Senior Detection Engineer, Insider Threat

Details

At Coinbase, our mission is to increase economic freedom in the world. The Security Operations team protects digital assets and customers by combining tooling, automation, and strategic growth. This role sits within Security Operations (CSIRT, Trust & Safety, Threat Intelligence, and Insider Threat) and focuses on building detections, controls, and automations to deter and detect insider threats while improving overall security posture. The role is remote-first with required in-person participation throughout the year (team and company offsites). #LI-Remote

Responsibilities

• Build and implement detections, preventions, security controls, and automations to deter insider threats and improve holistic security posture
• Test and maintain security tooling, particularly for endpoint detection and investigation
• Manipulate logs, tables, and data lakes to engineer custom detections and dashboards
• Link disparate information for aggregation, visualization, and interpretation (query builds, table joins, etc.)
• Collaborate cross-functionally with Security, Infrastructure, IT, and Legal to obtain technical information and advise on downstream impacts of builds/deployments
• Assist with investigations as needed, including rapidly building tools or extending capabilities to aid response efforts

Requirements

• Experience designing and implementing Insider Threat technologies (SIEM, UEBA, DLP) and an understanding of investigations and/or the intelligence cycle
• Comfortable manipulating logs, tables, and data lakes to build custom detections and dashboards
• Mastery of SQL and coding languages like Python; regularly create custom alerts and automations with SOAR
• Comfortable working cross-functionally with infrastructure, IT, and response teams to design and implement technical controls
• Active awareness of the insider threat landscape and understanding of legal, regulatory, and ethical considerations when working with sensitive information
• Discreet, thoughtful, and skilled at coordinating systemic, cross-functional solutions to mitigate risk
• Able to translate complex problems into readily implemented (and preferably automated) solutions
• Excellent verbal and written communication skills; comfortable composing briefs and assessments consumed by leadership and training others
• Team-oriented mindset, able to operate as both novice and expert depending on context
• Empathy and professionalism when working with colleagues on security issues
• 5–10+ years of combined experience in security/technology or other analytic roles

Nice to haves

• Diverse or unconventional background that brings a unique perspective
• Familiarity with blockchains, cryptocurrency, and onchain projects (or strong personal interest/knowledge)
• Experience crafting metrics to quantify intangible risks
• Experience in incident response, data protection, risk management, counterintelligence, fraud detection, intellectual property theft, access and identity management, or IT engineering

Pay & Benefits

• Pay Range: £122,400—£136,000 GBP (target annual salary). Full-time offers also include bonus eligibility, equity eligibility, and benefits.
• Benefits include: private medical insurance, dental insurance, vision vouchers, life assurance, disability/income protection, workplace pension scheme, travel medical policy, ESPP, wellness stipend, mobile/internet reimbursement, connections stipend, learning & development allowance, EAP, fertility benefits, generous time off/leave policy

Additional information

• Candidate application limitation: maximum of four applications within any 30-day period
• Coinbase is an Equal Opportunity Employer and provides reasonable accommodations for applicants with disabilities
• Global data privacy notice and AI disclosure included; select roles may use AI tools for interview pilots, with human review of responses