The Senior Investigator role leads and supports investigations involving cyber incidents, insider risk, data loss, unauthorized disclosure, suspicious user activity, employee-related security concerns, high-risk users, and other sensitive matters requiring coordinated handling.
This is an investigation led role. The investigator will triage alerts, scope activity, collect and preserve evidence, correlate technical and behavioral indicators, document findings, brief stakeholders, and recommend proportionate mitigation actions. The role requires incident response judgment, strong documentation, discretion, and working knowledge of SIEM, SOAR, EDR, DLP, identity, endpoint, and threat intelligence tools.
Core Responsibilities
Cyber & Sensitive Investigations
- Lead and support investigations involving cyber incidents, insider-risk alerts, data misuse, policy violations, unauthorized disclosure, suspicious user activity, and other sensitive security matters
- Triage alerts, scope activity, identify affected users, systems, data, and business processes, and determine investigation priority based on risk and impact
- Prepare clear investigation summaries, findings, recommendations, and executive-ready updates for Cyber Security leadership, Legal, HR, Compliance, and business stakeholders
Threat Analysis
- Apply incident response methodology to assess suspicious activity, determine root cause, validate impact, and support containment or remediation actions
- Correlate endpoint, network, identity, cloud, email, and user-behavior evidence to distinguish benign activity from policy violations, compromise, or intentional misuse
- Use threat intelligence and investigative tooling to enrich cases, validate indicators, improve detections, and support proactive risk reduction
Insider Risk Detection & Management
- Identify and assess insider-risk indicators across DLP, UEBA, identity, endpoint, cloud, collaboration, and security monitoring platforms
- Investigate potential data exfiltration, unauthorized access, abnormal file movement, misuse of sensitive information, and risky behavior by employees, contractors, or privileged users
- Monitor high-risk scenarios including employee departures, role changes, privileged access, high-risk travel, sensitive projects, and repeat policy violations
Case Management, Evidence & Documentation
- Maintain complete case documentation from intake through closure, including timeline, evidence sources, investigative actions, findings, risk assessment, and mitigation decisions
- Preserve evidence integrity and maintain chain of custody where required for cyber, employee, legal, or compliance-sensitive matters
- Ensure cases are handled confidentially, consistently, and in alignment with company policy, privac