[Remote] Senior Information Security Engineer- DLP/Insider Threat

Note: The job is a remote job and is open to candidates in USA. athenahealth is a company focused on creating a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all. They are seeking a Senior Information Security Engineer- DLP/Insider Threat to protect sensitive data and improve data loss prevention and insider risk capabilities across various platforms. The role involves hands-on engineering tasks, including tool configuration, alert tuning, and cross-functional collaboration to safeguard sensitive information.

Responsibilities

• DLP and insider risk platform operations
• Configure, monitor, and tune DLP, UEBA, DSPM/SSPM, and insider risk controls
• Support tools such as Cyberhaven, Proofpoint, CrowdStrike, and Splunk
• Maintain policies, classifiers, thresholds, exceptions, alert routing, and workflow logic
• Support protection for PHI, PII, confidential business data, IP, credentials, and other sensitive data
• Tooling, telemetry, and troubleshooting
• Troubleshoot tooling issues, endpoint policy behavior, telemetry gaps, alert quality, and coverage concerns
• Validate data flows, integrations, event quality, and control effectiveness with platform owners and security partners
• Identify improvements that reduce false positives, increase detection fidelity, and improve reliability
• Alert triage and investigation
• Triage alerts involving sensitive data movement, endpoint activity, SaaS usage, email exfiltration, external sharing, removable media, personal cloud storage, unusual user behavior, and AI tool usage
• Escalate cases to the Cybersecurity Operations Center as needed
• Correlate findings across security tools when needed
• Data exposure and control improvement
• Investigate data movement and user activity to identify policy tuning opportunities and potential incidents
• Assess potential sensitive data exposure through AI workflows where telemetry is available
• Recommend and help implement improvements that reduce data loss risk while preserving productivity and user experience
• Process, reporting, and cross-functional support
• Maintain playbooks, SOPs, dashboards, metrics, reports, escalation paths, and evidence-handling practices
• Partner with Incident Response, Cloud Security, Access Control, Endpoint Engineering, Privacy, Legal, Compliance, HR, and business stakeholders
• Support alert routing, case workflows, integrations, and automation improvements
• Support audits, control testing, and reporting related to HIPAA, data protection, and information security requirements
• Team support and on-call coverage
• Cross-train team members in tool administration, workflows, and troubleshooting
• Serve as backup support for team responsibilities and workflows
• Participate in 24x7 on-call responsibilities

Skills

• Bachelor's degree or equivalent practical experience
• Strong foundational skills in operating system, hardware, software, and network troubleshooting
• Experience in information security, DLP, insider risk, UEBA, security operations, endpoint security, data/SaaS/AI security posture management, email security, or related technical security work
• Hands-on experience administering, monitoring, or tuning enterprise security tools such as DLP, insider risk, UEBA, email security, endpoint security, cloud security posture, secrets detection, SIEM, or case management platforms
• Experience supporting data protection controls across cloud, SaaS, endpoint, email, repository, data storage, or AI-enabled environments
• Experience analyzing alerts, logs, user activity, endpoint activity, email events, cloud findings, repository findings, or data movement patterns
• Experience administering end-user computers and troubleshooting issues as they arise
• Knowledge of DLP, insider risk, UEBA, email security, cloud exposure, secrets detection, endpoint telemetry, and common exfiltration paths
• Ability to configure, tune, and troubleshoot tools such as Cyberhaven, Proofpoint, Orca, GitGuardian, CrowdStrike, Splunk, or similar platforms
• Understanding of PHI, PII, ePHI, confidential business data, intellectual property, credentials, and regulated data handling
• Ability to investigate alerts systematically, separate signal from noise, document findings, and escalate appropriately
• Strong judgment, discretion, and integrity when handling sensitive information
• Clear written and verbal communication skills for both technical and non-technical stakeholders
• Ability to work independently, follow through on commitments, and manage competing priorities
• Familiarity with Microsoft Purview eDiscovery and ticketing systems such as ServiceNow and Jira
• Helpful certifications or training may include Security+, GCIH, GCFE, CDPSE, CIPP/US, AIGP, CCSK, Microsoft SC-401, or insider risk training, but they are not required

Benefits

• Short and long-term incentives by way of an annual discretionary bonus plan, variable compensation plan, and equity plans
• Health and financial benefits
• Commuter support
• Employee assistance programs
• Tuition assistance
• Employee resource groups
• Collaborative workspaces
• Flexibility
• Sponsor events throughout the year, including book clubs, external speakers, and hackathons
• Company culture based on learning, the support of an engaged team, and an inclusive environment where all employees are valued

Company Overview