Insider Threat, Forensic Security Engineer

Are you prepared to join the X team and help build the ultimate real-time information-sharing app, revolutionizing how people connect? At X, we’re on a mission to become the trusted global digital public square, committed to protecting freedom of speech and building the future unlimited interactivity. Our goal is to empower every user to freely create and share ideas, fostering open public discourse without barriers. Join us in shaping this thrilling journey where your contribution will be invaluable to our success!

  

Insider Threat, Forensic Security Engineer
Location: Palo Alto or San Jose
Salary Range (US locations only): $127,000 to $297,000 + Equity

_

Who We Are:

X serves our community of users and customers by working tirelessly to preserve free expression and choice, create limitless interactivity, and create a marketplace that enables the economic success of all its participants.

What You’ll Do:

As a Forensic Security Engineer on the Insider Threat team at X, you’ll be a critical member of our industry leading Investigation team. You’ll be responsible for investigating, analyzing, and mitigating security incidents. This role leverages forensic expertise, investigative skills, and advanced technology to identify root causes of security breaches, assess risks, and recommend countermeasures to protect organizational assets and data.

Your role will involve working alongside the Information Security  teams, various Engineering teams, and Legal, Human Resources, Information Technology, and external partnerships  to protect our platform, users, and internal data..

You Will:

• Conduct detailed forensic investigations of insider threat incidents, including unauthorized access, data exfiltration, intellectual property theft, sabotage, and other malicious activities.

• Analyze system logs, network traffic, endpoint data, and other digital evidence to reconstruct events and identify suspicious patterns or behaviors.

• Collaborate with the Insider Threat Team to assess potential threats, evaluate intent, and develop actionable intelligence.

• Prepare comprehensive reports on findings, including technical analyses, timelines, and root cause assessments, for internal and external stakeholders.

• Support incident response efforts by providing forensic expertise, evidence preservation, and recommendations for containment and remediation.

• Utilize forensic tools and techniques to identify vulnerabilities and gaps in existing systems, processes, and technologies.

• Partner with legal, human resources, and compliance teams to ensure investigations align with organizational policies and regulatory requirements.

• Stay current on emerging insider threat tactics, forensic methodologies, and security technologies to continuously improve team capabilities.

• Develop and implement preventative measures, including security controls and awareness programs, to reduce the likelihood of insider incidents.

You Have:

• 5+ years of relevant experience in digital forensics and insider risk management.

• Bachelor’s degree in Computer Science, Cybersecurity, Digital Forensics, or related field. 

• Relevant certifications, such as GCFA, GREM, EnCE, CISSP, or CISM.

• Proven experience in digital forensics, incident response, or insider threat investigations.

• Expertise in forensic tools and platforms, including EnCase, Cellebrite, or similar technologies.

• Extensive knowledge: of digital forensics; insider threats; maintaining the chain of custody for digital evidence; and practical experience with contemporary SIEM/SOAR/UEBA tools.

• Proficiency in writing and maintaining scripts in languages such as Python and SQL. 

• Strong knowledge of operating systems (Windows, macOS, Linux), file systems, and network protocols.

• Familiarity with insider threat detection frameworks, behavioral analytics, and risk indicators, as well as security concepts like DLP, eDiscovery, Digital Forensics, SIEM/EDR, and Incident Response.

• Strong analytical and problem-solving capabilities; excellent communication; ability to work both collaboratively and independently; and adaptability to changing threats and technologies.