WithMiraRemote IT finder
athenahealth

Senior Information Security Engineer- DLP/Insider Threat

Remote Information Security Engineering role with clear candidate location fit.

PostedJun 19, 2026
Eligible countries62 accepted countries
Seniority signalSenior
Work settingRemote
Accepted candidate locations
AlgeriaArgentinaAustraliaBangladeshBotswanaBrazil+56 more
Spark
Role overview

Senior Information Security Engineer- DLP/Insider Threat

Requirements and responsibilities

Readable role content extracted into sections for faster review.

Essential Job Responsibilities

  • DLP and insider risk platform operationsConfigure, monitor, and tune DLP, UEBA, DSPM/SSPM, and insider risk controls.Support tools such as Cyberhaven, Proofpoint, CrowdStrike, and Splunk.Maintain policies, classifiers, thresholds, exceptions, alert routing, and workflow logic.Support protection for PHI, PII, confidential business data, IP, credentials, and other sensitive data.
  • Configure, monitor, and tune DLP, UEBA, DSPM/SSPM, and insider risk controls.
  • Support tools such as Cyberhaven, Proofpoint, CrowdStrike, and Splunk.
  • Maintain policies, classifiers, thresholds, exceptions, alert routing, and workflow logic.
  • Support protection for PHI, PII, confidential business data, IP, credentials, and other sensitive data.
  • Tooling, telemetry, and troubleshootingTroubleshoot tooling issues, endpoint policy behavior, telemetry gaps, alert quality, and coverage concerns.Validate data flows, integrations, event quality, and control effectiveness with platform owners and security partners.Identify improvements that reduce false positives, increase detection fidelity, and improve reliability.
  • Troubleshoot tooling issues, endpoint policy behavior, telemetry gaps, alert quality, and coverage concerns.
  • Validate data flows, integrations, event quality, and control effectiveness with platform owners and security partners.
  • Identify improvements that reduce false positives, increase detection fidelity, and improve reliability.
  • Alert triage and investigationTriage alerts involving sensitive data movement, endpoint activity, SaaS usage, email exfiltration, external sharing, removable media, personal cloud storage, unusual user behavior, and AI tool usage.Escalate cases to the Cybersecurity Operations Center as needed.Correlate findings across security tools when needed.
  • Triage alerts involving sensitive data movement, endpoint activity, SaaS usage, email exfiltration, external sharing, removable media, personal cloud storage, unusual user behavior, and AI tool usage.
  • Escalate cases to the Cybersecurity Operations Center as needed.
  • Correlate findings across security tools when needed.
  • Data exposure and control improvementInvestigate data movement and user activity to identify policy tuning opportunities and potential incidents.Assess potential sensitive data exposure through AI workflows where telemetry is available.Recommend and help implement improvements that reduce data loss risk while preserving productivity and user experience.
  • Investigate data movement and user activity to identify policy tuning opportunities and potential incidents.
  • Assess potential sensitive data exposure through AI workflows where telemetry is available.
  • Recommend and help implement improvements that reduce data loss risk while preserving productivity and user experience.
  • Process, reporting, and cross-functional supportMaintain playbooks, SOPs, dashboards, metrics, reports, escalation paths, and evidence-handling practices.Partner with Incident Response, Cloud Security, Access Control, Endpoint Engineering, Privacy, Legal, Compliance, HR, and business stakeholders.Support alert routing, case workflows, integrations, and automation improvements.Support audits, control testing, and reporting related to HIPAA, data protection, and information security requirements.
  • Maintain playbooks, SOPs, dashboards, metrics, reports, escalation paths, and evidence-handling practices.
  • Partner with Incident Response, Cloud Security, Access Control, Endpoint Engineering, Privacy, Legal, Compliance, HR, and business stakeholders.
  • Support alert routing, case workflows, integrations, and automation improvements.
  • Support audits, control testing, and reporting related to HIPAA, data protection, and information security requirements.
  • Team support and on-call coverageCross-train team members in tool administration, workflows, and troubleshooting.Serve as backup support for team responsibilities and workflows.Participate in 24x7 on-call responsibilities.
  • Cross-train team members in tool administration, workflows, and troubleshooting.
  • Serve as backup support for team responsibilities and workflows.
  • Participate in 24x7 on-call responsibilities.

DLP and insider risk platform operations

  • Configure, monitor, and tune DLP, UEBA, DSPM/SSPM, and insider risk controls.
  • Support tools such as Cyberhaven, Proofpoint, CrowdStrike, and Splunk.
  • Maintain policies, classifiers, thresholds, exceptions, alert routing, and workflow logic.
  • Support protection for PHI, PII, confidential business data, IP, credentials, and other sensitive data.

Tooling, telemetry, and troubleshooting

  • Troubleshoot tooling issues, endpoint policy behavior, telemetry gaps, alert quality, and coverage concerns.
  • Validate data flows, integrations, event quality, and control effectiveness with platform owners and security partners.
  • Identify improvements that reduce false positives, increase detection fidelity, and improve reliability.

