Detection Engineering Lead (Insider Risk)

Guardant Health is a leading precision oncology company focused on guarding wellness and giving every person more time free from cancer. Founded in 2012, Guardant is transforming patient care and accelerating new cancer therapies by providing critical insights into what drives disease through its advanced blood and tissue tests, real-world data and AI analytics. Guardant tests help improve outcomes across all stages of care, including screening to find cancer early, monitoring for recurrence in early-stage cancer, and treatment selection for patients with advanced cancer. For more information, visit guardanthealth.com and follow the company on LinkedIn, X (Twitter) and Facebook.

This is an exciting opportunity for a technically strong cybersecurity professional looking to take the next step into a leadership role. As Detection Engineering Lead (Insider risk), you will play a central role in helping define and build a scalable insider risk management program from the ground up. You’ll bring your hands-on experience in incident response, threat detection, and forensic analysis to lead investigations and develop processes for detecting and responding to insider threats. This role is ideal for someone ready to expand their scope beyond technical execution and start owning strategy, process design, and stakeholder collaboration. 

In this role, you’ll work closely with cross-functional teams—including HR, Legal, Cybersecurity, and Technology—to assess insider risks, manage cases, and implement mitigation strategies. You’ll also have the chance to mentor junior analysts, shape tooling and workflows, and grow your leadership skills while making a real impact. If you're ready to step up, lead with influence, and build something meaningful, this is the role for you. 

Essential Duties and Responsibilities: 

• Building a well-structured, resilient insider threat program that aligns with business goals and security standards will be central to your success. 
• Success in this role means developing and maintaining effective automations, workflows, tools, and processes that enable the team to detect and respond to high-risk insider activities with speed and precision. 
• You’ll excel by working closely with cross-functional teams, ensuring insider risks are accurately classified, reported, and resolved while enhancing incident response procedures. 
• Your ability to serve as a reliable point of contact for insider risk matters will foster a collaborative, organization-wide approach—ensuring timely updates and smooth alignment with senior leadership. 
• You’ll demonstrate impact by implementing and overseeing monitoring systems that surface behavioral anomalies, enabling early identification of suspicious insider activities. 
• You’ll help the organization stay one step ahead by working with awareness teams to identify emerging threat tactics and promote behaviors that reduce the risk of data loss or misuse. 
• Your ability to break down complex security challenges into clear, understandable messages will empower leaders across the organization to act with confidence. 
• Success in this role means effectively coordinating with Business Units, Security Operations, HR, Legal, and Compliance teams to ensure insider risks are addressed holistically and remediated efficiently while maintaining strict confidentiality and professionalism in all investigative and advisory activities. 
• A key measure of success will be your ability to create and maintain meaningful use cases in UEBA and monitoring tools that enable early detection and prioritization of risky behaviors. 
• By defining relevant metrics and KPIs, you’ll help senior leadership clearly understand program health and progress—your ability to translate data into insights will set you apart. 
• You’ll elevate the team’s detection capabilities by continuously refining rules, analytics, and detection logic that adapt to evolving threats. 
• Your strategic mindset will shine as you align the insider risk program roadmap with organizational priorities, ensuring long-term relevance and impact. 
• You’ll demonstrate strong investigative instincts by identifying and scoping insider risks through detailed analysis, evidence collection, and sound judgment. 
• Your ability to monitor unauthorized activities while maintaining strict adherence to legal and privacy guidelines will ensure investigative integrity and regulatory compliance. 
• Evaluating and refining behavioral detection models will be key to your success in staying ahead of shifting insider threat patterns and false positive fatigue. 
• Your written communication will stand out as you produce intelligence reports that clearly synthesize diverse data points into actionable insights. 
• You’ll align your team’s projects and goals with the broader organizational strategy—ensuring your insider risk program supports and advances enterprise priorities. 
• Your mentorship will drive the growth of junior analysts, building a strong team culture rooted in continuous learning and development. 

• 5+ years of experience in information security, including hands-on work in insider threat, incident response, threat hunting, and forensic analysis. 
• 2+ years of experience leading or significantly contributing to an insider threat management program.
• Experience conducting end-to-end investigations involving qualitative and quantitative data, forensic analysis, stakeholder interviews, and sensitive material handling. 
• When submitting your resume, please include the word 'Goal' in the message to the hiring team section.
• Prior experience in healthcare or high-regulation environments preferred but not required. 
• Strong understanding of cybersecurity principles, digital forensics, behavioral analytics, and network security. 
• Expertise in insider threat detection tools and technologies such as UEBA, SIEM, DLP, and EDR. 
• Comprehensive knowledge of email security, OS forensics, data loss prevention, and network monitoring. 
• Proficiency in scripting and automation (e.g., Python, Bash, Go, PowerShell). 
• Familiarity with cloud security principles and platforms including AWS, GCP, and/or Azure. 
• Proven ability to develop and implement insider threat detection strategies, write detection signatures, and enhance SOC processes. 
• Experience building workflows and governance documentation aligned with insider threat frameworks and industry best practices. 
• Excellent analytical, problem-solving, and decision-making skills, especially when handling complex or ambiguous situations. 
• Exceptional communication and interpersonal skills with the ability to convey technical information to both technical and non-technical audiences, including senior leadership and legal counsel 
• Strong interpersonal maturity with the ability to influence, collaborate, and build trust across diverse teams. 
• Proven ability to work independently while aligning to organizational and client objectives. 

Hybrid Work Model: At Guardant Health, we have defined days for in-person/onsite collaboration and work-from-home days for individual-focused time. All U.S. employees who live within 50 miles of a Guardant facility will be required to be onsite on Mondays, Tuesdays, and Thursdays. We have found aligning our scheduled in-office days allows our teams to do the best work and creates the focused thinking time our innovative work requires. At Guardant, our work model has created flexibility for better work-life balance while keeping teams connected to advance our science for our patients.

The US base salary range for this full-time position is $108,800 to $149,600. The range does not include benefits, and if applicable, bonus, commission, or equity. The range displayed reflects the minimum and maximum target for new hire salaries across all US locations for the posted role with the exception of any locations specifically referenced below (if any).

Within the range, individual pay is determined by work location and additional factors, including, but not limited to, job-related skills, experience, and relevant education or training. If you are selected to move forward, the recruiting team will provide details specific to the factors above.

Employee may be required to lift routine office supplies and use office equipment. Majority of the work is performed in a desk/office environment; however, there may be exposure to high noise levels, fumes, and biohazard material in the laboratory environment. Ability to sit for extended periods of time.

Guardant Health is committed to providing reasonable accommodations in our hiring processes for candidates with disabilities, long-term conditions, mental health conditions, or sincerely held religious beliefs. If you need support, please reach out to [email protected]

Guardant Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

All your information will be kept confidential according to EEO guidelines.

To learn more about the information collected when you apply for a position at Guardant Health, Inc. and how it is used, please review our Privacy Notice for Job Applicants.

Please visit our career page at: http://www.guardanthealth.com/jobs/