Key skills
Insider threat investigationsIncident responseThreat intelligence analysisSOAR/SIEM platformsUser Entity Behavior AnalyticsData Loss Prevention toolsCloud IT environmentsInformation security frameworksStakeholder managementTrainingeducationRelevant certificationscommunication skillsTeam collaborationAnalyticsLeadershipStakeholder ManagementCommunicationCollaboration
About this role
DoorDash is a technology and logistics company focused on empowering local economies through delivery services. The Insider Threat Investigator will be responsible for monitoring, detecting, investigating, and responding to anomalous events that may pose risks to the company, collaborating with various internal teams and developing preventative controls.
Responsibilities:
- Use monitoring and detection platforms to investigate anomalous activity for potential insider risk
- Advise and assist in the onboarding and implementation of custom tooling designed to alert on anomalous behaviors
- Create and maintain a use case library to inform detections, and develop corresponding playbooks and escalation procedures
- Create standard operating procedures and cross-functional processes to govern investigation and response collaboration between teams
- Prepare investigative reports and briefings for leadership
- Maintain chain-of-evidence and engage with External Law Enforcement, when required
- Lead training or other education and awareness opportunities for the enterprise as required
Requirements:
- 7+ years of experience in federal law enforcement, incident response, or insider threat investigations
- Experience with a broad range of technologies including endpoint detection and network technologies, SOAR/SIEM platforms, User Entity Behavior Analytics (UEBA) platforms, and User Activity Monitoring (UAM), and Data Loss Prevention (DLP) tools
- Deep experience in conducting ethical, legal, complex investigations
- Understanding of cloud and distributed IT environments
- Familiarity with log sources, forwarders, parsing, and data pipelines
- Experience partnering with cross functional teams to support an investigation
- Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck and NIST)
- Excellent verbal and written communication, presentation, and stakeholder management skills
- Relevant certifications (e.g. CDITR, SEI certs, ACFE, ATAP)
- Must be comfortable regularly exercising discretion and independent judgment in performing job duties, including evaluating options, making informed decisions, and determining appropriate courses of action within the scope of assigned responsibilities