Alert triage and investigation

  • Triage alerts involving sensitive data movement, endpoint activity, SaaS usage, email exfiltration, external sharing, removable media, personal cloud storage, unusual user behavior, and AI tool usage.
  • Escalate cases to the Cybersecurity Operations Center as needed.
  • Correlate findings across security tools when needed.

Data exposure and control improvement

  • Investigate data movement and user activity to identify policy tuning opportunities and potential incidents.
  • Assess potential sensitive data exposure through AI workflows where telemetry is available.
  • Recommend and help implement improvements that reduce data loss risk while preserving productivity and user experience.

Details

  • Maintain playbooks, SOPs, dashboards, metrics, reports, escalation paths, and evidence-handling practices.
  • Partner with Incident Response, Cloud Security, Access Control, Endpoint Engineering, Privacy, Legal, Compliance, HR, and business stakeholders.
  • Support alert routing, case workflows, integrations, and automation improvements.
  • Support audits, control testing, and reporting related to HIPAA, data protection, and information security requirements.

Team support and on-call coverage

  • Cross-train team members in tool administration, workflows, and troubleshooting.
  • Serve as backup support for team responsibilities and workflows.
  • Participate in 24x7 on-call responsibilities.

Expected Education & Experience

  • Bachelor’s degree or equivalent practical experience.
  • Strong foundational skills in operating system, hardware, software, and network troubleshooting.
  • Experience in information security, DLP, insider risk, UEBA, security operations, endpoint security, data/SaaS/AI security posture management, email security, or related technical security work.
  • Hands-on experience administering, monitoring, or tuning enterprise security tools such as DLP, insider risk, UEBA, email security, endpoint security, cloud security posture, secrets detection, SIEM, or case management platforms.
  • Experience supporting data protection controls across cloud, SaaS, endpoint, email, repository, data storage, or AI-enabled environments.
  • Experience analyzing alerts, logs, user activity, endpoint activity, email events, cloud findings, repository findings, or data movement patterns.
  • Experience administering end-user computers and troubleshooting issues as they arise.
  • Helpful certifications or training may include Security+, GCIH, GCFE, CDPSE, CIPP/US, AIGP, CCSK, Microsoft SC-401, or insider risk training, but they are not required.

Required Knowledge & Skills

  • Knowledge of DLP, insider risk, UEBA, email security, cloud exposure, secrets detection, endpoint telemetry, and common exfiltration paths.
  • Ability to configure, tune, and troubleshoot tools such as Cyberhaven, Proofpoint, Orca, GitGuardian, CrowdStrike, Splunk, or similar platforms.
  • Understanding of PHI, PII, ePHI, confidential business data, intellectual property, credentials, and regulated data handling.
  • Ability to investigate alerts systematically, separate signal from noise, document findings, and escalate appropriately.
  • Strong judgment, discretion, and integrity when handling sensitive information.
  • Clear written and verbal communication skills for both technical and non-technical stakeholders.
  • Ability to work independently, follow through on commitments, and manage competing priorities.
  • Familiarity with Microsoft Purview eDiscovery and ticketing systems such as ServiceNow and Jira.
Similar roles

Keep a backup shortlist.

Browse stack
Claude, Jetpack Compose 9 accepted countries
Senior/Lead Android EngineerBumble
Jun 15, 2026 WithMira apply
View role
Java, Python 5 accepted countries
Application Security Engineer (Tech Lead)Morgan Stanley
Jun 17, 2026 WithMira apply
View role
Java, Python 5 accepted countries
Application Security Engineer (Tech Lead)Morgan Stanley
Jun 17, 2026 WithMira apply
View role
Java, Python 5 accepted countries
Application Security Engineer (Middle)Morgan Stanley
Jun 17, 2026 WithMira apply
View role
FocusInformation Security EngineeringRole area
Seniority signalSeniorCandidate level
StackSparkPrimary skills
Location62 accepted countriesEligibility

Stack

Use these tags to compare similar remote roles.

Spark

Location eligibility

Candidates should apply only when their profile country is listed here.

Your profileCountry not setSign in to check your country against this role.
View all 62 accepted countries
AlgeriaArgentinaAustraliaBangladeshBotswanaBrazilCanadaChileChinaColombiaDenmarkEgyptFinlandFranceGermanyGhanaGreeceIndiaIndonesiaIrelandIsraelItalyJapanKenyaKuwaitMalaysiaMexicoMoroccoNetherlandsNew ZealandNigeriaNorwayOmanPakistanPeruPhilippinesPolandPortugalQatarRomaniaSaudi ArabiaSerbiaSingaporeSouth AfricaSouth KoreaSpainSri LankaSwedenSwitzerlandTaiwanTanzaniaThailandTunisiaUgandaUkraineUnited Arab EmiratesUnited KingdomUruguayUSAVenezuelaVietnamZambia

Hiring flow

WithMira shows the role, then sends candidates to the company application.

1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.
More roles open to AlgeriaMore roles open to ArgentinaMore roles open to AustraliaMore roles open to BangladeshMore Spark roles
Apply on company siteCompany siteOpen link