Staff Detection Engineer, Insider Threat

Security is a primary competency at Coinbase, and the Security Operations team keeps a watchful eye over every aspect of it. Every day, we go to battle against some of the most sophisticated attackers in the world to protect billions of dollars worth of digital assets and ensure that our customers and employees can enjoy a safe, trusted experience. As Coinbase scales globally, our team is scaling along with it, using a blend of tooling, automation, and strategic team growth to ensure that we’re well-equipped to protect the next billion users of crypto.

What you’ll be doing (ie. job duties):

The Security Operations group is a multi-functional organization that includes our CSIRT, Trust & Safety, Threat Intelligence, and Insider Threat. While no two days will end up looking the same, generally-speaking you’ll be responsible for the following things:

Building and implementing detections, preventions, security controls, and automations to not only deter insider threats but improve holistic security posture
Testing and maintaining security tooling, particularly for endpoint detection and investigation
Collaborating cross-functionally with Security, Infrastructure, IT, and Legal to obtain necessary technical information and to evaluate and advise them of downstream impacts of their builds/deployments
Linking disparate information such that it can be aggregated, visualized, and interpreted for indications of threat (via query builds, table joins, etc.)
Assisting with investigations as needed (this may involve rapidly building tools or extending capabilities to aid response efforts).
What we look for in you (ie. job requirements):

You’ll be much more likely to be successful in this role if these bullet points seem like a good description of you:

You have experience designing and implementing Insider Threat technologies (such as Security Information Event Management - SIEM, User Behavioral Analytics - UBA, Data Loss Prevention - DLP) and an understanding of investigations and/or the intelligence cycle
You are comfortable manipulating logs, tables, and data lakes to engineer custom detections and dashboards
You’ve mastered SQL and coding languages like Python and regularly manipulate logs to create custom alerts and automations with SOAR
You are comfortable working cross-functionally with infrastructure, IT, and response teams to design and implement technical controls
You are actively aware of the insider threat landscape, and understand the legal, regulatory, and ethical considerations of working with sensitive information and situations
You are discreet, thoughtful, and seek to coordinate systemic, cross functional solutions to mitigate risk
You are adept at translating complex problems into ‘byte-sized’, readily implemented (and preferably automated) solutions
You have excellent verbal and written communication skills. Other team members ask for your input to communicate clearly and concisely and you are comfortable composing briefs and assessments consumed by leadership and training others
You prefer to play as a team and are equally comfortable as the ‘novice’ or the ‘expert’
You know that people aren’t stupid, but everyone makes mistakes. Your high degree of empathy means that your coworkers trust you to help tackle their security problems, because you never come across as judgmental or condescending.
You are a unicorn who is equally comfortable behind the keyboard or in front of security leaders
You bring 5-10 years or more of combined experience in security/technology or other analytic roles