[Remote] Senior Information Security Engineer- DLP/Insider Threat
Note: The job is a remote job and is open to candidates in USA. athenahealth is a company focused on creating a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all. They are seeking a Senior Information Security Engineer- DLP/Insider Threat to protect sensitive data and improve data loss prevention and insider risk capabilities across various platforms. The role involves hands-on engineering tasks, including tool configuration, alert tuning, and cross-functional collaboration to safeguard sensitive information.
Responsibilities
- DLP and insider risk platform operations
- Configure, monitor, and tune DLP, UEBA, DSPM/SSPM, and insider risk controls
- Support tools such as Cyberhaven, Proofpoint, CrowdStrike, and Splunk
- Maintain policies, classifiers, thresholds, exceptions, alert routing, and workflow logic
- Support protection for PHI, PII, confidential business data, IP, credentials, and other sensitive data
- Tooling, telemetry, and troubleshooting
- Troubleshoot tooling issues, endpoint policy behavior, telemetry gaps, alert quality, and coverage concerns
- Validate data flows, integrations, event quality, and control effectiveness with platform owners and security partners
- Identify improvements that reduce false positives, increase detection fidelity, and improve reliability
- Alert triage and investigation
- Triage alerts involving sensitive data movement, endpoint activity, SaaS usage, email exfiltration, external sharing, removable media, personal cloud storage, unusual user behavior, and AI tool usage
- Escalate cases to the Cybersecurity Operations Center as needed
- Correlate findings across security tools when needed
- Data exposure and control improvement
- Investigate data movement and user activity to identify policy tuning opportunities and potential incidents
- Assess potential sensitive data exposure through AI workflows where telemetry is available
- Recommend and help implement improvements that reduce data loss risk while preserving productivity and user experience
- Process, reporting, and cross-functional support
- Maintain playbooks, SOPs, dashboards, metrics, reports, escalation paths, and evidence-handling practices
- Partner with Incident Response, Cloud Security, Access Control, Endpoint Engineering, Privacy, Legal, Compliance, HR, and business stakeholders
- Support alert routing, case workflows, integrations, and automation improvements
- Support audits, control testing, and reporting related to HIPAA, data protection, and information security requirements
- Team support and on-call coverage
- Cross-train team members in tool administration, workflows, and troubleshooting
- Serve as backup support for team responsibilities and workflows
- Participate in 24x7 on-call responsibilities
Skills
- Bachelor's degree or equivalent practical experience
- Strong foundational skills in operating system, hardware, software, and network troubleshooting
- Experience in information security, DLP, insider risk, UEBA, security operations, endpoint security, data/SaaS/AI security posture management, email security, or related technical security work
- Hands-on experience administering, monitoring, or tuning enterprise security tools such as DLP, insider risk, UEBA, email security, endpoint security, cloud security posture, secrets detection, SIEM, or case management platforms
- Experience supporting data protection controls across cloud, SaaS, endpoint, email, repository, data storage, or AI-enabled environments
- Experience analyzing alerts, logs, user activity, endpoint activity, email events, cloud findings, repository findings, or data movement patterns
- Experience administering end-user computers and troubleshooting issues as they arise
- Knowledge of DLP, insider risk, UEBA, email security, cloud exposure, secrets detection, endpoint telemetry, and common exfiltration paths
- Ability to configure, tune, and troubleshoot tools such as Cyberhaven, Proofpoint, Orca, GitGuardian, CrowdStrike, Splunk, or similar platforms
- Understanding of PHI, PII, ePHI, confidential business data, intellectual property, credentials, and regulated data handling
- Ability to investigate alerts systematically, separate signal from noise, document findings, and escalate appropriately
- Strong judgment, discretion, and integrity when handling sensitive information
- Clear written and verbal communication skills for both technical and non-technical stakeholders
- Ability to work independently, follow through on commitments, and manage competing priorities
- Familiarity with Microsoft Purview eDiscovery and ticketing systems such as ServiceNow and Jira
- Helpful certifications or training may include Security+, GCIH, GCFE, CDPSE, CIPP/US, AIGP, CCSK, Microsoft SC-401, or insider risk training, but they are not required
Benefits
- Short and long-term incentives by way of an annual discretionary bonus plan, variable compensation plan, and equity plans
- Health and financial benefits
- Commuter support
- Employee assistance programs
- Tuition assistance
- Employee resource groups
- Collaborative workspaces
- Flexibility
- Sponsor events throughout the year, including book clubs, external speakers, and hackathons
- Company culture based on learning, the support of an engaged team, and an inclusive environment where all employees are valued
Company Overview