Detection Engineering Lead

Summary

Join Guardant Health as their Detection Engineering Lead (Insider risk) and play a key role in building a scalable insider risk management program. Lead investigations, develop threat detection processes, and collaborate with cross-functional teams (HR, Legal, Cybersecurity, Technology). Mentor junior analysts, shape workflows, and grow your leadership skills. This role requires a strong technical background in incident response, threat detection, and forensic analysis. You will be responsible for building and maintaining automations, tools, and processes to detect and respond to insider threats. The position offers a hybrid work model.

Requirements

• 5+ years of experience in information security, including hands-on work in insider threat, incident response, threat hunting, and forensic analysis
• 2+ years of experience leading or significantly contributing to an insider threat management program
• Experience conducting end-to-end investigations involving qualitative and quantitative data, forensic analysis, stakeholder interviews, and sensitive material handling
• When submitting your resume, please include the word 'apple' in the message to the hiring team section
• Strong understanding of cybersecurity principles, digital forensics, behavioral analytics, and network security
• Expertise in insider threat detection tools and technologies such as UEBA, SIEM, DLP, and EDR
• Comprehensive knowledge of email security, OS forensics, data loss prevention, and network monitoring
• Proficiency in scripting and automation (e.g., Python, Bash, Go, PowerShell)
• Familiarity with cloud security principles and platforms including AWS, GCP, and/or Azure
• Proven ability to develop and implement insider threat detection strategies, write detection signatures, and enhance SOC processes
• Experience building workflows and governance documentation aligned with insider threat frameworks and industry best practices
• Excellent analytical, problem-solving, and decision-making skills, especially when handling complex or ambiguous situations
• Exceptional communication and interpersonal skills with the ability to convey technical information to both technical and non-technical audiences, including senior leadership and legal counsel
• Strong interpersonal maturity with the ability to influence, collaborate, and build trust across diverse teams
• Proven ability to work independently while aligning to organizational and client objectives

Responsibilities

• Building a well-structured, resilient insider threat program that aligns with business goals and security standards will be central to your success
• Success in this role means developing and maintaining effective automations, workflows, tools, and processes that enable the team to detect and respond to high-risk insider activities with speed and precision
• You’ll excel by working closely with cross-functional teams, ensuring insider risks are accurately classified, reported, and resolved while enhancing incident response procedures
• Your ability to serve as a reliable point of contact for insider risk matters will foster a collaborative, organization-wide approach—ensuring timely updates and smooth alignment with senior leadership
• You’ll demonstrate impact by implementing and overseeing monitoring systems that surface behavioral anomalies, enabling early identification of suspicious insider activities
• You’ll help the organization stay one step ahead by working with awareness teams to identify emerging threat tactics and promote behaviors that reduce the risk of data loss or misuse
• Your ability to break down complex security challenges into clear, understandable messages will empower leaders across the organization to act with confidence
• Success in this role means effectively coordinating with Business Units, Security Operations, HR, Legal, and Compliance teams to ensure insider risks are addressed holistically and remediated efficiently while maintaining strict confidentiality and professionalism in all investigative and advisory activities
• A key measure of success will be your ability to create and maintain meaningful use cases in UEBA and monitoring tools that enable early detection and prioritization of risky behaviors
• By defining relevant metrics and KPIs, you’ll help senior leadership clearly understand program health and progress—your ability to translate data into insights will set you apart
• You’ll elevate the team’s detection capabilities by continuously refining rules, analytics, and detection logic that adapt to evolving threats
• Your strategic mindset will shine as you align the insider risk program roadmap with organizational priorities, ensuring long-term relevance and impact
• You’ll demonstrate strong investigative instincts by identifying and scoping insider risks through detailed analysis, evidence collection, and sound judgment
• Your ability to monitor unauthorized activities while maintaining strict adherence to legal and privacy guidelines will ensure investigative integrity and regulatory compliance
• Evaluating and refining behavioral detection models will be key to your success in staying ahead of shifting insider threat patterns and false positive fatigue
• Your written communication will stand out as you produce intelligence reports that clearly synthesize diverse data points into actionable insights
• You’ll align your team’s projects and goals with the broader organizational strategy—ensuring your insider risk program supports and advances enterprise priorities
• Your mentorship will drive the growth of junior analysts, building a strong team culture rooted in continuous learning and development

Preferred Qualifications

Prior experience in healthcare or high-regulation environments preferred but not required

Benefits

• Hybrid Work Model : At Guardant Health, we have defined days for in-person/onsite collaboration and work-from-home days for individual-focused time. All U.S. employees who live within 50 miles of a Guardant facility will be required to be onsite on Mondays, Tuesdays, and Thursdays
• The US base salary range for this full-time position is $108,800 to $149,600