Tech Stack

Description

You will lead investigations into insider threats and fraud involving employees, analyzing telemetry from various systems, partnering with stakeholders to improve controls, and delivering clear briefings. This role is critical to protecting SoFi's assets and ensuring a secure environment.

Requirements

• 8+ years of experience in Insider Threat, Security Operations, Digital Forensics, Insider Response, or Corporate Investigations
• Experience reviewing and correlating endpoint, application, and network logs
• Familiarity with SIEM, UEBA, DLP, and EDR tools
• Proficient in interpreting evidence and reconstructing events
• Excellent written and verbal communication skills

Responsibilities

• Conduct end-to-end investigations into insider risk activity such as data exfiltration, policy violations, fraud, IP theft, sabotage, and misuse of company resources
• Review and analyze telemetry including endpoint, identity, SaaS, application, and network logs; correlate events to build investigative timelines and attribution
• Partner with stakeholders to deploy detections and implement strategies to prevent malicious activities by improving internal controls, policies, and procedures
• Coordinate with law enforcement, legal counsel, and regulatory bodies when necessary
• Deliver clear, concise briefings to technical and non-technical stakeholders; maintain case management system hygiene