Insider Risk Analyst (UEBA / Detection Engineering)

Insider Risk Analyst (UEBA / Detection Engineering) - Charlotte, NC*Optomi, in partnership with a client in the financial services space is hiring a Senior Insider Risk Analyst to help build and mature a growing insider risk program. This role is highly technical and focused on behavioral analytics, detection configuration, and investigative support within a Microsoft security environment.This is an opportunity to work in an early-stage program where you will contribute directly to how detections are built, tuned, and interpreted - not just respond to alerts.What You’ll DoMonitor and investigate insider risk alerts across Microsoft Purview, DLP, Defender, and SentinelWrite and optimize KQL queries from scratch to support investigations and detection logicDevelop and refine behavioral detection models and use casesAnalyze user and entity behavior to identify potential insider risk indicatorsConduct end-to-end investigations: alert triage, evidence collection, timeline analysis, and reportingTranslate ambiguous activity into clear hypotheses and investigative pathsTune policies and detections as part of an evolving insider risk programCollaborate with cross-functional teams (Security, Legal, HR), with most stakeholder engagement managed centrallyWhat We’re Looking ForStrong experience with KQL (Kusto Query Language) — ability to write queries from scratchExperience with Microsoft Sentinel, Defender, and/or PurviewBackground in detection engineering, threat hunting, or behavioral analyticsExperience analyzing logs, telemetry, and user activity patternsAbility to interpret behavior, not just respond to alertsExperience forming and testing hypotheses based on incomplete or ambiguous dataStrong critical thinking and investigative skills3–7 years in security analytics, detection engineering, insider risk, or related domainsBackground in environments involving UEBA, SIEM, or behavioral monitoringNice to HaveExperience with insider threat frameworks (e.g., MITRE Insider Risk, CERT/CMU)Exposure to early-stage program building or detection developmentCounterintelligence or investigative background*Open to hiring strong remote candidates