Insider Risk Engineer

Dragonfli Group

. Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering .

Posted 4/20/2026contractRemote • 🇺🇸 United StatesSeniorLeadWebsite

Tech Stack

Tools & technologies

Cyber SecuritySplunk

About the role

Key responsibilities & impact

Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering
Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives
Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity
Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement
Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse
Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation
Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents
Develop and maintain playbooks and response workflows for insider risk scenarios
Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies
Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage
Support continuous improvement across Splunk, CrowdStrike, Microsoft, DLP, Databricks, and SOAR platforms
Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses
Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture
Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status

Requirements

What you’ll need

7+ years of experience in cybersecurity, security operations, threat detection, insider risk, or incident response
3-5+ years of hands-on Splunk experience including Splunk Enterprise Security, UEBA, content development, alerting, and dashboarding
Demonstrated experience writing and optimizing Splunk Search Processing Language (SPL)
Experience with CrowdStrike Falcon including alert triage, incident response support, detection tuning, and false positive reduction
2+ years of investigation experience involving insider risk, security incidents, technical investigations, intellectual property matters, fraud, or related areas
Experience developing and improving detection use cases, playbooks, and operational workflows
Experience working in a heavily regulated environment (federal or financial sector preferred)
Strong analytical, communication, and stakeholder coordination skills
U.S. Citizenship required

Benefits

Comp & perks

Insurance - health, dental, and vision
Paid Time Off (PTO) and 11 Federal Holidays
401(k) employer match

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Splunk Enterprise SecuritySPL (Search Processing Language)CrowdStrike Falcondata exfiltration detectionanomalous user behavior detectionincident responsealert tuningcorrelation rules developmentdashboard creationplaybook development

Soft Skills

analytical skillscommunication skillsstakeholder coordinationleadershipinvestigation skillsproblem-solvingteam collaborationincident triagepresentation skillsoperational maturity improvement