Information Security Engineer - Insider Risk

A World-Changing Company Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more. The Role As an Insider Threat Detection Engineer, you are responsible for protecting Palantir's people, data, and most sensitive assets across the globe.

Your technical expertise is matched by your integrity and genuine passion for security. You work well on a team, are highly motivated, and thrive on solving problems and taking on new challenges. Your team serves as a critical line of defense, responsible for the 24/7 prevention, detection, and investigation of security events and active threats across Palantir's environment.

This role focuses on all aspects of Detection and Response with a strong emphasis on identifying and mitigating insider risks. Your work will directly impact the success of Palantir's mission by making it difficult for adversaries — both external and internal — to compromise our global network. Core Responsibilities Engineer and automate end-to-end detection and investigation workflows, continuously improving Detection and Response infrastructure Develop alerting and detection strategies to identify malicious or anomalous behavior, including new and novel defensive techniques that adapt to evolving adversary tactics and tradecraft Dissect network, host, memory, and other artifacts originating from multiple operating systems and applications.

Investigate security events and active attacks across the enterprise, uncovering sophisticated threats and identifying patterns of behavior that indicate insider risk Influence and inform security controls designed to safeguard Palantir's most critical assets Partner closely with other members of the Information Security team to lead changes in the company's network defense posture. What We Value Broad exposure to multiple security subject areas, including a strong background in forensics or threat intelligence Deep exposure in Incident Response or Detection Engineering Desire to further the information security community through substantive contributions (e.g. conference talks, blog posts, public tool development, etc.) Comfort in operating autonomously and engaging across business levels to advise on security outcomes.

What We Require Extensive security experience (3+ years) in at least one major platform (e.g. AWS, Azure, Windows, OS X, Linux, etc.) Proficiency in Python (preferred), PowerShell, or similar Familiarity with endpoint telemetry and log sources from at least one major operating system Experience with common SIEM/SOAR platforms and proficiency writing queries against security event data Active TS/SCI security clearance or eligibility to obtain a security clearance.