Posted 2 months ago

Information Security Engineer - Insider Risk

WashingtonOn-siteFull-time

AI Summary

Insider Threat Detection Engineer focusing on building and automating detection/investigation workflows, analyzing cross-platform telemetry, and strengthening Palantir's insider risk defenses.

About this role

A World-Changing Company

Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more.

The Role

As an Insider Threat Detection Engineer, you are responsible for protecting Palantir's people, data, and most sensitive assets across the globe. Your technical expertise is matched by your integrity and genuine passion for security. You work well on a team, are highly motivated, and thrive on solving problems and taking on new challenges.

Your team serves as a critical line of defense, responsible for the 24/7 prevention, detection, and investigation of security events and active threats across Palantir's environment. This role focuses on all aspects of Detection and Response with a strong emphasis on identifying and mitigating insider risks. Your work will directly impact the success of Palantir's mission by making it difficult for adversaries — both external and internal — to compromise our global network.

Core Responsibilities

Engineer and automate end-to-end detection and investigation workflows, continuously improving Detection and Response infrastructure

Develop alerting and detection strategies to identify malicious or anomalous behavior, including new and novel defensive techniques that adapt to evolving adversary tactics and tradecraft

Dissect network, host, memory, and other artifacts originating from multiple operating systems and applications.

Investigate security events and active attacks across the enterprise, uncovering sophisticated threats and identifying patterns of behavior that indicate insider risk

Influence and inform security controls designed to safeguard Palantir's most critical assets

Partner closely with other members of the Information Security team to lead changes in the company's network defense posture.

What We Value

Broad exposure to multiple security subject areas, including a strong background in forensics or threat intelligence

Deep exposure in Incident Response or Detection Engineering

Desire to further the information security community through substantive contributions (e.g. conference talks, blog posts, public tool development, etc.)

Comfort in operating autonomously and engaging across business levels to advise on security outcomes.

What We Require

Extensive security experience (3+ years) in at least one major platform (e.g. AWS, Azure, Windows, OS X, Linux, etc.)

Proficiency in Python (preferred), PowerShell, or similar

Familiarity with endpoint telemetry and log sources from at least one major operating system

Experience with common SIEM/SOAR platforms and proficiency writing queries against security event data

Active TS/SCI security clearance or eligibility to obtain a security clearance.

Skills

AutomationCloud Platforms (AWS/Azure)Data AnalyticsEndpoint TelemetryHost ForensicsIncident ResponseLinuxLog AnalysisMalware AnalysisMemory ForensicsNetwork ForensicsOS XPowerShellPythonQuery LanguagesSIEMSOARThreat HuntingWindows