Description
The Lead Insider Threat Investigator is responsible for conducting high-risk, complex insider threat investigations involving cybersecurity, financial misconduct, intellectual property theft, unauthorized access, and data exfiltration. This role focuses on investigating identified threats produced by the Information Security Engineering team or from other internal reporting.
The investigator will conduct technical investigations, guide OSINT research, perform subject interviews, evidence collection, data deletion, and asset retrieval, while ensuring adherence to employment law, corporate policies, and regulatory requirements. This role requires deep technical expertise in digital forensics, cloud security, log analysis, and enterprise forensic tools while maintaining strong legal acumen to manage sensitive cases involving corporate risk, HR, and compliance considerations.
A typical day involves:
- Conducting technical investigations to identify and mitigate insider threats
- Guiding OSINT research to gather intelligence on potential threats
- Performing subject interviews to validate findings and gather additional information
- Managing incident response in coordination with Information Security, HR, Legal, and other relevant parties
- Performing custom high-severity data deletions and secure asset retrieval in compliance with legal, regulatory, and corporate policies
The ideal candidate will have 10-12 years of experience in insider threat investigations, security, digital forensics, or related industries. They will have proven experience conducting high-risk, legally sensitive investigations involving corporate executives and critical business functions. They will also have strong expertise in Windows, MacOS, and Chrome OS forensic tools, as well as experience in SQL-based forensic data correlation and behavioral anomaly analysis.
The Lead Insider Threat Investigator will work closely with the Information Security Engineering team to identify and mitigate insider threats. They will also collaborate with Legal, HR, Privacy, and Compliance teams to assess corporate risk, legal exposure, and remediation strategies.
This role requires a strong understanding of technical evidence, forensic artifacts, and the digital environments in which insider threat activities occur. The ideal candidate will have advanced knowledge of Windows Event Viewer, MacOS Console, Chrome OS system logs for forensic evidence retrieval, and comprehension and skills in investigating cloud environments and Kubernetes.
The Lead Insider Threat Investigator will provide clear, structured briefings on high-profile cases to executive leadership and cross-functional security teams. They will also lead post-mortem reviews to refine investigative methodologies and implement lessons learned.
Our commitment to inclusion and belonging:
Airbnb is committed to working with the broadest talent pool possible. We believe diverse ideas foster innovation and engagement, and allow us to attract creatively-led people, and to develop the best products, services and solutions. All qualified individuals are encouraged to apply.