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • An associate or bachelor’s degree in criminal justice or a related field
  • Five years of insurance claims investigative experience (includes TCR1, TCR2, CU, PIP technical and/or PIP litigation desk experience), professional investigation experience with law enforcement agencies
  • Seven years of professional investigation experience involving economic or insurance related matters
  • Experience handling in-person or phone statements from various parties in an investigation
  • Ability to gather a broad range of evidence related to an investigation and draw conclusions
  • Demonstrated ability to organize and prioritize investigative volume workloads and stressful situations
  • Must be able to always maintain a professional attitude and appearance
  • Must be able to document files in a clear, concise, professional written manner
  • Must be able to obtain and maintain a valid driver’s license, certifications and permits
  • Must be able to lift and carry materials and equipment
Job Responsibility
Job Responsibility
  • Conduct investigations of suspected cases of fraud or other illegal activities against the Company
  • Interviewing, database inquiries, taking statements, and locating sources of information and witnesses
  • Evaluating information to determine its credibility
  • Referring, and coordinating investigation assignments to outside agencies
  • Providing training and support to all departments in the claims handling process
What we offer
What we offer
  • Comprehensive Total Rewards program
  • 401K savings plan vested from day one that offers a 6% match
  • Performance and recognition-based incentives
  • Tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Workplace flexibility
  • GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Senior Global Security Investigator

We are seeking a senior Global Security Investigator with a technical background...
Location
Location
United States , San Francisco; Seattle; New York City; Washington, DC
Salary
Salary:
288000.00 - 500000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Criminal Justice, Cybersecurity, or a related field (or equivalent experience)
  • 8+ years of investigative experience in counterintelligence, insider risk, forensic investigations, cybersecurity, supply chain security, or related domains
  • Unimpeachable integrity, sound judgment, and the ability to handle confidential matters with discretion
  • An active US security clearance, or willingness and eligibility to obtain one
  • Deep specialization in geopolitical threat domains, with hands-on experience identifying, assessing, and mitigating adversarial risks through tailored countermeasures
  • Expert knowledge of common security tooling, including EDR, DLP, UEBA, SIEM, SOAR and other related platforms
  • Demonstrated ability to independently write complex queries, automate data workflows, and analyze structured datasets
  • Excellent written and verbal communication skills, including the ability to distill complex findings into clear, actionable reports and explain technical issues to non-technical stakeholders
  • Exceptional collaboration skills with the ability to work across diverse teams (HR, Legal, IT, etc.) to lead projects and investigations with minimal guidance
Job Responsibility
Job Responsibility
  • Independently conduct comprehensive security investigations from initial detection to resolution, including cases involving insiders, external actors, and supply chain and third-party risks
  • Lead proactive, data-driven threat-hunting efforts that weave together disparate signals to surface undetected insider or external threats before they escalate into incidents
  • Perform comprehensive technical analysis of complex hardware, software, and supplier supply chains to identify, enumerate, and mitigate risks
  • Partner closely with cross-functional teams, including Human Resources, Legal, Security, and IT, and external stakeholders or law enforcement when necessary
  • Collaborate with technical counterparts to enhance detections, resolve telemetry gaps, and implement new capabilities to identify security issues involving cyber, physical, and human domains
  • Collect, preserve, and analyze evidence from a variety of sources, including log data, digital forensics, subject interviews, access records, threat intelligence, and open-source intelligence (OSINT), to support investigative findings
  • Continuously improve investigative procedures and security controls based on investigations and lessons learned
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Security Incident Response

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • equivalent experience
  • Active U.S. Government Secret Security Clearance
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • U.S. citizenship verification
Job Responsibility
Job Responsibility
  • Coordinate with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services
  • Conduct hands-on mitigation where possible
  • engages service owners when there is a risk of a production outage
  • Maintain hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams
  • Brief executive stakeholders on eviction plans and associated status
  • Maintain and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities
  • Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform
  • operationalize as they are delivered
  • Drive strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features)
  • Participate in an on-call rotation
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Security Operations

The senior security engineer role provides a unique opportunity to shape the sec...
Location
Location
United States , REMOTE; SAN FRANCISCO; ROSEVILLE; LEHI; WEST PALM BEACH; IRVINE
Salary
Salary:
146000.00 - 170000.00 USD / Year
goodleap.com Logo
GoodLeap
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences
  • Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations
  • Experience with threat modeling methodologies
  • Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR
  • Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus)
  • Proven ability to establish credibility and build trust with business, engineers, and operational staff
  • Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce
  • Experience working with and creating solutions based AI and ML toolsets – e.g., creation of AI skills, agents, MCP clients, vibe coding
  • Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases
  • Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK
Job Responsibility
Job Responsibility
  • Lead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting,etc. Create playbooks for specific incident response scenarios
  • Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios
  • Support or develop components of the security analytics platform
  • Support embedded (product) security team
  • Support general security operations team with vulnerability management, tools management, and more
What we offer
What we offer
  • bonus
  • equity
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Security Incident Response

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Multiple Locations
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • equivalent experience
  • Active U.S. Government Secret Security Clearance
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Coordinates with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services
  • Conducts hands-on mitigation where possible
  • engages service owners when there is a risk of a production outage
  • Maintains hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams
  • Briefs executive stakeholders on eviction plans and associated status
  • Maintains and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities
  • Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform
  • operationalize as they are delivered
  • Drives strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features)
  • Participates in an on-call rotation
  • Fulltime
Read More
Arrow Right

Senior Security Software Engineer - Security Operations

The Role GM’s Cybersecurity Team safeguards the company’s global information ass...
Location
Location
United States , Warren
Salary
Salary:
125200.00 - 158600.00 USD / Year
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years in software security engineering
  • advanced proficiency in modern programming languages
  • Expert in API development, microservices, event streaming, and idempotent integration patterns
  • Experience deploying software using any modern CI/CD pipeline and automated delivery practices
  • Hands-on with security tooling integrations (e.g., SIEM, EDR, SSPM)
  • Proven AI integration experience: LLM agents, embeddings, vector databases, RAG, prompt engineering
  • Cloud proficiency (Azure/AWS/GCP) and IaC (Terraform/Bicep/ARM/CloudFormation)
  • Data engineering fluency: ETL/ELT, schema design, normalization/enrichment
  • formats (JSON, YAML, syslog, STIX/TAXII)
  • Excellent cross-functional communication
Job Responsibility
Job Responsibility
  • Own architecture & delivery for complex integration services (APIs, microservices, event-driven workflows) with production SLIs/SLOs
  • Build AI-driven workflows (RAG, summarization, classification, agents) that augment investigations, triage, and orchestration
  • Create reusable connectors bridging SIEM/EDR/IAM/SSPM/ITDR/ITSM and cloud telemetry with robust error handling, retries, and DLQs
  • Implement security automation (SOAR-like playbooks) that enrich alerts and trigger deterministic + AI-assisted responses
  • Harden and observe services with CI/CD, automated testing, performance profiling, metrics, and incident runbooks
  • Mentor engineers and lead technical design reviews, coding standards, and reference implementations
  • Translate requirements into clear epics/roadmaps
  • align stakeholders and deliver on time with quality
What we offer
What we offer
  • medical
  • dental
  • vision
  • Health Savings Account
  • Flexible Spending Accounts
  • retirement savings plan
  • sickness and accident benefits
  • life insurance
  • paid vacation & holidays
  • incentive pay program based on company, job level, and individual performance
  • Fulltime
Read More
Arrow Right